Device attestation: Past, present, and future

In recent years we have seen a rise in popularity of networked devices. From traffic signals in a city's busiest intersection and energy metering appliances, to internet-connected security cameras, these embedded devices have become entrenched in everyday life. As a consequence, a need to ensure secure and reliable operation of these devices has also risen. Device attestation is a promising solution to the operational demands of embedded devices, especially those widely used in Internet of Things and Cyber-Physical System. In this paper, we summarize the basics of device attestation. We then present a summary of attestation approaches by classifying them based on their functionality and reliability guarantees they provide to networked devices. Lastly, we discuss the limitations and potential issues current mechanisms exhibit and propose new research directions.

[1]  Salvatore J. Stolfo,et al.  When Firmware Modifications Attack: A Case Study of Embedded Exploitation , 2013, NDSS.

[2]  H. Farhangi,et al.  The path of the smart grid , 2010, IEEE Power and Energy Magazine.

[3]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[4]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[5]  Marco Ramilli,et al.  Return-Oriented Programming , 2012, IEEE Security & Privacy.

[6]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[7]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[8]  Samuel Neves,et al.  BLAKE2: Simpler, Smaller, Fast as MD5 , 2013, ACNS.

[9]  Vijay Varadharajan,et al.  TrustLite: a security architecture for tiny embedded devices , 2014, EuroSys '14.

[10]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[11]  Jie Zhang,et al.  BoardPUF: Physical Unclonable Functions for printed circuit board authentication , 2015, 2015 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[12]  Jonathan K. Millen,et al.  Principles of remote attestation , 2011, International Journal of Information Security.

[13]  Adi Shamir,et al.  IoT Goes Nuclear: Creating a ZigBee Chain Reaction , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[14]  Karim Eldefrawy SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust , 2012, NDSS 2012.

[15]  L. Burns Sustainable mobility: A vision of our transport future , 2013, Nature.

[16]  Ahmad-Reza Sadeghi,et al.  Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications , 2015, 2015 IEEE Symposium on Security and Privacy.

[17]  Ahmad-Reza Sadeghi,et al.  ATRIUM: Runtime attestation resilient under memory attacks , 2017, 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[18]  Ahmad-Reza Sadeghi,et al.  SEDA: Scalable Embedded Device Attestation , 2015, CCS.

[19]  Thelma Virginia Rodrigues,et al.  OpenPLC: An open source alternative to automation , 2014, IEEE Global Humanitarian Technology Conference (GHTC 2014).

[20]  Hovav Shacham,et al.  Return-oriented programming without returns , 2010, CCS '10.

[21]  Osama A. Mohammed,et al.  Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit , 2017, NDSS.

[22]  Joshua M. Pearce,et al.  Open-Source Syringe Pump Library , 2014, PloS one.

[23]  Ahmad-Reza Sadeghi,et al.  C-FLAT: Control-Flow Attestation for Embedded Systems Software , 2016, CCS.

[24]  Ahmad-Reza Sadeghi,et al.  TyTAN: Tiny trust anchor for tiny devices , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[25]  Gene Tsudik,et al.  SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust , 2012, NDSS.

[26]  Claude Castelluccia,et al.  Code injection attacks on harvard-architecture devices , 2008, CCS.

[27]  B.F. Wollenberg,et al.  Toward a smart grid: power delivery for the 21st century , 2005, IEEE Power and Energy Magazine.

[28]  Ahmad-Reza Sadeghi,et al.  DARPA: Device Attestation Resilient to Physical Attacks , 2016, WISEC.

[29]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[30]  Zhenkai Liang,et al.  Jump-oriented programming: a new class of code-reuse attack , 2011, ASIACCS '11.

[31]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[32]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.

[33]  John L. Henning SPEC CPU2006 benchmark descriptions , 2006, CARN.