Towards Remotely Verifiable Software Integrity in Resource-Constrained IoT Devices (2401.04308v2)
Abstract: Lower-end IoT devices typically have strict cost constraints that rule out usual security mechanisms available in general-purpose computers or higher-end devices. To secure low-end devices, various low-cost security architectures have been proposed for remote verification of their software state via integrity proofs. These proofs vary in terms of expressiveness, with simpler ones confirming correct binary presence, while more expressive ones support verification of arbitrary code execution. This article provides a holistic and systematic treatment of this family of architectures. It also compares (qualitatively and quantitatively) the types of software integrity proofs, respective architectural support, and associated costs. Finally, we outline some research directions and emerging challenges.
- B. Kuang, A. Fu, W. Susilo, S. Yu, and Y. Gao, “A survey of remote attestation in internet of things: Attacks, countermeasures, and prospects,” Computers & Security, vol. 112, p. 102498, 2022.
- K. Eldefrawy, G. Tsudik, A. Francillon, and D. Perito, “SMART: Secure and minimal architecture for (establishing dynamic) root of trust,” in NDSS, 2012.
- I. De Oliveira Nunes, K. Eldefrawy, N. Rattanavipanon, M. Steiner, and G. Tsudik, “VRASED: A verified hardware/software co-design for remote attestation,” in USENIX Security, 2019.
- M. Grisafi, M. Ammar, M. Roveri, and B. Crispo, “PISTIS: Trusted computing architecture for low-end embedded systems,” in USENIX Security, 2022.
- P. Koeberl, S. Schulz, A.-R. Sadeghi, and V. Varadharajan, “Trustlite: A security architecture for tiny embedded devices,” in EuroSys, 2014.
- I. De Oliveira Nunes, K. Eldefrawy, N. Rattanavipanon, and G. Tsudik, “APEX: A verified architecture for proofs of execution on remote devices under full software compromise,” in USENIX Security, 2020.
- L. Szekeres, M. Payer, T. Wei, and D. Song, “Sok: Eternal war in memory,” in IEEE S&P, 2013.
- J. Noorman, J. V. Bulck, J. T. Mühlberg, F. Piessens, P. Maene, B. Preneel, I. Verbauwhede, J. Götzfried, T. Müller, and F. Freiling, “Sancus 2.0: A low-cost security architecture for iot devices,” ACM TOPS, vol. 20, no. 3, pp. 1–33, 2017.
- I. De Oliveira Nunes, S. Jakkamsetti, N. Rattanavipanon, and G. Tsudik, “On the TOCTOU problem in remote attestation,” in ACM CCS, 2021.
- T. Abera, N. Asokan, L. Davi, J.-E. Ekberg, T. Nyman, A. Paverd, A.-R. Sadeghi, and G. Tsudik, “C-FLAT: control-flow attestation for embedded systems software,” in ACM CCS, 2016.
- G. Dessouky, T. Abera, A. Ibrahim, and A.-R. Sadeghi, “LiteHAX: lightweight hardware-assisted attestation of program execution,” in ICCAD, 2018.
- I. De Oliveira Nunes, S. Jakkamsetti, and G. Tsudik, “Tiny-CFA: Minimalistic control-flow attestation using verified proofs of execution,” in DATE, 2021.
- I. De Oliveira Nunes, S. Jakkamsetti, and G. Tsudik, “DIALED: Data integrity attestation for low-end embedded devices,” in DAC, 2021.
- Z. Sun, B. Feng, L. Lu, and S. Jha, “OAT: Attesting operation integrity of embedded devices,” in IEEE S&P, 2020.
- M. Ambrosin, M. Conti, R. Lazzeretti, M. M. Rabbani, and S. Ranise, “Collective remote attestation at the internet of things scale: State-of-the-art and future challenges,” IEEE Communications Surveys & Tutorials, vol. 22, no. 4, pp. 2447–2461, 2020.
Sponsor
Paper Prompts
Sign up for free to create and run prompts on this paper using GPT-5.
Top Community Prompts
Collections
Sign up for free to add this paper to one or more collections.