In recent years, the booming of Internet of Things (IoT) has populated the world with billions of smart devices that implement novel services and applications. The potential for cyberattacks on IoT systems have called for new solutions from the research community. Remote attestation is a widely used technique that allows a verifier to identify software compromise on a remote platform (called prover). Traditional challenge-response remote attestation protocols between the verifier and a single prover face a severe scalability challenge when they are applied to large scale IoT systems. To tackle this issue, recently researchers have started developing attestation schemes, which we refer to as Collective Remote Attestation (CRA) schemes, that are capable of remotely performing attestation of large networks of IoT devices. In this paper, after providing the reader with a background on remote attestation, we survey and analyze existing CRA schemes. We present an analysis of their advantages and disadvantages, as well as of their effectiveness against a reference attacker model. We focus our attention on CRA schemes' characteristics and adversarial mitigation capabilities. We finally highlight open research issues and give possible directions for mitigating both the limitations of existing schemes, and new emerging challenges. We believe this work can help guiding the design of current and future proposals for CRA.

Collective Remote Attestation at the Internet of Things Scale: State-of-the-Art and Future Challenges / Ambrosin, M.; Conti, M.; Lazzeretti, R.; Rabbani, M. M.; Ranise, S.. - In: IEEE COMMUNICATIONS SURVEYS AND TUTORIALS. - ISSN 1553-877X. - 22:4(2020), pp. 2447-2461. [10.1109/COMST.2020.3008879]

Collective Remote Attestation at the Internet of Things Scale: State-of-the-Art and Future Challenges

Ranise S.
2020-01-01

Abstract

In recent years, the booming of Internet of Things (IoT) has populated the world with billions of smart devices that implement novel services and applications. The potential for cyberattacks on IoT systems have called for new solutions from the research community. Remote attestation is a widely used technique that allows a verifier to identify software compromise on a remote platform (called prover). Traditional challenge-response remote attestation protocols between the verifier and a single prover face a severe scalability challenge when they are applied to large scale IoT systems. To tackle this issue, recently researchers have started developing attestation schemes, which we refer to as Collective Remote Attestation (CRA) schemes, that are capable of remotely performing attestation of large networks of IoT devices. In this paper, after providing the reader with a background on remote attestation, we survey and analyze existing CRA schemes. We present an analysis of their advantages and disadvantages, as well as of their effectiveness against a reference attacker model. We focus our attention on CRA schemes' characteristics and adversarial mitigation capabilities. We finally highlight open research issues and give possible directions for mitigating both the limitations of existing schemes, and new emerging challenges. We believe this work can help guiding the design of current and future proposals for CRA.
2020
4
Ambrosin, M.; Conti, M.; Lazzeretti, R.; Rabbani, M. M.; Ranise, S.
Collective Remote Attestation at the Internet of Things Scale: State-of-the-Art and Future Challenges / Ambrosin, M.; Conti, M.; Lazzeretti, R.; Rabbani, M. M.; Ranise, S.. - In: IEEE COMMUNICATIONS SURVEYS AND TUTORIALS. - ISSN 1553-877X. - 22:4(2020), pp. 2447-2461. [10.1109/COMST.2020.3008879]
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/333268
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 35
  • ???jsp.display-item.citation.isi??? 29
social impact