Salvatore Frontera
ABSTRACT
Nowadays, Internet of Things (IoT) devices are widely used in several application scenarios. Due to their cheap structure, they often do not guarantee high security standard, making them prone to hacker attacks. Remote attestation is widely used to verify the configuration integrity on remote devices. Unfortunately, checking the integrity of each single device is impractical, thus several collective remote attestation protocols have been recently proposed to efficiently run attestations in wide device swarms. However, current solutions still have several limitations in terms of network topology, scalability, and efficiency.
This paper presents a new efficient collective remote attestation protocol for highly dynamic networks. Our protocol is implemented according to the self-attestation procedure, where devices iteratively establish a common view of the integrity of the network through a consensus mechanism. Differently from previous protocols, we leverage on Bloom filters, which permits to drastically reduce the message size for communication and to be more flexible with mobile nodes that can also join or leave the swarm. We evaluate our proposal through several simulations and experiments, showing that it outperforms the state of the art.
- 2011. MiXiM framework for Omnet++. http://mixim.sourceforge.net/Google Scholar
- M. Ambrosin, M. Conti, A. Ibrahim, G. Neven, A.-R. Sadeghi, and M. Schunter. 2016. SANA: secure and scalable aggregate network attestation. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 731–742.Google Scholar
- M. Ambrosin, M. Conti, R. Lazzeretti, M. Rabbani, and S. Ranise. 2020. Collective Remote Attestation at the Internet of Things Scale: State-of-the-art and Future Challenges. IEEE Communications Surveys & Tutorials 22, 4 (2020), 2447–2461.Google ScholarCross Ref
- M. Ambrosin, M. Conti, R. Lazzeretti, Md M. Rabbani, and S. Ranise. 2018. PADS: practical attestation for highly dynamic swarm topologies. In International Workshop on Secure Internet of Things (SIoT). IEEE, 18–27.Google Scholar
- N. Asokan, F. Brasser, A. Ibrahim, A. Sadeghi, M. Schunter, G. Tsudik, and C. Wachsmann. 2015. SEDA: Scalable embedded device attestation. In ACM SIGSAC Conference on Computer and Communications Security. 964–975.Google Scholar
- B.H. Bloom. 1970. Space/time trade-offs in hash coding with allowable errors. Communications of the ACM 13, 7 (1970), 422–426.Google ScholarDigital Library
- S. Dharmapurikar, P. Krishnamurthy, T.S. Sproull, and J.W. Lockwood. 2004. Deep packet inspection using parallel bloom filters. IEEE Micro 24, 1 (2004), 52–61. https://doi.org/10.1109/MM.2004.1268997Google ScholarDigital Library
- A.G. Dimakis, S. Kar, J.M.F. Moura, M.G. Rabbat, and A. Scaglione. 2010. Gossip algorithms for distributed signal processing. Proceedings of the IEEE 98, 11 (2010), 1847–1864.Google ScholarCross Ref
- A. Ibrahim, A. Sadeghi, and S. Zeitouni. 2017. SeED: secure non-interactive attestation for embedded devices. In ACM Conference on Security and Privacy in Wireless and Mobile Networks. 64–74.Google Scholar
- A. Kirsch and M. Mitzenmacher. 2008. Less hashing, same performance: Building a better Bloom filter. Random Structures & Algorithms 33, 2 (2008), 187–218.Google ScholarDigital Library
- P. Koeberl, S. Schulz, A. Sadeghi, and V. Varadharajan. 2014. TrustLite: A security architecture for tiny embedded devices. In European Conference on Computer Systems. 1–14.Google Scholar
- F. Kohnhäuser, N. Büscher, S. Gabmeyer, and S. Katzenbeisser. 2017. Scapi: a scalable attestation protocol to detect software and physical attacks. In Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 75–86.Google Scholar
- F. Kohnhäuser, N. Büscher, and S. Katzenbeisser. 2018. SALAD: Secure and lightweight attestation of highly dynamic and disruptive networks. In Asia Conference on Computer and Communications Security. 329–342.Google Scholar
- M.b. Mohamad Noor and W.H. Hassan. 2019. Current research on Internet of Things (IoT) security: A survey. Computer Networks 148(2019), 283–294. https://doi.org/10.1016/j.comnet.2018.11.025Google ScholarCross Ref
- N. Neshenko, E. Bou-Harb, J. Crichigno, G. Kaddoum, and N. Ghani. 2019. Demystifying IoT security: an exhaustive survey on IoT vulnerabilities and a first empirical look on internet-scale IoT exploitations. IEEE Communications Surveys & Tutorials 21, 3 (2019), 2702–2733.Google ScholarCross Ref
- R. Olfati-Saber and R.M. Murray. 2004. Consensus problems in networks of agents with switching topology and time-delays. IEEE Transactions on automatic control 49, 9 (2004), 1520–1533.Google ScholarCross Ref
- R. Olfati-Saber and J.S. Shamma. 2005. Consensus filters for sensor networks and distributed sensor fusion. In IEEE Conference on Decision and Control. IEEE, 6698–6703.Google Scholar
- R. Patgiri, S. Nayak, and S.K. Borgohain. 2018. Preventing ddos using bloom filter: A survey. arXiv preprint arXiv:1810.06689(2018).Google Scholar
- M. Stanislav and T. Beardsley. 2015. Hacking IoT: A case study on baby monitor exposures and vulnerabilities. Rapid7 Report (2015).Google Scholar
- D. Starobinski, A. Trachtenberg, and S. Agarwal. 2003. Efficient PDA synchronization. IEEE Transactions on Mobile Computing 2, 1 (2003), 40–51.Google ScholarDigital Library
- R.V. Steiner and E. Lupu. 2016. Attestation in wireless sensor networks: A survey. ACM Computing Surveys (CSUR) 49, 3 (2016), 1–31.Google ScholarDigital Library
- S.J. Swamidass and P. Baldi. 2007. Mathematical correction for fingerprint similarity measures to improve chemical retrieval. Journal of chemical information and modeling 47, 3 (2007), 952–964.Google ScholarCross Ref
- H. Wu, H.C. Hsiao, and Y.C. Hu. 2014. Efficient large flow detection over arbitrary windows: An algorithm exact outside an ambiguity region. In Proceedings of the 2014 Conference on Internet Measurement Conference. 209–222.Google Scholar
- V. Yadav and M.V. Salapaka. 2007. Distributed protocol for determining when averaging consensus is reached. In Allerton Conference on communication, control, and computing. 715–720.Google Scholar
- F. Yamaguchi and H. Nishi. 2013. Hardware-based hash functions for network applications. In IEEE International Conference on Networks (ICON). IEEE, 1–6.Google Scholar
- Z.-K. Zhang, M.C.Y. Cho, C.W. Wang, C.W. Hsu, C.K. Chen, and S. Shieh. 2014. IoT security: ongoing challenges and research opportunities. In 2014 IEEE 7th international conference on service-oriented computing and applications. IEEE, 230–234.Google Scholar
- J. Zheng and M.J. Lee. 2006. A comprehensive performance study of IEEE 802.15.4. Sensor network operations 4 (2006), 218–237.Google Scholar
Recommendations
Flexible Mechanisms for Remote Attestation
Remote attestation consists of generating evidence of a system’s integrity via measurements and reporting the evidence to a remote party for appraisal in a form that can be trusted. The parties that exchange information must agree on formats and ...
Analysis of existing remote attestation techniques
This paper has been written as a part of the research project that is working towards the implementation of dynamic behavioral attestation for mobile platforms. The motivation behind this paper was to analyze the existing remote attestation techniques ...
Credibility Attestation of Property Remote Attestation Method
FITME '09: Proceedings of the 2009 Second International Conference on Future Information Technology and Management EngineeringDuring the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of ...
Comments