research-article

FADIA: fairness-driven collaborative remote attestation

Authors:

Mohamad Mansouri,

Wafa Ben Jaballah,

Md Masoom Rabbani,

Mauro ContiAuthors Info & Claims

WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Pages 60 - 71

https://doi.org/10.1145/3448300.3468284

Published: 28 June 2021 Publication History

Abstract

Internet of Things (IoT) technology promises to bring new value creation opportunities across all major industrial sectors. This will yield industries to deploy more devices into their networks. A key pillar to ensure the safety and security of the running services on these devices is remote attestation. Unfortunately,existing solutions fail to cope with the recent challenges raised by large IoT networks. In particular, the heterogeneity of the devices used in the network affects the performance of a remote attestation protocol. Another challenge in these networks is their dynamic nature: More IoT devices may be added gradually over time. This poses a problem in terms of key management in remote attestation.

We propose FADIA, the first lightweight collaborative remote attestation protocol that is designed with fairness in mind. FADIA enables fair distribution of load/tasks on the attesting devices to achieve better performance. We also leverage the Eschenauer-Gligor scheme to enable efficient addition of devices to the network. We implement our solution on heterogeneous embedded devices and evaluate it in real scenarios. The evaluation shows that FADIA can (i) increase the lifetime of a network by an order of magnitude and (ii) decrease the remote attestation runtime by a factor of 1.6.

References

[1]

T. Abera, N. Asokan, L. Davi, J. E. Ekberg, T. Nyman, A. Paverd, A. R. Sadeghi, and G. Tsudik. 2016. C-FLAT: Control-Flow Attestation for Embedded Systems Software. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16). Association for Computing Machinery.

[2]

M. Ambrosin, M. Conti, A. Ibrahim, G. Neven, A. R. Sadeghi, and M. Schunter. 2016. SANA: Secure and Scalable Aggregate Network Attestation. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16). Association for Computing Machinery.

[3]

M. Ambrosin, M. Conti, R. Lazzeretti, M. M. Rabbani, and S. Ranise. 2018. PADS: Practical Attestation for Highly Dynamic Swarm Topologies. In 2018 International Workshop on Secure Internet of Things (SIoT).

[4]

C. Andrei, Z. Jonas, F. Aurélien, and B. Davide. 2014. A Large-Scale Analysis of the Security of Embedded Firmwares. In 23rd USENIX Security Symposium (USENIX Security 14). USENIX Association.

[5]

N. Asokan, F. Brasser, A. Ibrahim, A. R. Sadeghi, M. Schunter, G. Tsudik, and C. Wachsmann. 2015. SEDA: Scalable Embedded Device Attestation. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS '15). Association for Computing Machinery.

[6]

F. Brasser, B. El Mahjoub, A. Sadeghi, C. Wachsmann, and P. Koeberl. 2015. TyTAN: Tiny trust anchor for tiny devices. In 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[7]

X. Carpent, K. ElDefrawy, N. Rattanavipanon, and G. Tsudik. 2017. Lightweight Swarm Attestation: A Tale of Two LISA-s. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS '17). Association for Computing Machinery.

[8]

X. Carpent, G. Tsudik, and N. Rattanavipanon. 2018. ERASMUS: Efficient remote attestation via self-measurement for unattended settings. In 2018 Design, Automation Test in Europe Conference Exhibition (DATE).

[9]

M. Conti, R. Di Pietro, A. Gabrielli, L. V. Mancini, and A. Mei. 2010. The Smallville Effect: Social Ties Make Mobile Networks More Secure against Node Capture Attack. In Proceedings of the 8th ACM International Workshop on Mobility Management and Wireless Access (MobiWac '10). Association for Computing Machinery.

[10]

M. Conti, R. Di Pietro, L. Vincenzo Mancini, and A. Mei. 2008. Emergent Properties: Detection of the Node-Capture Attack in Mobile Wireless Sensor Networks. In Proceedings of the First ACM Conference on Wireless Network Security (WiSec '08). Association for Computing Machinery.

[11]

Moteiv Corporation. 2016. Tmote Sky Details. "http://www.snm.ethz.ch/snmwiki/pub/uploads/Projects/tmote_sky_datasheet.pdf".

[12]

The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC). December 28, 2016. "Mirai Botnet". Retrieved 28 December 2016.

[13]

K. M. El Defrawy, N. Rattanavipanon, and G. Tsudik. 2017. HYDRA: hybrid design for remote attestation (using a formally verified microkernel). Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (2017).

Digital Library

[14]

G. Dessouky, S. Zeitouni, T. Nyman, A. Paverd, L. Davi, P. Koeberl, N. Asokan, and A. R. Sadeghi. 2017. LO-FAT: Low-Overhead Control Flow ATtestation in Hardware. In Proceedings of the 54th Annual Design Automation Conference 2017 (DAC '17). Association for Computing Machinery.

[15]

E. Dushku, M. M. Rabbani, M. Conti, L. V. Mancini, and S. Ranise. 2020. SARA: Secure Asynchronous Remote Attestation for IoT Systems. IEEE Transactions on Information Forensics and Security (2020).

[16]

K. Eldefrawy, A. Francillon, D. Perito, and G. Tsudik. 2012. SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust. In NDSS 2012, 19th Annual Network and Distributed System Security Symposium, February 5-8, San Diego, USA.

[17]

L. Eschenauer and V. D. Gligor. 2002. A Key-Management Scheme for Distributed Sensor Networks. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS '02). Association for Computing Machinery.

[18]

A. Francillon, Q. Nguyen, K. B. Rasmussen, and G. Tsudik. 2014. A minimalist approach to Remote Attestation. In 2014 Design, Automation Test in Europe Conference Exhibition (DATE).

[19]

W. He, M. Golla, R. Padhi, J. Ofek, M. Dürmuth, E. Fernandes, and B. Ur. 2018. Rethinking Access Control and Authentication for the Home Internet of Things (IoT). In Proceedings of the 27th USENIX Conference on Security Symposium (SEC'18). USENIX Association.

[20]

A. Ibrahim, A. R. Sadeghi, G. Tsudik, and S. Zeitouni. 2016. DARPA: Device Attestation Resilient to Physical Attacks. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec '16). Association for Computing Machinery.

[21]

V. Immler, J. Obermaier, K. Kuan Ng, F. Xiang Ke, J. Lee, Y. Peng Lim, W. Koon Oh, K. Hoong Wee, and G. Sigl. 2018. Secure Physical Enclosures from Covers with Tamper-Resistance. IACR Transactions on Cryptographic Hardware and Embedded Systems (2018).

[22]

C. Kil, E. C. Sezer, A. M. Azab, P. Ning, and X. Zhang. 2009. Remote attestation to dynamic system properties: Towards providing complete system integrity evidence. In 2009 IEEE/IFIP International Conference on Dependable Systems Networks.

[23]

W. Kim and I. Jung. 2019. Smart Sensing Period for Efficient Energy Consumption in IoT Network. Sensors (2019).

[24]

P. Koeberl, S. Patrick, S. Schulz, A. R. Sadeghi, and V. Varadharajan. 2014. TrustLite: A Security Architecture for Tiny Embedded Devices. In Proceedings of the Ninth European Conference on Computer Systems (EuroSys '14). Association for Computing Machinery.

[25]

F. Kohnhäuser, N. Büscher, S. Gabmeyer, and S. Katzenbeisser. 2017. SCAPI: A Scalable Attestation Protocol to Detect Software and Physical Attacks. In Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '17). Association for Computing Machinery.

[26]

F. Kohnhäuser, N. Büscher, and S. Katzenbeisser. 2018. SALAD: Secure and Lightweight Attestation of Highly Dynamic and Disruptive Networks. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security (ASIACCS '18). Association for Computing Machinery.

[27]

F. Kohnhäuser, N. Büscher, and S. Katzenbeisser. 2019. A Practical Attestation Protocol for Autonomous Embedded Systems. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[28]

S. Mahfoudh and P. Minet. 2008. Survey of Energy Efficient Strategies in Wireless Ad Hoc and Sensor Networks. In Seventh International Conference on Networking (icn 2008).

[29]

IHS Markit. 2017. Number of Connected IoT Devices Will Surge to 125 Billion by 2030, IHS Markit Says. https://news.ihsmarkit.com/prviewer/release_only/slug/number-connected-iot-devices-will-surge-125-billion-2030-ihs-markit-says.

[30]

S. Moein, T. Aaron Gulliver, F. Gebali, and A. Alkandari. 2017. Hardware Attack Mitigation Techniques Analysis. International Journal on Cryptography and Information Security (2017).

[31]

J. Noorman, J. Van Bulck, J. Tobias Mühlberg, F. Piessens, P. Maene, B. Preneel, I. Verbauwhede, J. Götzfried, T. Müller, and F. Freiling. 2017. Sancus 2.0: A Low-Cost Security Architecture for IoT Devices. ACM Trans. Priv. Secur. (2017).

[32]

M. M. Rabbani, J. Vliegen, J. Winderickx, M. Conti, and N. Mentens. 2019. SHeLA: Scalable Heterogeneous Layered Attestation. IEEE Internet of Things Journal (2019).

[33]

S. Ravi, A. Raghunathan, and S. Chakradhar. 2004. Tamper resistance mechanisms for secure embedded systems. In 17th International Conference on VLSI Design. Proceedings.

[34]

V. Roblek, M. MeÅ¡ko, and A. KrapeÅ¾. 2016. A Complex View of Industry 4.0. SAGE Open 2 (2016).

[35]

S. Skorobogatov. 2011. Physical Attacks on Tamper Resistance: Progress and Lessons. 2nd ARO Special Workshop on HW Assurance, Washington DC.

[36]

S. Skorobogatov. 2012. Physical Attacks and Tamper Resistance. Springer New York.

[37]

A. Varga and R. Hornig. 2008. An Overview of the OMNeT++ Simulation Environment. In Proceedings of the 1st International Conference on Simulation Tools and Techniques for Communications, Networks and Systems & Workshops (Simutools '08). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering).

[38]

S. Zeitouni, G. Dessouky, O. Arias, D. Sullivan, A. Ibrahim, Y. Jin, and A. Sadeghi. 2017. ATRIUM: Runtime attestation resilient under memory attacks. In 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

Cited By

Vliegen JRabbani MHellemans WMentens N(2024)HAGAR: Hashgraph-based Aggregated Communication and Remote AttestationProceedings of the 21st ACM International Conference on Computing Frontiers: Workshops and Special Sessions10.1145/3637543.3654655(10-16)Online publication date: 7-May-2024
https://dl.acm.org/doi/10.1145/3637543.3654655
Braeken Ada Silva BSegers LKnödtel JReichenbach MWulf CPertuz SGöhringer DVliegen JRabbani MMentens N(2024)Trusted Computing Architectures for IoT DevicesApplied Reconfigurable Computing. Architectures, Tools, and Applications10.1007/978-3-031-55673-9_17(241-254)Online publication date: 20-Mar-2024
https://dl.acm.org/doi/10.1007/978-3-031-55673-9_17
Hellemans WRabbani MPreneel BMentens NBartolini ARietveld KSchuman CMoreira J(2023)Yes we CAN!Proceedings of the 20th ACM International Conference on Computing Frontiers10.1145/3587135.3592818(352-357)Online publication date: 9-May-2023
https://dl.acm.org/doi/10.1145/3587135.3592818
Show More Cited By

Index Terms

FADIA: fairness-driven collaborative remote attestation
1. Networks
  1. Network types
    1. Ad hoc networks
      1. Mobile ad hoc networks
2. Security and privacy
  1. Network security
    1. Mobile and wireless security
    2. Security protocols
  2. Systems security
    1. Distributed systems security

Recommendations

SANA: Secure and Scalable Aggregate Network Attestation
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Large numbers of smart connected devices, also named as the Internet of Things (IoT), are permeating our environments (homes, factories, cars, and also our body - with wearable devices) to collect data and act on the insight derived. Ensuring software ...
AutoCert: Automated TOCTOU-secure digital certification for IoT with combined authentication and assurance
Abstract
The Internet of Things (IoT) network is comprised of heterogeneous devices which are part of critical infrastructures throughout the world. To enable end-to-end security, the Public Key Infrastructure (PKI) is undergoing advancements ...
Privilege-Based Remote Attestation: Towards Integrity Assurance for Lightweight Clients
IoTPTS '15: Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and Security

Remote attestation is used to assure the integrity of a trusted platform (prover) to a remote party (challenger). Traditionally, plain binary attestation (i.e., attesting the integrity of software by measuring their binaries) is the method of choice. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

June 2021

412 pages

ISBN:9781450383493

DOI:10.1145/3448300

General Chairs:
Christina Pöpper
New York University Abu Dhabi, AE
,
Mathy Vanhoef
New York University Abu Dhabi, AE
,
Program Chairs:
Lejla Batina
Radboud University, NL
,
René Mayrhofer
Johannes Kepler University Linz, AT

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 June 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WiSec '21

Sponsor:

SIGSAC

WiSec '21: 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

June 28 - July 2, 2021

Abu Dhabi, United Arab Emirates

Acceptance Rates

WiSec '21 Paper Acceptance Rate 34 of 121 submissions, 28%;

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
218
Total Downloads

Downloads (Last 12 months)30
Downloads (Last 6 weeks)3

Reflects downloads up to 25 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Vliegen JRabbani MHellemans WMentens N(2024)HAGAR: Hashgraph-based Aggregated Communication and Remote AttestationProceedings of the 21st ACM International Conference on Computing Frontiers: Workshops and Special Sessions10.1145/3637543.3654655(10-16)Online publication date: 7-May-2024
https://dl.acm.org/doi/10.1145/3637543.3654655
Braeken Ada Silva BSegers LKnödtel JReichenbach MWulf CPertuz SGöhringer DVliegen JRabbani MMentens N(2024)Trusted Computing Architectures for IoT DevicesApplied Reconfigurable Computing. Architectures, Tools, and Applications10.1007/978-3-031-55673-9_17(241-254)Online publication date: 20-Mar-2024
https://dl.acm.org/doi/10.1007/978-3-031-55673-9_17
Hellemans WRabbani MPreneel BMentens NBartolini ARietveld KSchuman CMoreira J(2023)Yes we CAN!Proceedings of the 20th ACM International Conference on Computing Frontiers10.1145/3587135.3592818(352-357)Online publication date: 9-May-2023
https://dl.acm.org/doi/10.1145/3587135.3592818
Dushku ERabbani MVliegen JBraeken AMentens N(2023)PROVEJournal of Information Security and Applications10.1016/j.jisa.2023.10344875:COnline publication date: 1-Jun-2023
https://dl.acm.org/doi/10.1016/j.jisa.2023.103448
Halldorsson RDushku EDragoni N(2021)ARCADIS: Asynchronous Remote Control-Flow Attestation of Distributed IoT ServicesIEEE Access10.1109/ACCESS.2021.31223919(144880-144894)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3122391

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten