Remote Attestation (RA) is a security service that detects malware presence on remote IoT devices by verifying their software integrity by a trusted party (verifier). There are three main types of RA: software (SW)-, hardware (HW)-, and hybrid (SW/HW)-based. Hybrid techniques obtain secure RA with minimal hardware requirements imposed on the architectures of existing microcontrollers units (MCUs). In recent years, considerable attention has been devoted to hybrid techniques since prior software-based ones lack concrete security guarantees in a remote setting, while hardware-based approaches are too costly for low-end MCUs. However, one key problem is that many already deployed IoT devices neither satisfy minimal hardware requirements nor support hardware modifications, needed for hybrid RA.This paper bridges the gap between software-based and hybrid RA by proposing a novel RA scheme based on software virtualization. In particular, it proposes a new scheme, called SIMPLE, which meets the minimal hardware requirements needed for secure RA via reliable software. SIMPLE depends on a formally-verified software-based memory isolation technique, called Security MicroVisor (Sμ V). Its reliability is achieved by extending the formally-verified safety and correctness properties to cover the entire software architecture of SIMPLE. Furthermore, SIMPLE is used to construct SIMPLE+, an efficient swarm attestation scheme for static and dynamic heterogeneous IoT networks. We implement and evaluate SIMPLE and SIMPLE+ on Atmel AVR architecture, a common MCU platform.

SIMPLE: A remote attestation approach for resource-constrained IoT devices / Ammar, M.; Crispo, B.; Tsudik, G.. - CD-ROM. - (2020), pp. 247-258. (Intervento presentato al convegno 11th ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS 2020 tenutosi a aus nel 2019) [10.1109/ICCPS48487.2020.00036].

SIMPLE: A remote attestation approach for resource-constrained IoT devices

Crispo B.;
2020-01-01

Abstract

Remote Attestation (RA) is a security service that detects malware presence on remote IoT devices by verifying their software integrity by a trusted party (verifier). There are three main types of RA: software (SW)-, hardware (HW)-, and hybrid (SW/HW)-based. Hybrid techniques obtain secure RA with minimal hardware requirements imposed on the architectures of existing microcontrollers units (MCUs). In recent years, considerable attention has been devoted to hybrid techniques since prior software-based ones lack concrete security guarantees in a remote setting, while hardware-based approaches are too costly for low-end MCUs. However, one key problem is that many already deployed IoT devices neither satisfy minimal hardware requirements nor support hardware modifications, needed for hybrid RA.This paper bridges the gap between software-based and hybrid RA by proposing a novel RA scheme based on software virtualization. In particular, it proposes a new scheme, called SIMPLE, which meets the minimal hardware requirements needed for secure RA via reliable software. SIMPLE depends on a formally-verified software-based memory isolation technique, called Security MicroVisor (Sμ V). Its reliability is achieved by extending the formally-verified safety and correctness properties to cover the entire software architecture of SIMPLE. Furthermore, SIMPLE is used to construct SIMPLE+, an efficient swarm attestation scheme for static and dynamic heterogeneous IoT networks. We implement and evaluate SIMPLE and SIMPLE+ on Atmel AVR architecture, a common MCU platform.
2020
Proceedings - 2020 ACM/IEEE 11th International Conference on Cyber-Physical Systems, ICCPS 2020
New York
Institute of Electrical and Electronics Engineers Inc.
978-1-7281-5501-2
Ammar, M.; Crispo, B.; Tsudik, G.
SIMPLE: A remote attestation approach for resource-constrained IoT devices / Ammar, M.; Crispo, B.; Tsudik, G.. - CD-ROM. - (2020), pp. 247-258. (Intervento presentato al convegno 11th ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS 2020 tenutosi a aus nel 2019) [10.1109/ICCPS48487.2020.00036].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/288973
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 44
  • ???jsp.display-item.citation.isi??? 33
  • OpenAlex ND
social impact