Design and Implementation of the Protocol for Secure Software-Based Remote Attestation in IoT Devices

  • M. Anto Ajisha Shriny
  • Chungath Srinivasan
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1118)


Attestation is an important security mechanism which is used to ensure the software integrity of IoT devices. Attestation can also be used as an intrusion detection system. Software-based attestation is one of the simplest and cheapest solutions to incorporate software integrity check within the cost and resource-constrained IoT devices. Challenge–response-based attestation algorithms are employed between the verifier (trusted software verification device) and the prover (device whose software integrity is to be verified) by exchanging the cryptographic hash fingerprint of the prover’s executable code. Any unauthorized modification to the executable code will almost certainly result in a change to the calculated SHA hash value thus, the integrity of the code is compromised. The protocol proposed in this paper is allegedly a secure way to implement software-based attestation in resource-constrained and simple application IoT devices.


Attestation Intrusion detection system Software-based attestation Fingerprint Prover Verifier 


  1. 1.
    Elaine, S., Adrian, P., Van Leendert, D.: Bind: a fine-grained attestation service for secure distributed systems. In: IEEE Symposium on Security and Privacy (S P’05), pp. 154–168. IEEE (2005)Google Scholar
  2. 2.
    Arvind, S., Mark, L., Elaine, S., Adrian, P., Van Leendert, D., Pradeep, K.K.: Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. Malware Detection, pp. 253–289. Springer (2007)Google Scholar
  3. 3.
    Asokan, N., Brasser, F., Ibrahim, A., Sadeghi, A.R., Schunter, M., Tsudik, G., Wachsmann, C.: SEDA: Scalable embedded device attestation. In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, pp. 964–975. ACM (2015)Google Scholar
  4. 4.
    Ambrosin, M., Conti, M., Ibrahim, A., Neven, G., Sadeghi, A.R., Chunter, S.M.: SANA: secure and scalable aggregate network attestation. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 731–742. ACM (2016)Google Scholar
  5. 5.
    Arvind, S., Adrian, P., Van Leendert, D., Pradeep, K.: SWATT: softWare-based ATTestation for embedded devices. In: IEEE Symposium on Security and Privacy, pp. 272–282. ACM (2004)Google Scholar
  6. 6.
    Mandayam, G.D.: Tiered attestation for internet-of-things (IoT) devices. In: 9th International Conference on Communication Systems and Networks (COMSNETS), pp. 480–483. IEEE (2017)Google Scholar
  7. 7.
    Carpent, X., Norrathep, R., Tsudik, G.: ERASMUS: efficient remote attestation via self-measurement for unattended settings. In: Design, Automation Test in Europe Conference Exhibition (DATE), pp. 1191–1194 (2018)Google Scholar
  8. 8.
    Conti, M., Dushku, E., Mancini, L.V.: RADIS: remote attestation of distributed IoT services. CoRR (2018)Google Scholar
  9. 9.
    Ahmed, N., Talib, M.A., Nasir, Q.: Program-flow attestation of IoT systems software. In: 15th Learning and Technology Conference (L T), pp. 67–73. IEEE (2018)Google Scholar
  10. 10.
    Karim, E., Norrathep, R., Tsudik, G.: HYDRA: HYbrid design for remote attestation. In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 99–110. ACM (2017)Google Scholar
  11. 11.
    Yang, X., He, X., Yu, W., Lin, J., Li, R., Yang, Q., Song, H.: Towards a low-cost remote memory attestation for the smart grid. Sensors, pp. 20799–20824. IEEE (2015)Google Scholar
  12. 12.
    Arvind, S., Mark, L., Adrian, P.: SAKE: software attestation for key establishment in sensor networks. In: Distributed Computing in Sensor Systems, pp. 372–385. Elsevier (2011)Google Scholar
  13. 13.
    Jayasri, K.S., Jevitha, K.P., Jayaraman, B.: Verification of OAuth 2.0 Using UPPAAL. Social Transformation–Digital Way, pp. 58–67. Springer (2018)Google Scholar
  14. 14.
    Poroor, J., Jayaraman, B.: Formal analysis of event-driven cyber physical systems. In: Proceedings of the First International Conference on Security of Internet of Things, pp. 1–8, ACM (2012)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  • M. Anto Ajisha Shriny
    • 1
  • Chungath Srinivasan
    • 1
  1. 1.TIFAC-CORE in Cyber SecurityAmrita School of Engineering, Amrita Vishwa VidyapeethamCoimbatoreIndia

Personalised recommendations