320 research outputs found
Anonymous Attestation for IoT
Internet of Things (IoT) have seen tremendous growth and are being deployed pervasively in areas such as home, surveillance, health-care and transportation. These devices collect and process sensitive data with respect to user\u27s privacy. Protecting the privacy of the user is an essential aspect of security, and anonymous attestation of IoT devices are critical to enable privacy-preserving mechanisms. Enhanced Privacy ID (EPID) is an industry-standard cryptographic scheme that offers anonymous attestation. It is based on group signature scheme constructed from bilinear pairings, and provides anonymity and sophisticated revocation capabilities (private-key based revocation and signature-based revocation). Despite the interesting privacy-preserving features, EPID operations are very computational and memory intensive. In this paper, we present a small footprint anonymous attestation solution based on EPID that can meet the stringent resource requirements of IoT devices. A specific modular-reduction technique targeting the EPID prime number has been developed resulting in 50% latency reduction compared to conventional reduction techniques. Furthermore, we developed a multi-exponentiation technique that significantly reduces the runtime memory requirements. Our proposed design can be implemented as SW-only, or it can utilize an integrated Elliptic Curve and Galois Field HW accelerator. The EPID SW stack has a small object code footprint of 22kB. We developed a prototype on a 32-bit microcontroller that computes EPID signature generation in 17.9s at 32MHz
PADS: Practical Attestation for Highly Dynamic Swarm Topologies
Remote attestation protocols are widely used to detect device configuration
(e.g., software and/or data) compromise in Internet of Things (IoT) scenarios.
Unfortunately, the performances of such protocols are unsatisfactory when
dealing with thousands of smart devices. Recently, researchers are focusing on
addressing this limitation. The approach is to run attestation in a collective
way, with the goal of reducing computation and communication. Despite these
advances, current solutions for attestation are still unsatisfactory because of
their complex management and strict assumptions concerning the topology (e.g.,
being time invariant or maintaining a fixed topology). In this paper, we
propose PADS, a secure, efficient, and practical protocol for attesting
potentially large networks of smart devices with unstructured or dynamic
topologies. PADS builds upon the recent concept of non-interactive attestation,
by reducing the collective attestation problem into a minimum consensus one. We
compare PADS with a state-of-the art collective attestation protocol and
validate it by using realistic simulations that show practicality and
efficiency. The results confirm the suitability of PADS for low-end devices,
and highly unstructured networks.Comment: Submitted to ESORICS 201
Proof of Luck: an Efficient Blockchain Consensus Protocol
In the paper, we present designs for multiple blockchain consensus primitives
and a novel blockchain system, all based on the use of trusted execution
environments (TEEs), such as Intel SGX-enabled CPUs. First, we show how using
TEEs for existing proof of work schemes can make mining equitably distributed
by preventing the use of ASICs. Next, we extend the design with proof of time
and proof of ownership consensus primitives to make mining energy- and
time-efficient. Further improving on these designs, we present a blockchain
using a proof of luck consensus protocol. Our proof of luck blockchain uses a
TEE platform's random number generation to choose a consensus leader, which
offers low-latency transaction validation, deterministic confirmation time,
negligible energy consumption, and equitably distributed mining. Lastly, we
discuss a potential protection against up to a constant number of compromised
TEEs.Comment: SysTEX '16, December 12-16, 2016, Trento, Ital
Caveat (IoT) Emptor: Towards Transparency of IoT Device Presence (Full Version)
As many types of IoT devices worm their way into numerous settings and many
aspects of our daily lives, awareness of their presence and functionality
becomes a source of major concern. Hidden IoT devices can snoop (via sensing)
on nearby unsuspecting users, and impact the environment where unaware users
are present, via actuation. This prompts, respectively, privacy and
security/safety issues. The dangers of hidden IoT devices have been recognized
and prior research suggested some means of mitigation, mostly based on traffic
analysis or using specialized hardware to uncover devices. While such
approaches are partially effective, there is currently no comprehensive
approach to IoT device transparency. Prompted in part by recent privacy
regulations (GDPR and CCPA), this paper motivates and constructs a
privacy-agile Root-of-Trust architecture for IoT devices, called PAISA:
Privacy-Agile IoT Sensing and Actuation. It guarantees timely and secure
announcements about IoT devices' presence and their capabilities. PAISA has two
components: one on the IoT device that guarantees periodic announcements of its
presence even if all device software is compromised, and the other that runs on
the user device, which captures and processes announcements. Notably, PAISA
requires no hardware modifications; it uses a popular off-the-shelf Trusted
Execution Environment (TEE) -- ARM TrustZone. This work also comprises a fully
functional (open-sourced) prototype implementation of PAISA, which includes: an
IoT device that makes announcements via IEEE 802.11 WiFi beacons and an Android
smartphone-based app that captures and processes announcements. Both security
and performance of PAISA design and prototype are discussed.Comment: 17 pages, 11 figures. To appear at ACM CCS 202
- …