LegIoT: Ledgered Trust Management Platform for IoT

We investigate and address the currently unsolved problem of trust establishment in large-scale Internet of Things (IoT) networks where heterogeneous devices and mutually mistrusting stakeholders are involved. We design, prototype and evaluate LegIoT, a novel, probabilistic trust management system that enables secure, dynamic and flexible (yet inexpensive) trust relationships in large IoT networks. The core component of LegIoT is a novel graph-based scheme that allows network devices (graph nodes) to re-use the already existing trust associations (graph edges) very efficiently; thus, significantly reducing the number of individually conducted trust assessments. Since no central trusted third party exists, LegIoT leverages Distributed Ledger Technology (DLT) to create and manage the trust relation graph in a decentralized manner. The trust assessment among devices can be instantiated by any appropriate assessment technique, for which we focus on remote attestation (integrity verification) in this paper. We prototyped LegIoT for Hyperledger Sawtooth and demonstrated through evaluation that the number of trust assessments in the network can be significantly reduced – e.g., by a factor of 20 for a network of 400 nodes and factor 5 for 1000 nodes.

[1]  L. V. Doorn,et al.  Using Software-based Attestation for Verifying Embedded Systems in Cars , 2004 .

[2]  Gene Tsudik,et al.  SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust , 2012, NDSS.

[3]  Raph Levien,et al.  MIME Security with OpenPGP , 2001, RFC.

[4]  Pengfei Wang,et al.  A Remote Attestation Security Model Based on Privacy-Preserving Blockchain for V2X , 2018, IEEE Access.

[5]  Kim-Kwang Raymond Choo,et al.  Blockchain-Based Security Layer for Identification and Isolation of Malicious Things in IoT: A Conceptual Design , 2018, 2018 27th International Conference on Computer Communication and Networks (ICCCN).

[6]  Mahmoud Ammar,et al.  SlimIoT: Scalable Lightweight Attestation Protocol for the Internet of Things , 2018, 2018 IEEE Conference on Dependable and Secure Computing (DSC).

[7]  Julita Vassileva,et al.  Bayesian network-based trust model , 2003, Proceedings IEEE/WIC International Conference on Web Intelligence (WI 2003).

[8]  Vijay Varadharajan,et al.  TrustLite: a security architecture for tiny embedded devices , 2014, EuroSys '14.

[9]  Vitalik Buterin A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM , 2015 .

[10]  Kwangjo Kim,et al.  TM-Coin: Trustworthy management of TCB measurements in IoT , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[11]  Ahmad-Reza Sadeghi,et al.  DARPA: Device Attestation Resilient to Physical Attacks , 2016, WISEC.

[12]  Jean-Luc Baril,et al.  Blockchain based trust & authentication for decentralized sensor networks , 2017, ArXiv.

[13]  Mauro Conti,et al.  SANA: Secure and Scalable Aggregate Network Attestation , 2016, CCS.

[14]  Karl Aberer,et al.  Managing trust in a peer-2-peer information system , 2001, CIKM '01.

[15]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[16]  Karim Eldefrawy SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust , 2012, NDSS 2012.

[17]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[18]  Jean-Yves Le Boudec,et al.  Performance analysis of the CONFIDANT protocol , 2002, MobiHoc '02.

[19]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[20]  Iliano Cervesato,et al.  The Dolev-Yao Intruder is the most Powerful Attacker , 2010 .

[21]  Siani Pearson,et al.  Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[22]  Stefan Katzenbeisser,et al.  SALAD: Secure and Lightweight Attestation of Highly Dynamic and Disruptive Networks , 2018, AsiaCCS.

[23]  Ling Liu,et al.  Building Trust in Decentralized Peer-to-Peer Electronic Communities , 2002 .

[24]  Gene Tsudik,et al.  Lightweight Swarm Attestation: A Tale of Two LISA-s , 2017, AsiaCCS.

[25]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[26]  Yuval Elovici,et al.  CIoTA: Collaborative IoT Anomaly Detection via Blockchain , 2018, ArXiv.

[27]  Max Mühlhäuser,et al.  Towards Blockchain-Based Collaborative Intrusion Detection Systems , 2017, CRITIS.

[28]  Stephen Hailes,et al.  A distributed trust model , 1998, NSPW '97.

[29]  Max Mühlhäuser,et al.  Beyond the Hype: On Using Blockchains in Trust Management for Authentication , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[30]  Ahmad-Reza Sadeghi,et al.  C-FLAT: Control-Flow Attestation for Embedded Systems Software , 2016, CCS.

[31]  Gene Tsudik,et al.  A minimalist approach to Remote Attestation , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[32]  Audun Jøsang,et al.  Trust network analysis with subjective logic , 2006, ACSC.

[33]  Ahmad-Reza Sadeghi,et al.  DIAT: Data Integrity Attestation for Resilient Collaboration of Autonomous Systems , 2019, NDSS.

[34]  Mukesh Singhal,et al.  Trust Management in Distributed Systems , 2007, Computer.

[35]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[36]  Qingju Wang,et al.  When Intrusion Detection Meets Blockchain Technology: A Review , 2018, IEEE Access.

[37]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[38]  Roberto Di Pietro,et al.  BAD: Blockchain Anomaly Detection , 2018, ArXiv.

[39]  John S. Baras,et al.  On Trust Establishment in Mobile Ad-Hoc Networks , 2002, Security Protocols Workshop.

[40]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[41]  Ahmad-Reza Sadeghi,et al.  SEDA: Scalable Embedded Device Attestation , 2015, CCS.

[42]  Munindar P. Singh,et al.  A Social Mechanism of Reputation Management in Electronic Communities , 2000, CIA.

[43]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[44]  Stefan Katzenbeisser,et al.  SCAPI: a scalable attestation protocol to detect software and physical attacks , 2017, WISEC.

[45]  Abdelmadjid Bouabdallah,et al.  Trusted Execution Environment: What It is, and What It is Not , 2015, TrustCom 2015.

[46]  Ahmad-Reza Sadeghi,et al.  Invited: Things, trouble, trust: On building trust in IoT systems , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[47]  Kevin E. Hemsley,et al.  History of Industrial Control System Cyber Incidents , 2018 .