DADS: Decentralized Attestation for Device Swarms

We present a novel scheme called Decentralized Attestation for Device Swarms (DADS), which is, to the best of our knowledge, the first to accomplish decentralized attestation in device swarms. Device swarms are smart, mobile, and interconnected devices that operate in large numbers and are likely to be part of emerging applications in Cyber-Physical Systems (CPS) and Industrial Internet of Things (IIoTs). Swarm devices process and exchange safety, privacy, and mission-critical information. Thus, it is important to have a good code verification technique that scales to device swarms and establishes trust among collaborating devices. DADS has several advantages over current state-of-the-art swarm attestation techniques: It is decentralized, has no single point of failure, and can handle changing topologies after nodes are compromised. DADS assures system resilience to node compromise/failure while guaranteeing only devices that execute genuine code remain part of the group. We conduct performance measurements of communication, computation, memory, and energy using the TrustLite embedded systems architecture in OMNeT++ simulation environment. We show that the proposed approach can significantly reduce communication cost and is very efficient in terms of computation, memory, and energy requirements. We also analyze security and show that DADS is very effective and robust against various attacks.

[1]  Erol Sahin,et al.  Swarm Robotics: From Sources of Inspiration to Domains of Application , 2004, Swarm Robotics.

[2]  Amit Kumar Saha,et al.  Modeling mobility for vehicular ad-hoc networks , 2004, VANET '04.

[3]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[4]  Vijay Varadharajan,et al.  TrustLite: a security architecture for tiny embedded devices , 2014, EuroSys '14.

[5]  Gene Tsudik,et al.  A minimalist approach to Remote Attestation , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[6]  Yehuda Lindell,et al.  Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series) , 2007 .

[7]  Ismail Güvenç,et al.  UAV-Enabled Intelligent Transportation Systems for the Smart City: Applications and Challenges , 2017, IEEE Communications Magazine.

[8]  Ayan Banerjee,et al.  Ensuring Safety, Security, and Sustainability of Mission-Critical Cyber–Physical Systems , 2012, Proceedings of the IEEE.

[9]  Adrian Perrig,et al.  SBAP: Software-Based Attestation for Peripherals , 2010, TRUST.

[10]  Alessandro Bassi,et al.  From today's INTRAnet of things to a future INTERnet of things: a wireless- and mobility-related view , 2010, IEEE Wireless Communications.

[11]  Frank Piessens,et al.  Sancus: Low-cost Trustworthy Extensible Networked Devices with a Zero-software Trusted Computing Base , 2013, USENIX Security Symposium.

[12]  Sean W. Smith Outbound authentication for programmable secure coprocessors , 2004, International Journal of Information Security.

[13]  Ahmad-Reza Sadeghi,et al.  Short paper: lightweight remote attestation using physical functions , 2011, WiSec '11.

[14]  Rui Li,et al.  Towards a Low-Cost Remote Memory Attestation for the Smart Grid , 2015, Sensors.

[15]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[16]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[17]  Tracy Camp,et al.  A survey of mobility models for ad hoc network research , 2002, Wirel. Commun. Mob. Comput..

[18]  Prabhu Ramaswamy,et al.  IoT smart parking system for reducing green house gas emission , 2016, 2016 International Conference on Recent Trends in Information Technology (ICRTIT).

[19]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[20]  Ahmad-Reza Sadeghi,et al.  DARPA: Device Attestation Resilient to Physical Attacks , 2016, WISEC.

[21]  Mauro Conti,et al.  SANA: Secure and Scalable Aggregate Network Attestation , 2016, CCS.

[22]  Yan Sun,et al.  CRRP: A cooperative relay routing protocol for IoT networks , 2016, 2016 IEEE 27th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC).

[23]  Adrian Perrig,et al.  Bootstrapping Trust in Commodity Computers , 2010, 2010 IEEE Symposium on Security and Privacy.

[24]  Depei Qian,et al.  Link Availability Prediction in Ad Hoc Networks , 2008, 2008 14th IEEE International Conference on Parallel and Distributed Systems.

[25]  Adrian Perrig,et al.  VIPER: verifying the integrity of PERipherals' firmware , 2011, CCS '11.

[26]  Johannes Götzfried,et al.  Sancus 2.0 , 2017, ACM Trans. Priv. Secur..

[27]  Adrian Perrig,et al.  SAKE: Software attestation for key establishment in sensor networks , 2011, Ad Hoc Networks.

[28]  Ahmad-Reza Sadeghi,et al.  SEDA: Scalable Embedded Device Attestation , 2015, CCS.

[29]  Donald E. Eastlake,et al.  US Secure Hash Algorithm 1 (SHA1) , 2001, RFC.

[30]  Natalija Vlajic,et al.  A Simulation-Based Performance Analysis of Various Multipath Routing Techniques in ZigBee Sensor Networks , 2009, ADHOCNETS.

[31]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[32]  Frederik Armknecht,et al.  A security framework for the analysis and design of software attestation , 2013, CCS.

[33]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[34]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[35]  Leah H. Jamieson,et al.  Establishing the Genuinity of Remote Computer Systems , 2003, USENIX Security Symposium.

[36]  Gene Tsudik,et al.  Lightweight Swarm Attestation: A Tale of Two LISA-s , 2017, AsiaCCS.

[37]  Mihir Bellare,et al.  New Proofs for NMAC and HMAC: Security without Collision Resistance , 2006, Journal of Cryptology.

[38]  Dan Boneh,et al.  The Decision Diffie-Hellman Problem , 1998, ANTS.

[39]  Ing-Ray Chen,et al.  Reliability of wireless sensors with code attestation for intrusion detection , 2010, Inf. Process. Lett..

[40]  Ahmad-Reza Sadeghi,et al.  TyTAN: Tiny trust anchor for tiny devices , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[41]  Gene Tsudik,et al.  SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust , 2012, NDSS.

[42]  Ahmad-Reza Sadeghi,et al.  Remote attestation for low-end embedded devices: The prover's perspective , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[43]  L. V. Doorn,et al.  SCUBA: Secure Code Update By Attestation in sensor networks , 2006, WiSe '06.

[44]  Chenyang Lu,et al.  Cyber-Physical Codesign of Distributed Structural Health Monitoring with Wireless Sensor Networks , 2014, IEEE Trans. Parallel Distributed Syst..

[45]  Karim Eldefrawy SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust , 2012, NDSS 2012.

[46]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[47]  Hamid R. Rabiee,et al.  MobiSim: A Framework for Simulation of Mobility Models in Mobile Ad-Hoc Networks , 2007, Third IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob 2007).