Abstract
Remote attestation is the process of verifying internal state of a remote embedded device. It is an important component of many security protocols and applications. Although previously proposed remote attestation techniques assisted by specialized secure hardware are effective, they not yet viable for low-cost embedded devices. One notable alternative is software-based attestation, that is both less costly and more efficient. However, recent results identified weaknesses in some proposed software-based methods, thus showing that security of remote software attestation remains a challenge.
Inspired by these developments, this paper explores an approach that relies neither on secure hardware nor on tight timing constraints typical of software-based technqiques. By taking advantage of the bounded memory/storage model of low-cost embedded devices and assuming a small amount of read-only memory (ROM), our approach involves a new primitive – Proofs of Secure Erasure (PoSE-s). We also show that, even though it is effective and provably secure, PoSE-based attestation is not cheap. However, it is particularly well-suited and practical for two other related tasks: secure code update and secure memory/storage erasure. We consider several flavors of PoSE-based protocols and demonstrate their feasibility in the context of existing commodity embedded devices.
Chapter PDF
References
Anderson, R., Kuhn, M.: Tamper resistance - a cautionary note. In: Proceedings of the Second USENIX Workshop on Electronic Commerce (1996)
Arbaugh, W.A., Farber, D.J., Smith, J.M.: A secure and reliable bootstrap architecture. In: SP 1997: Proceedings of the 1997 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 65. IEEE Computer Society, Los Alamitos (1997)
Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 598–609. ACM, New York (2007)
Ateniese, G., Di Pietro, R., Mancini, L.V., Tsudik, G.: Scalable and efficient provable data possession. In: SecureComm 2008: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, pp. 1–10. ACM, New York (2008)
Atmel Corporation. Atmega128 datasheet, http://www.atmel.com/atmel/acrobat/doc2467.pdf
Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)
Bellare, M., Kilian, J., Rogaway, P.: The security of cipher block chaining. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994)
Cachin, C., Maurer, U.: Unconditional security against memory-bounded adversaries. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 292–306. Springer, Heidelberg (1997)
Castelluccia, C., Francillon, A., Perito, D., Soriente, C.: On the difficulty of software-based attestation of embedded devices. In: CCS 2009: Proceedings of 16th ACM Conference on Computer and Communications Security (November 2009)
Choi, Y.-G., Kang, J., Nyang, D.: Proactive code verification protocol in wireless sensor network. In: Gervasi, O., Gavrilova, M.L. (eds.) ICCSA 2007, Part II. LNCS, vol. 4706, pp. 1085–1096. Springer, Heidelberg (2007)
Crossbow Technology Inc. Micaz datasheet, http://www.xbow.com/Products/Product_pdf_files/Wireless_pdf/MICAz_Datasheet.pdf
England, P., Lampson, B., Manferdelli, J., Peinado, M., Willman, B.: A trusted open platform. IEEE Computer 36(7) (2003)
Flammini, F., Gaglione, A., Mazzocca, N., Moscato, V., Pragliola, C.: Wireless sensor data fusion for critical infrastructure security. In: CISIS 2008: Proceedings of the International Workshop on Computational Intelligence in Security for Information Systems (October 2008)
Francillon, A., Castelluccia, C.: Code injection attacks on Harvard-architecture devices. In: Ning, P., Syverson, P.F., Jha, S. (eds.) CCS 2008: Proceedings of the 15th ACM Conference on Computer and Communications Security. ACM, New York (2008)
Goodspeed, T.: Exploiting wireless sensor networks over 802.15.4. In: Texas Instruments Developper Conference (2008)
Gratzer, V., Naccache, D.: Alien vs. quine. IEEE Security and Privacy 5, 26–31 (2007)
Hu, W., Corke, P., Shih, W.C., Overs, L.: secfleck: A public key technology platform for wireless sensor networks. In: Roedig, U., Sreenan, C.J. (eds.) EWSN 2009. LNCS, vol. 5432. Springer, Heidelberg (2009)
Jakobsson, M., Johansson, K.-A.: Assured detection of malware with applications to mobile platforms. Tech. rep., DIMACS (February 2010), http://dimacs.rutgers.edu/TechnicalReports/TechReports/2010/2010-03.pdf
Juels, A., Kaliski Jr., B.S.: Pors: proofs of retrievability for large files. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 584–597. ACM Press, New York (2007)
Kennell, R., Jamieson, L.H.: Establishing the genuinity of remote computer systems. In: SSYM 2003: Proceedings of the 12th conference on USENIX Security Symposium, pp. 21–21. USENIX Association, Berkeley (2003)
Kil, C., Sezer, E.C., Azab, A.M., Ning, P., Zhang, X.: Remote attestation to dynamic system properties: Towards providing complete system integrity evidence. In: DSN 2009: Proceedings of the 39th IEEE/IFIP Conference on Dependable Systems and Networks (June 2009)
Martinovic, I., Pichota, P., Schmitt, J.B.: Jamming for good: a fresh approach to authentic communication in wsns. In: WiSec 2009: Proceedings of the Second ACM Conference on Wireless Network Security, pp. 161–168. ACM, New York (2009)
Park, T., Shin, K.G.: Soft tamper-proofing via program integrity verification in wireless sensor networks. IEEE Trans. Mob. Comput. 4(3) (2005)
Roman, R., Alcaraz, C., Lopez, J.: The role of wireless sensor networks in the area of critical information infrastructure protection. Inf. Secur. Tech. Rep. 12(1), 24–31 (2007)
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: SSYM 2004: Proceedings of the 13th Conference on USENIX Security Symposium, pp. 16–16. USENIX Association, Berkeley (2004)
Seshadri, A., Luk, M., Perrig, A.: SAKE: Software attestation for key establishment in sensor networks. In: Nikoletseas, S.E., Chlebus, B.S., Johnson, D.B., Krishnamachari, B. (eds.) DCOSS 2008. LNCS, vol. 5067, pp. 372–385. Springer, Heidelberg (2008)
Seshadri, A., Luk, M., Perrig, A., van Doorn, L., Khosla, P.: SCUBA: Secure code update by attestation in sensor networks. In: WiSe 2006: Proceedings of the 5th ACM Workshop on Wireless Security, ACM Press, New York (2006)
Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. In: SOSP ’05: Proceedings of the Twentieth ACM Symposium on Operating Systems Principles. ACM, New York (2005)
Seshadri, A., Perrig, A., van Doorn, L., Khosla, P.K.: SWATT: SoftWare-based ATTestation for embedded devices. In: IEEE Symposium on Security and Privacy. IEEE Computer Society, Los Alamitos (2004)
Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security. ACM, New York (2007)
Shaneck, M., Mahadevan, K., Kher, V., Kim, Y.: Remote software-based attestation for wireless sensors. In: Molva, R., Tsudik, G., Westhoff, D. (eds.) ESAS 2005. LNCS, vol. 3813, pp. 27–41. Springer, Heidelberg (2005)
Shankar, U., Chew, M., Tygar, J.D.: Side effects are not sufficient to authenticate software. In: Proceedings of the 13th USENIX Security Symposium (August 2004)
Stevens, M., Lenstra, A., Weger, B.: Chosen-prefix collisions for md5 and colliding x.509 certificates for different identities. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 1–22. Springer, Heidelberg (2007)
Trusted Computing Group. Specifications
Yang, Y., Wang, X., Zhu, S., Cao, G.: Distributed software-based attestation for node compromise detection in sensor networks. In: SRDS. IEEE Computer Society, Los Alamitos (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Perito, D., Tsudik, G. (2010). Secure Code Update for Embedded Devices via Proofs of Secure Erasure. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds) Computer Security – ESORICS 2010. ESORICS 2010. Lecture Notes in Computer Science, vol 6345. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15497-3_39
Download citation
DOI: https://doi.org/10.1007/978-3-642-15497-3_39
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15496-6
Online ISBN: 978-3-642-15497-3
eBook Packages: Computer ScienceComputer Science (R0)