PADS: Practical Attestation for Highly Dynamic Swarm Topologies

Remote attestation protocols are widely used to detect device configuration (e.g., software and/or data) compromise in Internet of Things (IoT) scenarios. Unfortunately, the performances of such protocols are unsatisfactory when dealing with thousands of smart devices. Recently, researchers are focusing on addressing this limitation. The approach is to run attestation in a collective way, with the goal of reducing computation and communication. Despite these advances, current solutions for attestation are still unsatisfactory because of their complex management and strict assumptions concerning the topology (e.g., being time invariant or maintaining a fixed topology). In this paper, we propose PADS, a secure, efficient, and practical protocol for attesting potentially large networks of smart devices with unstructured or dynamic topologies. PADS builds upon the recent concept of non-interactive attestation, by reducing the collective attestation problem into a minimum consensus one. We compare PADS with a state-of-the art collective attestation protocol and validate it by using realistic simulations that show practicality and efficiency. The results confirm the suitability of PADS for low-end devices, and highly unstructured networks.Comment: Submitted to ESORICS 201

Secure network programming in wireless sensor networks

Network programming is one of the most important applications in Wireless Sensor Networks as It provides an efficient way to update program Images running on sensor nodes without physical access to them. Securing these updates, however, remains a challenging and important issue, given the open deployment environment of sensor nodes. Though several security schemes have been proposed to impose the authenticity and Integrity protection on network programming applications, they are either energy Inefficient as they tend to use digital signature or lacks the data confidentiality. In addition, due to the absence of secure memory management in the current sensor hardware, the attacker could inject malicious code into the program flash by exploiting buffer overflow In the memory despite the secure code dissemination. The contribution of this thesis Is to provide two software-based security protocols and one hardware-based remote attestation protocol for network programming application. Our first protocol deploys multiple one-way key chains for a multi-hop sensor network. The scheme Is shown to be lower In computational, power consumption and communication costs yet still able to secure multi•hop propagation of program images. Our second protocol utilizes an Iterative hash structure to the data packets in network programming application, ensuring the data confidentiality and authenticity. In addition, we Integrated confidentiality and DoS-attack-resistance in a multi•hop code dissemination protocol. Our final solution is a hardware-based remote attestation protocol for verification of running codes on sensor nodes. An additional piece of tamper-proof hardware, Trusted Platform Module (TPM), is imposed into the sensor nodes. It secures the sensitive information (e.g., the session key) from attackers and monitors any platform environment changes with the Internal registers. With these features of TPM, the code Injection attack could be detected and removed when the contaminated nodes are challenged in our remote attestation protocol. We implement the first two software-based protocols with Deluge as the reference network programming protocol in TinyOS, evaluate them with the extensive simulation using TOSSIM and validate the simulation results with experiments using Tmote. We implement the remote attestation protocol on Fleck, a sensor platform developed by CSIRO that Integrates an Atmel TPM chip

RADIS: Remote Attestation of Distributed IoT Services

Remote attestation is a security technique through which a remote trusted party (i.e., Verifier) checks the trustworthiness of a potentially untrusted device (i.e., Prover). In the Internet of Things (IoT) systems, the existing remote attestation protocols propose various approaches to detect the modified software and physical tampering attacks. However, in an interoperable IoT system, in which IoT devices interact autonomously among themselves, an additional problem arises: a compromised IoT service can influence the genuine operation of other invoked service, without changing the software of the latter. In this paper, we propose a protocol for Remote Attestation of Distributed IoT Services (RADIS), which verifies the trustworthiness of distributed IoT services. Instead of attesting the complete memory content of the entire interoperable IoT devices, RADIS attests only the services involved in performing a certain functionality. RADIS relies on a control-flow attestation technique to detect IoT services that perform an unexpected operation due to their interactions with a malicious remote service. Our experiments show the effectiveness of our protocol in validating the integrity status of a distributed IoT service.Comment: 21 pages, 10 figures, 2 table

Toward trusted wireless sensor networks

This article presents the design and implementation of a trusted sensor node that provides Internet-grade security at low system cost. We describe trustedFleck, which uses a commodity Trusted Platform Module (TPM) chip to extend the capabilities of a standard wireless sensor node to provide security services such as message integrity, confidentiality, authenticity, and system integrity based on RSA public-key and XTEA-based symmetric-key cryptography. In addition trustedFleck provides secure storage of private keys and provides platform configuration registers (PCRs) to store system configurations and detect code tampering. We analyze system performance using metrics that are important for WSN applications such as computation time, memory size, energy consumption and cost. Our results show that trustedFleck significantly outperforms previous approaches (e.g., TinyECC) in terms of these metrics while providing stronger security levels. Finally, we describe a number of examples, built on trustedFleck, of symmetric key management, secure RPC, secure software update, and remote attestation

Secure Code Update for Embedded Devices via Proofs of Secure Erasure

Abstract. Remote attestation is the process of verifying internal state of a remote embedded device. It is an important component of many security protocols and applications. Although previously proposed re-mote attestation techniques assisted by specialized secure hardware are effective, they not yet viable for low-cost embedded devices. One no-table alternative is software-based attestation, that is both less costly and more efficient. However, recent results identified weaknesses in some proposed software-based methods, thus showing that security of remote software attestation remains a challenge. Inspired by these developments, this paper explores an approach that relies neither on secure hardware nor on tight timing constraints typi-cal of software-based technqiques. By taking advantage of the bounded memory/storage model of low-cost embedded devices and assuming a small amount of read-only memory (ROM), our approach involves a new primitive – Proofs of Secure Erasure (PoSE-s). We also show that, even though it is effective and provably secure, PoSE-based attestation is not cheap. However, it is particularly well-suited and practical for two other related tasks: secure code update and secure memory/storage erasure. We consider several flavors of PoSE-based protocols and demonstrate their feasibility in the context of existing commodity embedded devices.

A survey on cyber security for smart grid communications

A smart grid is a new form of electricity network with high fidelity power-flow control, self-healing, and energy reliability and energy security using digital communications and control technology. To upgrade an existing power grid into a smart grid, it requires significant dependence on intelligent and secure communication infrastructures. It requires security frameworks for distributed communications, pervasive computing and sensing technologies in smart grid. However, as many of the communication technologies currently recommended to use by a smart grid is vulnerable in cyber security, it could lead to unreliable system operations, causing unnecessary expenditure, even consequential disaster to both utilities and consumers. In this paper, we summarize the cyber security requirements and the possible vulnerabilities in smart grid communications and survey the current solutions on cyber security for smart grid communications. © 2012 IEEE