Refutation of "On the Difficulty of Software-Based Attestation o f Embedded Devices"

The paper “On the Difficulty of Software-Based Attestation o f Embedded Devices” had been published at the ACM CCS 2009 conference [1]. Although the paper contains many useful points, unfortunately, it also contains numerous errors and inaccuracies which we would like to rectify with this note.

[1]  Yongdae Kim,et al.  Remote Software-Based Attestation for Wireless Sensors , 2005, ESAS.

[2]  David Naccache,et al.  Alien vs. Quine, the Vanishing Circuit and Other Tales from the Industry's Crypt , 2006, EUROCRYPT.

[3]  Kang G. Shin,et al.  Soft tamper-proofing via program integrity verification in wireless sensor networks , 2005, IEEE Transactions on Mobile Computing.

[4]  L. V. Doorn,et al.  SCUBA: Secure Code Update By Attestation in sensor networks , 2006, WiSe '06.

[5]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[6]  Leah H. Jamieson,et al.  Establishing the Genuinity of Remote Computer Systems , 2003, USENIX Security Symposium.

[7]  Young-Geun Choi,et al.  Proactive Code Verification Protocol in Wireless Sensor Network , 2007, ICCSA.

[8]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[9]  Adrian Perrig,et al.  SAKE: Software attestation for key establishment in sensor networks , 2011, Ad Hoc Networks.

[10]  Hovav Shacham,et al.  The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) , 2007, CCS '07.

[11]  Sencun Zhu,et al.  Distributed Software-based Attestation for Node Compromise Detection in Sensor Networks , 2007, 2007 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007).

[12]  Pradeep K. Khosla,et al.  Using FIRE & ICE for Detecting and Recovering Compromised Nodes in Sensor Networks , 2004 .

[13]  Markus Jakobsson,et al.  Assured Detection of Malware With Applications to Mobile Platforms , 2010 .