Abstract
Remote code attestation protocols are an essential building block to offer a reasonable system security for wireless embedded devices. In the work at hand we investigate in detail the trustability of a purely software-based remote code attestation based inference mechanism over the wireless when e.g. running the prominent protocol derivate SoftWare-based ATTestation for Embedded Devices (SWATT). Besides the disclosure of pitfalls of such a protocol class we also point out good parameter choices which allow at least a meaningful plausibility check with a balanced false positive and false negative ratio.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Innovations for High Performance Microelectronics.
References
Armknecht, F., Sadeghi, A.-R., Schulz, S., Wachsmann, C.: A security framework for the analysis, design of software attestation. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pp. 1–12. ACM (2013)
Castelluccia, C., Francillon, A., Perito, D., Soriente, C.: On the difficulty of software-based attestation of embedded devices. In: Proceedings of the 16th ACM conference on Computer and communications security, pp. 400–409. ACM (2009)
Che, W., Plusquellic, J., Bhunia, S.: A non-volatile memory based physically unclonable function without helper data. In: 2014 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 148–153. IEEE (2014)
Elson, J., Girod, L., Estrin, D.: Fine-grained network time synchronization using reference broadcasts. ACM SIGOPS Operating Syst. Rev. 36(SI), 147–163 (2002)
TCG Mobile Phone Working Group et al.: TCG mobile trusted module specification. In: Trusted Computing Group (2010)
Kinney, S.L.: Trusted Platform Module Basics: Using TPM in Embedded Systems. Newnes, Newton (2006)
Kovah, X., Kallenberg, C., Weathers, C., Herzog, A., Albin, M., Butterworth, J.: New results for timing-based attestation. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 239–253. IEEE (2012)
Schulz, S., Wachsmann, C., Sadeghis, A.R.: Lightweight Remote Attestation using Physical Functions, Technische Universitat Darmstadt. Darmstadt. Tech. rep., Germany, Technical report (2011)
Seshadri, A., Perrig, A., Van Doorn, L., Khosla, P.: Swatt: software-based attestation for embedded devices. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy, pp. 272–282. IEEE (2004)
Stecklina, O., Kornemann, S., Grehl, F., Jung, R., Kranz, T., Leander, G., Schweer, D., Mollus, K., Westhoff, D.: Custom-fit security for efficient, pollution-resistant multicast OTA-programming with fountain codes. In: 2015 15th International Conference on Innovations for Community Services (I4CS), pp. 1–8. IEEE (2015)
Stecklina, O., Langendörfer, P., Vater, F., Kranz, T., Leander, G.: Intrinsic code attestation by instruction chaining for embedded devices. In: Thuraisingham, B., Wang, X.F., Yegneswaran, V. (eds.) Security and Privacy in Communication Networks. LNICSSITE, vol. 164, pp. 97–115. Springer, Heidelberg (2015)
Vetter, B., Westhoff, D.: Simulation study on code attestation with compressed instruction code. In: 2012 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 296–301. IEEE (2012)
Acknowledgments
The work presented in this paper was supported by the Federal Ministry of Education and Research (BMBF) within the project UNIKOPS - Universell konfigurierbare Sicherheitslösung für Cyber-Physikalische Systeme. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the UNIKOPS project or the BMBF.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Zeiser, M., Westhoff, D. (2016). Re-visited: On the Value of Purely Software-Based Code Attestation for Embedded Devices. In: Fahrnberger, G., Eichler, G., Erfurth, C. (eds) Innovations for Community Services. I4CS 2016. Communications in Computer and Information Science, vol 648. Springer, Cham. https://doi.org/10.1007/978-3-319-49466-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-49466-1_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49465-4
Online ISBN: 978-3-319-49466-1
eBook Packages: Computer ScienceComputer Science (R0)