Cargando…

State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

The Internet of Things (IoT) ecosystem comprises billions of heterogeneous Internet-connected devices which are revolutionizing many domains, such as healthcare, transportation, smart cities, to mention only a few. Along with the unprecedented new opportunities, the IoT revolution is creating an eno...

Descripción completa

Detalles Bibliográficos
Autores principales: Ankergård, Sigurd Frej Joel Jørgensen, Dushku, Edlira, Dragoni, Nicola
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2021
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7956325/
https://www.ncbi.nlm.nih.gov/pubmed/33668796
http://dx.doi.org/10.3390/s21051598
_version_ 1783664409029115904
author Ankergård, Sigurd Frej Joel Jørgensen
Dushku, Edlira
Dragoni, Nicola
author_facet Ankergård, Sigurd Frej Joel Jørgensen
Dushku, Edlira
Dragoni, Nicola
author_sort Ankergård, Sigurd Frej Joel Jørgensen
collection PubMed
description The Internet of Things (IoT) ecosystem comprises billions of heterogeneous Internet-connected devices which are revolutionizing many domains, such as healthcare, transportation, smart cities, to mention only a few. Along with the unprecedented new opportunities, the IoT revolution is creating an enormous attack surface for potential sophisticated cyber attacks. In this context, Remote Attestation (RA) has gained wide interest as an important security technique to remotely detect adversarial presence and assure the legitimate state of an IoT device. While many RA approaches proposed in the literature make different assumptions regarding the architecture of IoT devices and adversary capabilities, most typical RA schemes rely on minimal Root of Trust by leveraging hardware that guarantees code and memory isolation. However, the presence of a specialized hardware is not always a realistic assumption, for instance, in the context of legacy IoT devices and resource-constrained IoT devices. In this paper, we survey and analyze existing software-based RA schemes (i.e., RA schemes not relying on specialized hardware components) through the lens of IoT. In particular, we provide a comprehensive overview of their design characteristics and security capabilities, analyzing their advantages and disadvantages. Finally, we discuss the opportunities that these RA schemes bring in attesting legacy and resource-constrained IoT devices, along with open research issues.
format Online
Article
Text
id pubmed-7956325
institution National Center for Biotechnology Information
language English
publishDate 2021
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-79563252021-03-15 State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things Ankergård, Sigurd Frej Joel Jørgensen Dushku, Edlira Dragoni, Nicola Sensors (Basel) Review The Internet of Things (IoT) ecosystem comprises billions of heterogeneous Internet-connected devices which are revolutionizing many domains, such as healthcare, transportation, smart cities, to mention only a few. Along with the unprecedented new opportunities, the IoT revolution is creating an enormous attack surface for potential sophisticated cyber attacks. In this context, Remote Attestation (RA) has gained wide interest as an important security technique to remotely detect adversarial presence and assure the legitimate state of an IoT device. While many RA approaches proposed in the literature make different assumptions regarding the architecture of IoT devices and adversary capabilities, most typical RA schemes rely on minimal Root of Trust by leveraging hardware that guarantees code and memory isolation. However, the presence of a specialized hardware is not always a realistic assumption, for instance, in the context of legacy IoT devices and resource-constrained IoT devices. In this paper, we survey and analyze existing software-based RA schemes (i.e., RA schemes not relying on specialized hardware components) through the lens of IoT. In particular, we provide a comprehensive overview of their design characteristics and security capabilities, analyzing their advantages and disadvantages. Finally, we discuss the opportunities that these RA schemes bring in attesting legacy and resource-constrained IoT devices, along with open research issues. MDPI 2021-02-25 /pmc/articles/PMC7956325/ /pubmed/33668796 http://dx.doi.org/10.3390/s21051598 Text en © 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
spellingShingle Review
Ankergård, Sigurd Frej Joel Jørgensen
Dushku, Edlira
Dragoni, Nicola
State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things
title State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things
title_full State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things
title_fullStr State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things
title_full_unstemmed State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things
title_short State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things
title_sort state-of-the-art software-based remote attestation: opportunities and open issues for internet of things
topic Review
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7956325/
https://www.ncbi.nlm.nih.gov/pubmed/33668796
http://dx.doi.org/10.3390/s21051598
work_keys_str_mv AT ankergardsigurdfrejjoeljørgensen stateoftheartsoftwarebasedremoteattestationopportunitiesandopenissuesforinternetofthings
AT dushkuedlira stateoftheartsoftwarebasedremoteattestationopportunitiesandopenissuesforinternetofthings
AT dragoninicola stateoftheartsoftwarebasedremoteattestationopportunitiesandopenissuesforinternetofthings