2,782 research outputs found
Advanced Remote Attestation Protocols for Embedded Systems
Small integrated computers, so-called embedded systems, have become a ubiquitous and indispensable part of our lives. Every day, we interact with a multitude of embedded systems. They are, for instance, integrated in home appliances, cars, planes, medical devices, or industrial systems. In many of these applications, embedded systems process privacy-sensitive data or perform safety-critical operations. Therefore, it is of high importance to ensure their secure and safe operation. However, recent attacks and security evaluations have shown that embedded systems frequently lack security and can often be compromised and misused with little effort. A promising technique to face the increasing amount of attacks on embedded systems is remote attestation. It enables a third party to verify the integrity of a remote device. Using remote attestation, attacks can be effectively detected, which allows to quickly respond to them and thus minimize potential damage. Today, almost all servers, desktop PCs, and notebooks have the required hardware and software to perform remote attestation. By contrast, a secure and efficient attestation of embedded systems is considerably harder to achieve, as embedded systems have to encounter several additional challenges.
In this thesis, we tackle three main challenges in the attestation of embedded systems. First, we address the issue that low-end embedded devices typically lack the required hardware to perform a secure remote attestation. We present an attestation protocol that requires only minimal secure hardware, which makes our protocol applicable to many existing low-end embedded devices while providing high security guarantees. We demonstrate the practicality of our protocol in two applications, namely, verifying code updates in mesh networks and ensuring the safety and security of embedded systems in road vehicles. Second, we target the efficient attestation of multiple embedded devices that are connected in challenging network conditions. Previous attestation protocols are inefficient or even inapplicable when devices are mobile or lack continuous connectivity. We propose an attestation protocol that particularly targets the efficient attestation of many devices in highly dynamic and disruptive networks. Third, we consider a more powerful adversary who is able to physically tamper with the hardware of embedded systems. Existing attestation protocols that address physical attacks suffer from limited scalability and robustness. We present two protocols that are capable of verifying the software integrity as well as the hardware integrity of embedded devices in an efficient and robust way. Whereas the first protocol is optimized towards scalability, the second protocol aims at robustness and is additionally suited to be applied in autonomous networks.
In summary, this thesis contributes to enhancing the security, efficiency, robustness, and applicability of remote attestation for embedded systems
LO-FAT: Low-Overhead Control Flow ATtestation in Hardware
Attacks targeting software on embedded systems are becoming increasingly
prevalent. Remote attestation is a mechanism that allows establishing trust in
embedded devices. However, existing attestation schemes are either static and
cannot detect control-flow attacks, or require instrumentation of software
incurring high performance overheads. To overcome these limitations, we present
LO-FAT, the first practical hardware-based approach to control-flow
attestation. By leveraging existing processor hardware features and
commonly-used IP blocks, our approach enables efficient control-flow
attestation without requiring software instrumentation. We show that our
proof-of-concept implementation based on a RISC-V SoC incurs no processor
stalls and requires reasonable area overhead.Comment: Authors' pre-print version to appear in DAC 2017 proceeding
C-FLAT: Control-FLow ATtestation for Embedded Systems Software
Remote attestation is a crucial security service particularly relevant to
increasingly popular IoT (and other embedded) devices. It allows a trusted
party (verifier) to learn the state of a remote, and potentially
malware-infected, device (prover). Most existing approaches are static in
nature and only check whether benign software is initially loaded on the
prover. However, they are vulnerable to run-time attacks that hijack the
application's control or data flow, e.g., via return-oriented programming or
data-oriented exploits. As a concrete step towards more comprehensive run-time
remote attestation, we present the design and implementation of Control- FLow
ATtestation (C-FLAT) that enables remote attestation of an application's
control-flow path, without requiring the source code. We describe a full
prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone
hardware security extensions. We evaluate C-FLAT's performance using a
real-world embedded (cyber-physical) application, and demonstrate its efficacy
against control-flow hijacking attacks.Comment: Extended version of article to appear in CCS '16 Proceedings of the
23rd ACM Conference on Computer and Communications Securit
FPGA based remote code integrity verification of programs in distributed embedded systems
The explosive growth of networked embedded systems has made ubiquitous and pervasive computing a reality. However, there are still a number of new challenges to its widespread adoption that include scalability, availability, and, especially, security of software. Among the different challenges in software security, the problem of remote-code integrity verification is still waiting for efficient solutions. This paper proposes the use of reconfigurable computing to build a consistent architecture for generation of attestations (proofs) of code integrity for an executing program as well as to deliver them to the designated verification entity. Remote dynamic update of reconfigurable devices is also exploited to increase the complexity of mounting attacks in a real-word environment. The proposed solution perfectly fits embedded devices that are nowadays commonly equipped with reconfigurable hardware components that are exploited to solve different computational problems
PADS: Practical Attestation for Highly Dynamic Swarm Topologies
Remote attestation protocols are widely used to detect device configuration
(e.g., software and/or data) compromise in Internet of Things (IoT) scenarios.
Unfortunately, the performances of such protocols are unsatisfactory when
dealing with thousands of smart devices. Recently, researchers are focusing on
addressing this limitation. The approach is to run attestation in a collective
way, with the goal of reducing computation and communication. Despite these
advances, current solutions for attestation are still unsatisfactory because of
their complex management and strict assumptions concerning the topology (e.g.,
being time invariant or maintaining a fixed topology). In this paper, we
propose PADS, a secure, efficient, and practical protocol for attesting
potentially large networks of smart devices with unstructured or dynamic
topologies. PADS builds upon the recent concept of non-interactive attestation,
by reducing the collective attestation problem into a minimum consensus one. We
compare PADS with a state-of-the art collective attestation protocol and
validate it by using realistic simulations that show practicality and
efficiency. The results confirm the suitability of PADS for low-end devices,
and highly unstructured networks.Comment: Submitted to ESORICS 201
RADIS: Remote Attestation of Distributed IoT Services
Remote attestation is a security technique through which a remote trusted
party (i.e., Verifier) checks the trustworthiness of a potentially untrusted
device (i.e., Prover). In the Internet of Things (IoT) systems, the existing
remote attestation protocols propose various approaches to detect the modified
software and physical tampering attacks. However, in an interoperable IoT
system, in which IoT devices interact autonomously among themselves, an
additional problem arises: a compromised IoT service can influence the genuine
operation of other invoked service, without changing the software of the
latter. In this paper, we propose a protocol for Remote Attestation of
Distributed IoT Services (RADIS), which verifies the trustworthiness of
distributed IoT services. Instead of attesting the complete memory content of
the entire interoperable IoT devices, RADIS attests only the services involved
in performing a certain functionality. RADIS relies on a control-flow
attestation technique to detect IoT services that perform an unexpected
operation due to their interactions with a malicious remote service. Our
experiments show the effectiveness of our protocol in validating the integrity
status of a distributed IoT service.Comment: 21 pages, 10 figures, 2 table
ScaRR: Scalable Runtime Remote Attestation for Complex Systems
The introduction of remote attestation (RA) schemes has allowed academia and
industry to enhance the security of their systems. The commercial products
currently available enable only the validation of static properties, such as
applications fingerprint, and do not handle runtime properties, such as
control-flow correctness. This limitation pushed researchers towards the
identification of new approaches, called runtime RA. However, those mainly work
on embedded devices, which share very few common features with complex systems,
such as virtual machines in a cloud. A naive deployment of runtime RA schemes
for embedded devices on complex systems faces scalability problems, such as the
representation of complex control-flows or slow verification phase.
In this work, we present ScaRR: the first Scalable Runtime Remote attestation
schema for complex systems. Thanks to its novel control-flow model, ScaRR
enables the deployment of runtime RA on any application regardless of its
complexity, by also achieving good performance. We implemented ScaRR and tested
it on the benchmark suite SPEC CPU 2017. We show that ScaRR can validate on
average 2M control-flow events per second, definitely outperforming existing
solutions.Comment: 14 page
- …