Cargando…
Memory Offloading for Remote Attestation of Multi-Service IoT Devices †
Remote attestation (RA) is an effective malware detection mechanism that allows a trusted entity (Verifier) to detect a potentially compromised remote device (Prover). The recent research works are proposing advanced Control-Flow Attestation (CFA) protocols that are able to trace the Prover’s execut...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2022
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9229323/ https://www.ncbi.nlm.nih.gov/pubmed/35746119 http://dx.doi.org/10.3390/s22124340 |
| _version_ | 1784734715934146560 |
|---|---|
| author | Dushku, Edlira Østergaard, Jeppe Hagelskjær Dragoni, Nicola |
| author_facet | Dushku, Edlira Østergaard, Jeppe Hagelskjær Dragoni, Nicola |
| author_sort | Dushku, Edlira |
| collection | PubMed |
| description | Remote attestation (RA) is an effective malware detection mechanism that allows a trusted entity (Verifier) to detect a potentially compromised remote device (Prover). The recent research works are proposing advanced Control-Flow Attestation (CFA) protocols that are able to trace the Prover’s execution flow to detect runtime attacks. Nevertheless, several memory regions remain unattested, leaving the Prover vulnerable to data memory and mobile adversaries. Multi-service devices, whose integrity is also dependent on the integrity of any attached external peripheral devices, are particularly vulnerable to such attacks. This paper extends the state-of-the-art RA schemes by presenting ERAMO, a protocol that attests larger memory regions by adopting the memory offloading approach. We validate and evaluate ERAMO with a hardware proof-of-concept implementation using a TrustZone-capable LPC55S69 running two sensor nodes. We enhance the protocol by providing extensive memory analysis insights for multi-service devices, demonstrating that it is possible to analyze and attest the memory of the attached peripherals. Experiments confirm the feasibility and effectiveness of ERAMO in attesting dynamic memory regions. |
| format | Online Article Text |
| id | pubmed-9229323 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2022 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-92293232022-06-25 Memory Offloading for Remote Attestation of Multi-Service IoT Devices † Dushku, Edlira Østergaard, Jeppe Hagelskjær Dragoni, Nicola Sensors (Basel) Article Remote attestation (RA) is an effective malware detection mechanism that allows a trusted entity (Verifier) to detect a potentially compromised remote device (Prover). The recent research works are proposing advanced Control-Flow Attestation (CFA) protocols that are able to trace the Prover’s execution flow to detect runtime attacks. Nevertheless, several memory regions remain unattested, leaving the Prover vulnerable to data memory and mobile adversaries. Multi-service devices, whose integrity is also dependent on the integrity of any attached external peripheral devices, are particularly vulnerable to such attacks. This paper extends the state-of-the-art RA schemes by presenting ERAMO, a protocol that attests larger memory regions by adopting the memory offloading approach. We validate and evaluate ERAMO with a hardware proof-of-concept implementation using a TrustZone-capable LPC55S69 running two sensor nodes. We enhance the protocol by providing extensive memory analysis insights for multi-service devices, demonstrating that it is possible to analyze and attest the memory of the attached peripherals. Experiments confirm the feasibility and effectiveness of ERAMO in attesting dynamic memory regions. MDPI 2022-06-08 /pmc/articles/PMC9229323/ /pubmed/35746119 http://dx.doi.org/10.3390/s22124340 Text en © 2022 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Dushku, Edlira Østergaard, Jeppe Hagelskjær Dragoni, Nicola Memory Offloading for Remote Attestation of Multi-Service IoT Devices † |
| title | Memory Offloading for Remote Attestation of Multi-Service IoT Devices † |
| title_full | Memory Offloading for Remote Attestation of Multi-Service IoT Devices † |
| title_fullStr | Memory Offloading for Remote Attestation of Multi-Service IoT Devices † |
| title_full_unstemmed | Memory Offloading for Remote Attestation of Multi-Service IoT Devices † |
| title_short | Memory Offloading for Remote Attestation of Multi-Service IoT Devices † |
| title_sort | memory offloading for remote attestation of multi-service iot devices † |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9229323/ https://www.ncbi.nlm.nih.gov/pubmed/35746119 http://dx.doi.org/10.3390/s22124340 |
| work_keys_str_mv | AT dushkuedlira memoryoffloadingforremoteattestationofmultiserviceiotdevices AT østergaardjeppehagelskjær memoryoffloadingforremoteattestationofmultiserviceiotdevices AT dragoninicola memoryoffloadingforremoteattestationofmultiserviceiotdevices |