ABSTRACT
Internet of Things (IoT) technology promises to bring new value creation opportunities across all major industrial sectors. This will yield industries to deploy more devices into their networks. A key pillar to ensure the safety and security of the running services on these devices is remote attestation. Unfortunately,existing solutions fail to cope with the recent challenges raised by large IoT networks. In particular, the heterogeneity of the devices used in the network affects the performance of a remote attestation protocol. Another challenge in these networks is their dynamic nature: More IoT devices may be added gradually over time. This poses a problem in terms of key management in remote attestation.
We propose FADIA, the first lightweight collaborative remote attestation protocol that is designed with fairness in mind. FADIA enables fair distribution of load/tasks on the attesting devices to achieve better performance. We also leverage the Eschenauer-Gligor scheme to enable efficient addition of devices to the network. We implement our solution on heterogeneous embedded devices and evaluate it in real scenarios. The evaluation shows that FADIA can (i) increase the lifetime of a network by an order of magnitude and (ii) decrease the remote attestation runtime by a factor of 1.6.
- T. Abera, N. Asokan, L. Davi, J. E. Ekberg, T. Nyman, A. Paverd, A. R. Sadeghi, and G. Tsudik. 2016. C-FLAT: Control-Flow Attestation for Embedded Systems Software. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16). Association for Computing Machinery.Google Scholar
- M. Ambrosin, M. Conti, A. Ibrahim, G. Neven, A. R. Sadeghi, and M. Schunter. 2016. SANA: Secure and Scalable Aggregate Network Attestation. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16). Association for Computing Machinery.Google Scholar
- M. Ambrosin, M. Conti, R. Lazzeretti, M. M. Rabbani, and S. Ranise. 2018. PADS: Practical Attestation for Highly Dynamic Swarm Topologies. In 2018 International Workshop on Secure Internet of Things (SIoT).Google Scholar
- C. Andrei, Z. Jonas, F. Aurélien, and B. Davide. 2014. A Large-Scale Analysis of the Security of Embedded Firmwares. In 23rd USENIX Security Symposium (USENIX Security 14). USENIX Association.Google Scholar
- N. Asokan, F. Brasser, A. Ibrahim, A. R. Sadeghi, M. Schunter, G. Tsudik, and C. Wachsmann. 2015. SEDA: Scalable Embedded Device Attestation. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS '15). Association for Computing Machinery.Google Scholar
- F. Brasser, B. El Mahjoub, A. Sadeghi, C. Wachsmann, and P. Koeberl. 2015. TyTAN: Tiny trust anchor for tiny devices. In 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).Google Scholar
- X. Carpent, K. ElDefrawy, N. Rattanavipanon, and G. Tsudik. 2017. Lightweight Swarm Attestation: A Tale of Two LISA-s. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS '17). Association for Computing Machinery.Google Scholar
- X. Carpent, G. Tsudik, and N. Rattanavipanon. 2018. ERASMUS: Efficient remote attestation via self-measurement for unattended settings. In 2018 Design, Automation Test in Europe Conference Exhibition (DATE).Google Scholar
- M. Conti, R. Di Pietro, A. Gabrielli, L. V. Mancini, and A. Mei. 2010. The Smallville Effect: Social Ties Make Mobile Networks More Secure against Node Capture Attack. In Proceedings of the 8th ACM International Workshop on Mobility Management and Wireless Access (MobiWac '10). Association for Computing Machinery.Google Scholar
- M. Conti, R. Di Pietro, L. Vincenzo Mancini, and A. Mei. 2008. Emergent Properties: Detection of the Node-Capture Attack in Mobile Wireless Sensor Networks. In Proceedings of the First ACM Conference on Wireless Network Security (WiSec '08). Association for Computing Machinery.Google Scholar
- Moteiv Corporation. 2016. Tmote Sky Details. "http://www.snm.ethz.ch/snmwiki/pub/uploads/Projects/tmote_sky_datasheet.pdf".Google Scholar
- The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC). December 28, 2016. "Mirai Botnet". Retrieved 28 December 2016..Google Scholar
- K. M. El Defrawy, N. Rattanavipanon, and G. Tsudik. 2017. HYDRA: hybrid design for remote attestation (using a formally verified microkernel). Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (2017).Google ScholarDigital Library
- G. Dessouky, S. Zeitouni, T. Nyman, A. Paverd, L. Davi, P. Koeberl, N. Asokan, and A. R. Sadeghi. 2017. LO-FAT: Low-Overhead Control Flow ATtestation in Hardware. In Proceedings of the 54th Annual Design Automation Conference 2017 (DAC '17). Association for Computing Machinery.Google Scholar
- E. Dushku, M. M. Rabbani, M. Conti, L. V. Mancini, and S. Ranise. 2020. SARA: Secure Asynchronous Remote Attestation for IoT Systems. IEEE Transactions on Information Forensics and Security (2020).Google Scholar
- K. Eldefrawy, A. Francillon, D. Perito, and G. Tsudik. 2012. SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust. In NDSS 2012, 19th Annual Network and Distributed System Security Symposium, February 5-8, San Diego, USA.Google Scholar
- L. Eschenauer and V. D. Gligor. 2002. A Key-Management Scheme for Distributed Sensor Networks. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS '02). Association for Computing Machinery.Google Scholar
- A. Francillon, Q. Nguyen, K. B. Rasmussen, and G. Tsudik. 2014. A minimalist approach to Remote Attestation. In 2014 Design, Automation Test in Europe Conference Exhibition (DATE).Google Scholar
- W. He, M. Golla, R. Padhi, J. Ofek, M. Dürmuth, E. Fernandes, and B. Ur. 2018. Rethinking Access Control and Authentication for the Home Internet of Things (IoT). In Proceedings of the 27th USENIX Conference on Security Symposium (SEC'18). USENIX Association.Google Scholar
- A. Ibrahim, A. R. Sadeghi, G. Tsudik, and S. Zeitouni. 2016. DARPA: Device Attestation Resilient to Physical Attacks. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec '16). Association for Computing Machinery.Google Scholar
- V. Immler, J. Obermaier, K. Kuan Ng, F. Xiang Ke, J. Lee, Y. Peng Lim, W. Koon Oh, K. Hoong Wee, and G. Sigl. 2018. Secure Physical Enclosures from Covers with Tamper-Resistance. IACR Transactions on Cryptographic Hardware and Embedded Systems (2018).Google Scholar
- C. Kil, E. C. Sezer, A. M. Azab, P. Ning, and X. Zhang. 2009. Remote attestation to dynamic system properties: Towards providing complete system integrity evidence. In 2009 IEEE/IFIP International Conference on Dependable Systems Networks.Google Scholar
- W. Kim and I. Jung. 2019. Smart Sensing Period for Efficient Energy Consumption in IoT Network. Sensors (2019).Google Scholar
- P. Koeberl, S. Patrick, S. Schulz, A. R. Sadeghi, and V. Varadharajan. 2014. TrustLite: A Security Architecture for Tiny Embedded Devices. In Proceedings of the Ninth European Conference on Computer Systems (EuroSys '14). Association for Computing Machinery.Google Scholar
- F. Kohnhäuser, N. Büscher, S. Gabmeyer, and S. Katzenbeisser. 2017. SCAPI: A Scalable Attestation Protocol to Detect Software and Physical Attacks. In Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '17). Association for Computing Machinery.Google Scholar
- F. Kohnhäuser, N. Büscher, and S. Katzenbeisser. 2018. SALAD: Secure and Lightweight Attestation of Highly Dynamic and Disruptive Networks. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security (ASIACCS '18). Association for Computing Machinery.Google Scholar
- F. Kohnhäuser, N. Büscher, and S. Katzenbeisser. 2019. A Practical Attestation Protocol for Autonomous Embedded Systems. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P).Google Scholar
- S. Mahfoudh and P. Minet. 2008. Survey of Energy Efficient Strategies in Wireless Ad Hoc and Sensor Networks. In Seventh International Conference on Networking (icn 2008).Google Scholar
- IHS Markit. 2017. Number of Connected IoT Devices Will Surge to 125 Billion by 2030, IHS Markit Says. https://news.ihsmarkit.com/prviewer/release_only/slug/number-connected-iot-devices-will-surge-125-billion-2030-ihs-markit-says.Google Scholar
- S. Moein, T. Aaron Gulliver, F. Gebali, and A. Alkandari. 2017. Hardware Attack Mitigation Techniques Analysis. International Journal on Cryptography and Information Security (2017).Google Scholar
- J. Noorman, J. Van Bulck, J. Tobias Mühlberg, F. Piessens, P. Maene, B. Preneel, I. Verbauwhede, J. Götzfried, T. Müller, and F. Freiling. 2017. Sancus 2.0: A Low-Cost Security Architecture for IoT Devices. ACM Trans. Priv. Secur. (2017).Google Scholar
- M. M. Rabbani, J. Vliegen, J. Winderickx, M. Conti, and N. Mentens. 2019. SHeLA: Scalable Heterogeneous Layered Attestation. IEEE Internet of Things Journal (2019).Google Scholar
- S. Ravi, A. Raghunathan, and S. Chakradhar. 2004. Tamper resistance mechanisms for secure embedded systems. In 17th International Conference on VLSI Design. Proceedings.Google Scholar
- V. Roblek, M. Meško, and A. Krapež. 2016. A Complex View of Industry 4.0. SAGE Open 2 (2016).Google Scholar
- S. Skorobogatov. 2011. Physical Attacks on Tamper Resistance: Progress and Lessons. 2nd ARO Special Workshop on HW Assurance, Washington DC.Google Scholar
- S. Skorobogatov. 2012. Physical Attacks and Tamper Resistance. Springer New York.Google Scholar
- A. Varga and R. Hornig. 2008. An Overview of the OMNeT++ Simulation Environment. In Proceedings of the 1st International Conference on Simulation Tools and Techniques for Communications, Networks and Systems & Workshops (Simutools '08). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering).Google Scholar
- S. Zeitouni, G. Dessouky, O. Arias, D. Sullivan, A. Ibrahim, Y. Jin, and A. Sadeghi. 2017. ATRIUM: Runtime attestation resilient under memory attacks. In 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).Google Scholar
Index Terms
- FADIA: fairness-driven collaborative remote attestation
Recommendations
AutoCert: Automated TOCTOU-secure digital certification for IoT with combined authentication and assurance
AbstractThe Internet of Things (IoT) network is comprised of heterogeneous devices which are part of critical infrastructures throughout the world. To enable end-to-end security, the Public Key Infrastructure (PKI) is undergoing advancements ...
Privilege-Based Remote Attestation: Towards Integrity Assurance for Lightweight Clients
IoTPTS '15: Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and SecurityRemote attestation is used to assure the integrity of a trusted platform (prover) to a remote party (challenger). Traditionally, plain binary attestation (i.e., attesting the integrity of software by measuring their binaries) is the method of choice. ...
Analysis of existing remote attestation techniques
This paper has been written as a part of the research project that is working towards the implementation of dynamic behavioral attestation for mobile platforms. The motivation behind this paper was to analyze the existing remote attestation techniques ...
Comments