- Main
Secure Remote Attestation for Safety-Critical Embedded and IoT Devices
- Rattanavipanon, Norrathep
- Advisor(s): Tsudik, Gene
Abstract
In recent years, embedded and cyber-physical systems (CPS), under the guise of Internet-of-
Things (IoT), have entered many aspects of daily life. Despite many benefits, this develop-
ment also greatly expands the so-called attack surface and turns these newly computerized
gadgets into attractive attack targets. One key component in securing IoT devices is malware
detection, which is typically attained with (secure) remote attestation. Remote attestation
is a distinct security service that allows a trusted verifier to verify the internal state of a
remote untrusted device. Remote attestation is especially relevant for low/medium-end em-
bedded devices that are incapable of protecting themselves against malware infection. As
safety-critical IoT devices become commonplace, it is crucial for remote attestation not to
interfere with the device’s normal operations. In this dissertation, we identify major issues in
reconciling remote attestation and safety-critical application needs. We show that existing
attestation techniques require devices to perform uninterruptible (atomic) operations during
attestation. Such operations can be time-consuming and thus may be harmful to the device’s
safety-critical functionality. On the other hand, simply relaxing security requirements of re-
mote attestation can lead to other vulnerabilities. To resolve this conflict, this dissertation
presents the design, implementation, and evaluation of several mitigation techniques. In par-
ticular, we propose two light-weight techniques capable of providing interruptible attestation
modality. In contrast to traditional techniques, our proposed techniques allow interrupts to
occur during attestation while ensuring malware detection via shuffled memory traversals or
memory locking mechanisms. Another type of techniques pursued in this dissertation aims
to minimize the real-time computation overhead during attestation. We propose using peri-
odic self-measurements to measure and record the device’s state, resulting in more flexible
scheduling of the attestation process and also in no real-time burden as part of its interaction
with verifier. This technique is particularly suitable for swarm settings with a potentially
large number of safety-critical devices. Finally, we develop a remote attestation HYDRA
architecture, based on a formally verified component, and use it as a building block in our
proposed mitigation techniques. We believe that this architecture may be of independent
interest.
Main Content
Enter the password to open this PDF file:
-
-
-
-
-
-
-
-
-
-
-
-
-
-