Skip to main content

Strategic Remote Attestation: Testbed for Internet-of-Things Devices and Stackelberg Security Game for Optimal Strategies

Part of the Lecture Notes in Computer Science book series (LNSC,volume 13061)

Abstract

Internet of Things (IoT) devices and applications can have significant vulnerabilities, which may be exploited by adversaries to cause considerable harm. An important approach for mitigating this threat is remote attestation, which enables the defender to remotely verify the integrity of devices and their software. There are a number of approaches for remote attestation, and each has its unique advantages and disadvantages in terms of detection accuracy and computational cost. Further, an attestation method may be applied in multiple ways, such as various levels of software coverage. Therefore, to minimize both security risks and computational overhead, defenders need to decide strategically which attestation methods to apply and how to apply them, depending on the characteristic of the devices and the potential losses.

To answer these questions, we first develop a testbed for remote attestation of IoT devices, which enables us to measure the detection accuracy and performance overhead of various attestation methods. Our testbed integrates two example IoT applications, memory-checksum based attestation, and a variety of software vulnerabilities that allow adversaries to inject arbitrary code into running applications. Second, we model the problem of finding an optimal strategy for applying remote attestation as a Stackelberg security game between a defender and an adversary. We characterize the defender’s optimal attestation strategy in a variety of special cases. Finally, building on experimental results from our testbed, we evaluate our model and show that optimal strategic attestation can lead to significantly lower losses than naïve baseline strategies.

Keywords

  • Remote attestation
  • Stackelberg security game
  • Internet of Things
  • Security testbed
  • Software security

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-90370-1_15
  • Chapter length: 20 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   59.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-90370-1
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   79.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.

Notes

  1. 1.

    https://github.com/NamedP1ayer/IrrigationServer.

  2. 2.

    https://github.com/renair/smarthome.

References

  1. Abera, T., et al.: Things, trouble, trust: on building trust in IoT systems. In: Proceedings of the 53rd Annual Design Automation Conference, pp. 1–6 (2016)

    Google Scholar 

  2. Adjih, C., et al.: FIT IoT-LAB: a large scale open experimental IoT testbed. In: 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT), pp. 459–464. IEEE (2015)

    Google Scholar 

  3. Arseni, Ş.C., Miţoi, M., Vulpe, A.: Pass-IoT: a platform for studying security, privacy and trust in IoT. In: 2016 International Conference on Communications (COMM), pp. 261–266. IEEE (2016)

    Google Scholar 

  4. Belli, L., et al.: Design and deployment of an IoT application-oriented testbed. Computer 48(9), 32–40 (2015)

    CrossRef  Google Scholar 

  5. Bucarey, V., Casorrán, C., Figueroa, Ó., Rosas, K., Navarrete, H., Ordóñez, F.: Building real Stackelberg security games for border patrols. In: Rass, S., An, B., Kiekintveld, C., Fang, F., Schauer, S. (eds.) GameSec 2017. LNCS, vol. 10575, pp. 193–212. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68711-7_11

    CrossRef  Google Scholar 

  6. Chen, L., Wang, Z., Li, F., Guo, Y., Geng, K.: A stackelberg security game for adversarial outbreak detection in the internet of things. Sensors 20(3), 804 (2020)

    CrossRef  Google Scholar 

  7. Gan, J., Elkind, E., Wooldridge, M.: Stackelberg security games with multiple uncoordinated defenders. In: Proceedings of the 17th International Conference on Autonomous Agents and MultiAgent Systems, pp. 703–711 (2018)

    Google Scholar 

  8. Geden, M., Rasmussen, K.: Hardware-assisted remote runtime attestation for critical embedded systems. In: 2019 17th International Conference on Privacy, Security and Trust (PST), pp. 1–10. IEEE (2019)

    Google Scholar 

  9. Kiyomoto, S., Miyake, Y.: Lightweight attestation scheme for wireless sensor network. Int. J. Secur. Appl. 8(2), 25–40 (2014)

    Google Scholar 

  10. Nunes, I.D.O., Eldefrawy, K., Rattanavipanon, N., Steiner, M., Tsudik, G.: VRASED: a verified hardware/software co-design for remote attestation. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 1429–1446 (2019)

    Google Scholar 

  11. Parikh, V., Mateti, P.: ASLR and ROP attack mitigations for arm-based android devices. In: Thampi, S.M., Martínez Pérez, G., Westphall, C.B., Hu, J., Fan, C.I., Gómez Mármol, F. (eds.) SSCC 2017. CCIS, vol. 746, pp. 350–363. Springer, Singapore (2017). https://doi.org/10.1007/978-981-10-6898-0_29

    CrossRef  Google Scholar 

  12. Roy, S., Kadir, S.U., Vorobeychik, Y., Laszka, A.: Strategic remote attestation: testbed for Internet-of-Things devices and Stackelberg security game for optimal strategies. arXiv preprint arXiv:2109.07724 (2021)

  13. Seshadri, A., Luk, M., Shi, E., Perrig, A., Van Doorn, L., Khosla, P.: Pioneer: verifying integrity and guaranteeing execution of code on legacy platforms. In: Proceedings of ACM Symposium on Operating Systems Principles (SOSP), vol. 173, pp. 10–1145 (2005)

    Google Scholar 

  14. Seshadri, A., Perrig, A., Van Doorn, L., Khosla, P.: SWATT: software-based attestation for embedded devices. In: 2004 Proceedings of IEEE Symposium on Security and Privacy, pp. 272–282. IEEE (2004)

    Google Scholar 

  15. Siboni, S., et al.: Security testbed for internet-of-things devices. IEEE Trans. Reliab. 68(1), 23–44 (2019)

    CrossRef  Google Scholar 

  16. Sinha, A., Fang, F., An, B., Kiekintveld, C., Tambe, M.: Stackelberg security games: looking beyond a decade of success. In: Proceedings of the 27th International Joint Conference on Artificial Intelligence. IJCAI (2018)

    Google Scholar 

  17. Steiner, R.V., Lupu, E.: Attestation in wireless sensor networks: a survey. ACM Comput. Surv. (CSUR) 49(3), 1–31 (2016)

    CrossRef  Google Scholar 

  18. Tekeoglu, A., Tosun, A.Ş.: A testbed for security and privacy analysis of IoT devices. In: 2016 IEEE 13th International Conference on Mobile Ad Hoc and Sensor Systems (MASS), pp. 343–348. IEEE (2016)

    Google Scholar 

  19. Trejo, K.K., Clempner, J.B., Poznyak, A.S.: Adapting strategies to dynamic environments in controllable Stackelberg security games. In: 2016 IEEE 55th Conference on Decision and Control (CDC), pp. 5484–5489. IEEE (2016)

    Google Scholar 

  20. Wahab, O.A., Bentahar, J., Otrok, H., Mourad, A.: Resource-aware detection and defense system against multi-type attacks in the cloud: repeated Bayesian stackelberg game. IEEE Trans. Dependable Secure Comput. 18(2), 605–622 (2019)

    CrossRef  Google Scholar 

  21. Xu, B., et al.: A security design for the detecting of buffer overflow attacks in IoT device. IEEE Access 6, 72862–72869 (2018)

    CrossRef  Google Scholar 

  22. Yang, X., et al.: Towards a low-cost remote memory attestation for the smart grid. Sensors 15(8), 20799–20824 (2015)

    CrossRef  Google Scholar 

  23. Yang, Y., Wang, X., Zhu, S., Cao, G.: Distributed software-based attestation for node compromise detection in sensor networks. In: 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007), pp. 219–230. IEEE (2007)

    Google Scholar 

  24. Yin, Z., Korzhyk, D., Kiekintveld, C., Conitzer, V., Tambe, M.: Stackelberg vs. nash in security games: interchangeability, equivalence, and uniqueness. In: Proceedings of the 9th International Conference on Autonomous Agents and Multiagent Systems, vol. 1, pp. 1139–1146 (2010)

    Google Scholar 

Download references

Acknowledgments

This material is based upon work supported by the National Science Foundation under Grant No. CNS-1850510, IIS-1905558, and ECCS-2020289 and by the Army Research Office under Grant No. W911NF1910241 and W911NF1810208.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Shanto Roy .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Roy, S., Kadir, S.U., Vorobeychik, Y., Laszka, A. (2021). Strategic Remote Attestation: Testbed for Internet-of-Things Devices and Stackelberg Security Game for Optimal Strategies. In: Bošanský, B., Gonzalez, C., Rass, S., Sinha, A. (eds) Decision and Game Theory for Security. GameSec 2021. Lecture Notes in Computer Science(), vol 13061. Springer, Cham. https://doi.org/10.1007/978-3-030-90370-1_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-90370-1_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-90369-5

  • Online ISBN: 978-3-030-90370-1

  • eBook Packages: Computer ScienceComputer Science (R0)