1 research outputs found
Probabilistic and Considerate Attestation of IoT Devices against Roving Malware
Remote Attestation (RA) is a popular means of detecting malware presence (or verifying its absence) on embedded
and IoT devices. It is especially relevant to low-end devices that are incapable of protecting themselves against infection.
Malware that is aware of ongoing or impending attestation and aims to avoid detection
can relocate itself during computation of the attestation measurement. In order to thwart such behavior,
prior RA techniques are either non-interruptible or explicitly forbid modification of storage during measurement
computation. However, since the latter can be a time-consuming task, this curtails availability of device\u27s other
(main) functions, which is especially undesirable, or even dangerous, for devices with time- and/or safety-critical missions.
In this paper, we propose SMARM, a light-weight technique, based on shuffled measurements, as a defense against
roving malware. In SMARM, memory is measured in a randomized and secret order. This does not impact device\u27s availability --
the measurement process can be interrupted, even by malware, which can relocate itself at will. We analyze various
malware behaviors and show that, while malware can escape detection in a single attestation instance, it is
highly unlikely to avoid eventual detection