RADIS: Remote Attestation of Distributed IoT Services

Remote attestation is a security technique through which a remote trusted party (i.e., Verifier) checks the trustworthiness of a potentially untrusted device (i.e., Prover). In the Internet of Things (IoT) systems, the existing remote attestation protocols propose various approaches to detect the modified software and physical tampering attacks. However, in an interoperable IoT system, in which IoT devices interact autonomously among themselves, an additional problem arises: a compromised IoT service can influence the genuine operation of other invoked service, without changing the software of the latter. In this paper, we propose a protocol for Remote Attestation of Distributed IoT Services (RADIS), which verifies the trustworthiness of distributed IoT services. Instead of attesting the complete memory content of the entire interoperable IoT devices, RADIS attests only the services involved in performing a certain functionality. RADIS relies on a control-flow attestation technique to detect IoT services that perform an unexpected operation due to their interactions with a malicious remote service. Our experiments show the effectiveness of our protocol in validating the integrity status of a distributed IoT service.Comment: 21 pages, 10 figures, 2 table

A Semantic Offsite Construction Digital Twin- Offsite Manufacturing Production Workflow (OPW) Ontology

Offsite Manufacturing (OSM) is a modern and innovative method of construction with the potential to adopt advanced factory production system through a more structured workflow, standardised products, and the use of robotics for automation. However, there have been challenges in quantifying improvements from the conventional method, which leads to the low uptake. The concept of a digital twin (DT) is useful for OSM, which enables production to be represented virtually and visually including all activities associated with it, resources, and workflow involved. Thus, essential information in the product development process such as cost, time, waste, and environmental impacts can be assessed. However, the data required to have accurate results and better-informed decision-making come from heterogeneous data formats (i.e. spreadsheets and BIM models) and across different domains. The inclusion of semantic web technologies such as Linked Data (LD) and Web Ontology Language (OWL) models has proven to better address these challenges especially in terms of interoperability and unambiguous knowledge systematisation. Through an extensive systematic literature review followed up by a case study, an ontology knowledge structure representing the production workflow for OSM is developed. A real-life use case of a semi-automated production line of wall panel production is used to test and demonstrate the benefits of the semantic digital twin in obtaining cost and time data of the manufacturing for assessment. Results demonstrated the potential capability and power of capturing knowledge for an ontology to assess production workflow in terms of cost, time, carbon footprint thereby enabling more informed decision making for continuous improvements

Remote Attestation as a Service for IoT

Remote attestation is a two-party security protocol that aims to detect the presence of malware in a remote untrusted IoT device. In order to perform the attestation, an IoT device typically has to stop the regular operation and perform expensive computations that will consume the battery life of the device. In this paper, we use cloud/fog computing to attest an IoT device in an efficient way. We propose Remote Attestation as a Service (RAaS) which allows even a low-end IoT device to securely offload the attestation process to the cloud. We argue that RAaS allows the clone of the device, securely created in the cloud, to perform the most expensive attestation computations. Our proposed approach could reduce the number of attestation operations running on the real IoT device, saving energy consumption, and reducing the downtime of the usual operation of an IoT device during the execution of remote attestation

SARA: Secure Asynchronous Remote Attestation for IoT systems

Remote attestation has emerged as a valuable security mechanism which aims to verify remotely whether or not a potentially untrusted device has been compromised. The protocols of Remote attestation are particularly important for securing Internet of Things (IoT) systems which, due to the large number of interconnected devices and limited security protections, are susceptible to a wide variety of cyber attacks. To guarantee the integrity of a software running on a single device, remote attestation is usually executed as an uninterrupted procedure: at the attestation time, a device stops the normal operation and executes the attestation of the entire device without interruption. The remote attestation protocols that aim to attest a large number of devices also follow the assumption on uninterrupted execution: when a device attests its network neighbours, each device verified in the neighborhood suspends its normal operation until the attestation protocol is completed. To avoid unnecessary suspension of the normal operation of the devices, this paper proposes a novel Secure Asynchronous Remote Attestation (SARA) protocol that releases the constraint of synchronous interaction among devices. In particular, SARA is an attestation protocol that exploits asynchronous communication capabilities among IoT devices in order to attest a distributed IoT service executed by them. SARA verifies both that each IoT device is not compromised (device trustworthiness), and that the exchanged communication data have not maliciously influence the communicating devices (legitimate operations). By tracing the execution order of each service invocation of an asynchronous distributed service, SARA allows each service to collect accurately historical data of its interactions, and transmits asynchronously such historical data to other interacting services. We have implemented and validated SARA through a realistic simulation on the Contiki emulator that demonstrates the functionality and efficiency of our protocol. The results confirm the suitability of SARA for low-end devices