Secure Code Update for Embedded Devices via Proofs of Secure Erasure

  • Daniele Perito
  • Gene Tsudik
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6345)


Remote attestation is the process of verifying internal state of a remote embedded device. It is an important component of many security protocols and applications. Although previously proposed remote attestation techniques assisted by specialized secure hardware are effective, they not yet viable for low-cost embedded devices. One notable alternative is software-based attestation, that is both less costly and more efficient. However, recent results identified weaknesses in some proposed software-based methods, thus showing that security of remote software attestation remains a challenge.

Inspired by these developments, this paper explores an approach that relies neither on secure hardware nor on tight timing constraints typical of software-based technqiques. By taking advantage of the bounded memory/storage model of low-cost embedded devices and assuming a small amount of read-only memory (ROM), our approach involves a new primitive – Proofs of Secure Erasure (PoSE-s). We also show that, even though it is effective and provably secure, PoSE-based attestation is not cheap. However, it is particularly well-suited and practical for two other related tasks: secure code update and secure memory/storage erasure. We consider several flavors of PoSE-based protocols and demonstrate their feasibility in the context of existing commodity embedded devices.


Wireless Sensor Network Trust Platform Module Malicious Code Embed Device Honest Party 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R., Kuhn, M.: Tamper resistance - a cautionary note. In: Proceedings of the Second USENIX Workshop on Electronic Commerce (1996)Google Scholar
  2. 2.
    Arbaugh, W.A., Farber, D.J., Smith, J.M.: A secure and reliable bootstrap architecture. In: SP 1997: Proceedings of the 1997 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 65. IEEE Computer Society, Los Alamitos (1997)Google Scholar
  3. 3.
    Ateniese, G., Burns, R., Curtmola, R., Herring, J., Kissner, L., Peterson, Z., Song, D.: Provable data possession at untrusted stores. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 598–609. ACM, New York (2007)CrossRefGoogle Scholar
  4. 4.
    Ateniese, G., Di Pietro, R., Mancini, L.V., Tsudik, G.: Scalable and efficient provable data possession. In: SecureComm 2008: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, pp. 1–10. ACM, New York (2008)CrossRefGoogle Scholar
  5. 5.
    Atmel Corporation. Atmega128 datasheet,
  6. 6.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  7. 7.
    Bellare, M., Kilian, J., Rogaway, P.: The security of cipher block chaining. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994)Google Scholar
  8. 8.
    Cachin, C., Maurer, U.: Unconditional security against memory-bounded adversaries. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 292–306. Springer, Heidelberg (1997)Google Scholar
  9. 9.
    Castelluccia, C., Francillon, A., Perito, D., Soriente, C.: On the difficulty of software-based attestation of embedded devices. In: CCS 2009: Proceedings of 16th ACM Conference on Computer and Communications Security (November 2009)Google Scholar
  10. 10.
    Choi, Y.-G., Kang, J., Nyang, D.: Proactive code verification protocol in wireless sensor network. In: Gervasi, O., Gavrilova, M.L. (eds.) ICCSA 2007, Part II. LNCS, vol. 4706, pp. 1085–1096. Springer, Heidelberg (2007)Google Scholar
  11. 11.
  12. 12.
    England, P., Lampson, B., Manferdelli, J., Peinado, M., Willman, B.: A trusted open platform. IEEE Computer 36(7) (2003)Google Scholar
  13. 13.
    Flammini, F., Gaglione, A., Mazzocca, N., Moscato, V., Pragliola, C.: Wireless sensor data fusion for critical infrastructure security. In: CISIS 2008: Proceedings of the International Workshop on Computational Intelligence in Security for Information Systems (October 2008)Google Scholar
  14. 14.
    Francillon, A., Castelluccia, C.: Code injection attacks on Harvard-architecture devices. In: Ning, P., Syverson, P.F., Jha, S. (eds.) CCS 2008: Proceedings of the 15th ACM Conference on Computer and Communications Security. ACM, New York (2008)Google Scholar
  15. 15.
    Goodspeed, T.: Exploiting wireless sensor networks over 802.15.4. In: Texas Instruments Developper Conference (2008)Google Scholar
  16. 16.
    Gratzer, V., Naccache, D.: Alien vs. quine. IEEE Security and Privacy 5, 26–31 (2007)CrossRefGoogle Scholar
  17. 17.
    Hu, W., Corke, P., Shih, W.C., Overs, L.: secfleck: A public key technology platform for wireless sensor networks. In: Roedig, U., Sreenan, C.J. (eds.) EWSN 2009. LNCS, vol. 5432. Springer, Heidelberg (2009)Google Scholar
  18. 18.
    Jakobsson, M., Johansson, K.-A.: Assured detection of malware with applications to mobile platforms. Tech. rep., DIMACS (February 2010),
  19. 19.
    Juels, A., Kaliski Jr., B.S.: Pors: proofs of retrievability for large files. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 584–597. ACM Press, New York (2007)CrossRefGoogle Scholar
  20. 20.
    Kennell, R., Jamieson, L.H.: Establishing the genuinity of remote computer systems. In: SSYM 2003: Proceedings of the 12th conference on USENIX Security Symposium, pp. 21–21. USENIX Association, Berkeley (2003)Google Scholar
  21. 21.
    Kil, C., Sezer, E.C., Azab, A.M., Ning, P., Zhang, X.: Remote attestation to dynamic system properties: Towards providing complete system integrity evidence. In: DSN 2009: Proceedings of the 39th IEEE/IFIP Conference on Dependable Systems and Networks (June 2009)Google Scholar
  22. 22.
    Martinovic, I., Pichota, P., Schmitt, J.B.: Jamming for good: a fresh approach to authentic communication in wsns. In: WiSec 2009: Proceedings of the Second ACM Conference on Wireless Network Security, pp. 161–168. ACM, New York (2009)CrossRefGoogle Scholar
  23. 23.
    Park, T., Shin, K.G.: Soft tamper-proofing via program integrity verification in wireless sensor networks. IEEE Trans. Mob. Comput. 4(3) (2005)Google Scholar
  24. 24.
    Roman, R., Alcaraz, C., Lopez, J.: The role of wireless sensor networks in the area of critical information infrastructure protection. Inf. Secur. Tech. Rep. 12(1), 24–31 (2007)CrossRefGoogle Scholar
  25. 25.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: SSYM 2004: Proceedings of the 13th Conference on USENIX Security Symposium, pp. 16–16. USENIX Association, Berkeley (2004)Google Scholar
  26. 26.
    Seshadri, A., Luk, M., Perrig, A.: SAKE: Software attestation for key establishment in sensor networks. In: Nikoletseas, S.E., Chlebus, B.S., Johnson, D.B., Krishnamachari, B. (eds.) DCOSS 2008. LNCS, vol. 5067, pp. 372–385. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  27. 27.
    Seshadri, A., Luk, M., Perrig, A., van Doorn, L., Khosla, P.: SCUBA: Secure code update by attestation in sensor networks. In: WiSe 2006: Proceedings of the 5th ACM Workshop on Wireless Security, ACM Press, New York (2006)Google Scholar
  28. 28.
    Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. In: SOSP ’05: Proceedings of the Twentieth ACM Symposium on Operating Systems Principles. ACM, New York (2005)Google Scholar
  29. 29.
    Seshadri, A., Perrig, A., van Doorn, L., Khosla, P.K.: SWATT: SoftWare-based ATTestation for embedded devices. In: IEEE Symposium on Security and Privacy. IEEE Computer Society, Los Alamitos (2004)Google Scholar
  30. 30.
    Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security. ACM, New York (2007)Google Scholar
  31. 31.
    Shaneck, M., Mahadevan, K., Kher, V., Kim, Y.: Remote software-based attestation for wireless sensors. In: Molva, R., Tsudik, G., Westhoff, D. (eds.) ESAS 2005. LNCS, vol. 3813, pp. 27–41. Springer, Heidelberg (2005)Google Scholar
  32. 32.
    Shankar, U., Chew, M., Tygar, J.D.: Side effects are not sufficient to authenticate software. In: Proceedings of the 13th USENIX Security Symposium (August 2004)Google Scholar
  33. 33.
    Stevens, M., Lenstra, A., Weger, B.: Chosen-prefix collisions for md5 and colliding x.509 certificates for different identities. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 1–22. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  34. 34.
    Trusted Computing Group. SpecificationsGoogle Scholar
  35. 35.
    Yang, Y., Wang, X., Zhu, S., Cao, G.: Distributed software-based attestation for node compromise detection in sensor networks. In: SRDS. IEEE Computer Society, Los Alamitos (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Daniele Perito
    • 1
  • Gene Tsudik
    • 2
  1. 1.INRIA Rhône-AlpesFrance
  2. 2.University of CaliforniaIrvineUSA

Personalised recommendations