Lightweight and Flexible Trust Assessment Modules for the Internet of Things

In this paper we describe a novel approach to securely obtain measurements with respect to the integrity of software running on a low-cost and low-power computing node autonomously or on request. We propose to use these measurements as an indication of the trustworthiness of that node. Our approach is based on recent developments in Program Counter Based Access Control. Specifically, we employ Sancus, a light-weight hardware-only Trusted Computing Base and Protected Module Architecture, to integrate trust assessment modules into an untrusted embedded OS without using a hypervisor. Sancus ensures by means of hardware extensions that code and data of a protected module cannot be tampered with, and that the module's data remains confidential. Sancus further provides cryptographic primitives that are employed by our approach to enable the trust management system to verify that the obtained trust metrics are authentic and fresh. Thereby, our trust assessment modules can inspect the OS or application code and securely report reliable trust metrics to an external trust management system. We evaluate a prototypic implementation of our approach that integrates Sancus-protected trust assessment modules with the Contiki OS running on a Sancus-enabled TIi¾źMSP430 microcontroller.

[1]  Rodrigo Roman,et al.  A Survey on the Applicability of Trust Management Systems for Wireless Sensor Networks , 2007, Third International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU 2007).

[2]  Frank Piessens,et al.  Fides: selectively hardening software application components against kernel-level or process-level malware , 2012, CCS '12.

[3]  Xuxian Jiang,et al.  Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing , 2008, RAID.

[4]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[5]  Karim Eldefrawy SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust , 2012, NDSS 2012.

[6]  Frank Piessens,et al.  Sancus: Low-cost Trustworthy Extensible Networked Devices with a Zero-software Trusted Computing Base , 2013, USENIX Security Symposium.

[7]  Frank Piessens,et al.  Secure interrupts on low-end microcontrollers , 2014, 2014 IEEE 25th International Conference on Application-Specific Systems, Architectures and Processors.

[8]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[9]  Weibo Gong,et al.  Anomaly detection using call stack information , 2003, 2003 Symposium on Security and Privacy, 2003..

[10]  Domenico Cotroneo,et al.  A survey of software aging and rejuvenation studies , 2014, ACM J. Emerg. Technol. Comput. Syst..

[11]  Wouter Joosen,et al.  HyperForce: Hypervisor-enForced Execution of Security-Critical Code , 2012, SEC.

[12]  Frank Piessens,et al.  Sound Modular Verification of C Code Executing in an Unverified Context , 2014, POPL.

[13]  Adam Dunkels,et al.  Contiki - a lightweight and flexible operating system for tiny networked sensors , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[14]  Arati Baliga,et al.  Detecting Kernel-Level Rootkits Using Data Structure Invariants , 2011, IEEE Transactions on Dependable and Secure Computing.

[15]  Wouter Joosen,et al.  HeapSentry: Kernel-Assisted Protection against Heap Overflows , 2013, DIMVA.

[16]  Jorge Sá Silva,et al.  Security in the integration of low-power Wireless Sensor Networks with the Internet: A survey , 2015, Ad Hoc Networks.

[17]  Frank Piessens,et al.  Protected Software Module Architectures , 2013, ISSE.

[18]  William A. Arbaugh,et al.  Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor , 2004, USENIX Security Symposium.

[19]  Frank Piessens,et al.  Efficient Isolation of Trusted Subsystems in Embedded Systems , 2010, SecureComm.

[20]  Rodrigo Roman,et al.  Trust management systems for wireless sensor networks: Best practices , 2010, Comput. Commun..

[21]  Frank Piessens,et al.  Secure Compilation to Modern Processors , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[22]  Wouter Joosen,et al.  Hello rootKitty: A Lightweight Invariance-Enforcing Framework , 2011, ISC.

[23]  Adrian Perrig,et al.  SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes , 2007, SOSP.

[24]  David E. Culler,et al.  TinyOS: An Operating System for Sensor Networks , 2005, Ambient Intelligence.

[25]  Vijay Varadharajan,et al.  TrustLite: a security architecture for tiny embedded devices , 2014, EuroSys '14.

[26]  Rodrigo Roman,et al.  Securing the Internet of Things , 2017, Smart Cards, Tokens, Security and Applications, 2nd Ed..

[27]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.