Skip to main content
SpringerLink
Log in

Trust in IoT: dynamic remote attestation through efficient behavior capture

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

The Internet of Things (IoT) is a latest concept of machine-to-machine communication, that also gave birth to several information security problems. Many traditional software solutions fail to address these security issues such as trustworthiness of remote entities. Remote attestation is a technique given by  Trusted Computing Group (TCG) to monitor and verify this trustworthiness. In this regard, various remote validation methods have been proposed. However, static techniques cannot provide resistance to recent attacks e.g. the latest Heartbleed bug, and the recent high profile glibc attack on Linux operating system. In this research, we have designed and implemented a lightweight Linux kernel security module for IoT devices that is  scalable enough to monitor multiple applications in the kernel space. The newly built technique can measure and report multiple application’s static and dynamic behavior simultaneously. Verification of behavior of applications is performed via machine learning techniques. The result shows that deviating behavior can be detected successfully by the verifier.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Internet of Things. http://www.gartner.com/newsroom/id/3165317

  2. Embedded linux keeps growing. https://www.linux.com/news/embedded-linux-keeps-growing-amid-iot-disruption-says-study (2016). Accessed 08 April 2016

  3. Zhao, B., Zhang, H., Guo, H., Qi, Y.: White list security management mechanism based on trusted computing technology. System 1, 6 (2015)

    Google Scholar 

  4. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: SSYM’04: Proceedings of the 13th Conference on USENIX Security Symposium (2004)

  5. Li, X., Xuan, Z., Wen, L.: Research on the architecture of trusted security system based on the internet of things. In: Intelligent Computation Technology and Automation (ICICTA), 2011 International Conference on, vol. 2, pp. 1172–1175 (2011). doi:10.1109/ICICTA.2011.578

  6. Tcg. trusted computing group, http://www.trustedcomputinggroup.org/

  7. Coker, G., Guttman, J., Loscocco, P., Herzog, A., Millen, J., O’Hanlon, B., Ramsdell, J., Segall, A., Sheehy, J., Sniffen, B.: Principles of remote attestation. Int J Inf Secur 10(2), 63–81 (2011). doi:10.1007/s10207-011-0124-7

    Article  Google Scholar 

  8. Sailer, R., Zhang, X., Jaeger, T., Van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. InUSENIX Security Symposium, vol. 13, pp. 223–238.(2004)

  9. Gu, L., Ding, X., Deng, R.H., Xie, B., Mei, H.: Remote attestation on program execution. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, STC ’08, pp. 11–20. ACM, New York (2008). doi:10.1145/1456455.1456458

  10. Kil, C., Sezer, E.C., Azab, A.M., Ning, P., Zhang, X.: Remote attestation to dynamic system properties: Towards providing complete system integrity evidence. In: Dependable Systems & Networks, 2009. DSN’09. IEEE/IFIP International Conference on, pp. 115–124. IEEE (2009)

  11. Trusting Computing Group. http://www.trustedcomputinggroup.org/ (2014). Accessed 17 Dec 2015

  12. Glibc. http://www.infosecurity-magazine.com/news/glibc-flaw-affects-linux-machines (2016). Accessed 05 April 2016

  13. Durumeric, Z., Kasten, J., Adrian, D., Halderman, J.A., Bailey, M., Li, F., Weaver, N., Amann, J., Beekman, J., Payer, M., et al.: The matter of heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 475–488. ACM (2014)

  14. Loscocco, P.A., Wilson, P.W., Pendergrass, J.A., McDonell, C.D.: Linux kernel integrity measurement using contextual inspection. In: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, STC ’07, pp. 21–29. ACM, New York (2007). doi:10.1145/1314354.1314362

  15. Liang, G., Ding, X., Deng, R.H., Xie, B., Mei, H.: Remote attestation on function execution (2009)

  16. Tanveer, T.A., Alam, M., Nauman, M.: Scalable remote attestation with privacy protection. In: Trusted Systems, pp. 73–87. Springer, Heidelberg (2010)

  17. Ismail, R., Syed, T.A., Musa, S.: Design and implementation of an efficient framework for behaviour attestation using n-call slides. In: Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication, p. 36. ACM (2014)

  18. Uppuluri, P., Sekar, R.: Experiences with specification-based intrusion detection. In: Recent Advances in Intrusion Detection, pp. 172–189. Springer, Heidelberg (2001)

  19. Ni, L., Zheng, H.Y.: An unsupervised intrusion detection method combined clustering with chaos simulated annealing. In: Machine Learning and Cybernetics, 2007 International Conference on, vol. 6, pp. 3217–3222. IEEE (2007)

  20. Gong, Y., Mabu, S., Chen, C., Wang, Y., Hirasawa, K.: Intrusion detection system combining misuse detection and anomaly detection using genetic network programming. In: ICCAS-SICE, 2009, pp. 3463–3467. IEEE (2009)

  21. Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguousand discontiguous system call patterns. IEEE Trans Computers 63(4), 807–819 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  22. Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: Capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conference on Computer and communications security, pp. 116–127. ACM (2007)

  23. Canali, D., Lanzi, A., Balzarotti, D., Kruegel, C., Christodorescu, M., Kirda, E.: A quantitative study of accuracy in system call-based malware detection. In: Proceedings of the 2012 International Symposium on Software Testing and Analysis, pp. 122–132. ACM (2012)

  24. Ali, T., Alam, M., Nauman, M., Ali, T., Ali, M., Anwar, S.: A scalable and privacy preserving remote attestation mechanism. Inf-An Int Interdiscipl J 14(4), 1193–1203 (2011)

    Google Scholar 

  25. Ismail, R., Syed, T.A., Musa, S.: Design and implementation of an efficient framework for behaviour attestation using n-call slides. In: Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication, ICUIMC ’14, pp. 36:1–36:8. ACM, New York (2014). doi:10.1145/2557977.2558002

  26. Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The weka data mining software: an update. SIGKDD Explor. Newsl. 11(1), 10–18 (2009). doi:10.1145/1656274.1656278

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer and Information System, Islamic University of Al Madinah Al Munawwara, Medina, Saudi Arabia

    Toqeer Ali

  2. Max Plank Institute for Software Systems, Kaiserslautern, Germany

    Muhammad Nauman

  3. Universiti Kuala Lumpur, Kuala Lumpur, Malaysia

    Salman Jan

Authors
  1. Toqeer Ali
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Nauman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Salman Jan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Toqeer Ali.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ali, T., Nauman, M. & Jan, S. Trust in IoT: dynamic remote attestation through efficient behavior capture. Cluster Comput 21, 409–421 (2018). https://doi.org/10.1007/s10586-017-0877-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-017-0877-5

Keywords

Search

Navigation