Distributed Attestation for Device Swarms in IoTs Under the Guidance - - PowerPoint PPT Presentation
Distributed Attestation for Device Swarms in IoTs Under the Guidance of Prof. Vinay Ribeiro and Prof. Kolin Paul Samuel Wedaj(2014CSZ8390) Background: 2 The term Internet of things was first coined in 1999 A hybrid network of
The term “Internet of
A hybrid network of
Adapted from: Website. http://slideplayer.com/slide/4680231/
Distributed Attestation for IoTs
2
IoT devices connected to our day to day lives Connected devices
2012: 9 billion 2020: 24 billion
Nature of the devices Application domain
aeronautics, space, rail, electronic transaction
Distributed Attestation for IoTs
3
security, life and privacy critical data ultimate target of attackers
Distributed Attestation for IoTs
4
Verifying correct and
Distributed Attestation for IoTs
5
Challenges
Device nature Number of devices to be attested What to verify?
Distributed Attestation for IoTs
6
Distributed Attestation for IoTs 7
Y. Li et al. [2010] (Software-based attestation for peripherals. In International Conference on
Trust and Trustworthy Computing, pages 16{29. Springer,2010.)
Firmware of peripheral devices
A . Francillon et al. [2014](. A minimalist approach to remote attestation. In Proceedings
Minimalistic approach based on desired service checking T. Rauter et al. [31-2015] (Privilege-based remote attestation: Towards integrity assurance for
lightweight clients. In Proceedings of the 1st ACM Work- shop on IoT Privacy, Trust, and Security, pages 3{9. ACM, 2015)
Light weight solution based on privilege checking
scalability and efficiency
D2
V
D3 D4 D7 D6 D1 D5 D8 D1 D2 D3
Verifier attdev
Swarm Communication link Attestation request Attestation response D6 D5 D4 D2 D8 D2 D7
attest
D8 D8 D8 D8 D8 D8 D8 D8 D8 D8 D8
N. Asokan et al. [2015 ] -SEDA
Distributed Attestation for IoTs
8
Distributed Attestation for IoTs 9
N. Asokan et al. [4-2015 ] -SEDA
Distributed Attestation for IoTs 10
A swarm S is a set of s devices with possibly
resilient Be more efficient
Not require VRF to know the detailed configuration of S Support multiple attestation protocol instances.
Be independent of the underlying integrity measurement
Distributed Attestation for IoTs
11
Integrity measurement:
It must be infeasible for ADV to tamper with the
Integrity reporting:
It must be infeasible for ADV to forge the integrity
Secure storage:
It must be infeasible for ADV to access any cryptographic
Distributed Attestation for IoTs
12
each D in S satisfies minimal requirements for secure
D can communicate with all its neighboring devices in
cryptographic primitives and their implementations
OP is trusted swarm topology remains static for the duration of a
Distributed Attestation for IoTs
13
Distributed Attestation for IoTs
14
Distributed Attestation for IoTs 15
Distributed Attestation for IoTs
Each Device, Di , is initialized with the following parameters
manufacturer
(pK)
For shared key calculation (all devices in the swarm can have same value)
16
Distributed Attestation for IoTs
E sends join request Devices check certificates
If valid
Exchange parent information shared key (KEB) established
If not valid
Reject join
17
Distributed Attestation for IoTs
thus run attest
18
Distributed Attestation for IoTs
Simulation Environment and assumptions used
19
Distributed Attestation for IoTs
20
Preliminary Results
Distributed Attestation for IoTs
21
Distributed Attestation for IoTs
22
Dominating component is cryptographic operations
Each Di must store at least: q, signing key pair (sk; pk), its identity
certificate cert(pk), code certificate cert(c), the set of attestation keys K shared with its neighbors and identification for their parent nodes
TI MSP430 provide at least 1024 bytes of non-volatile Flash
Distributed Attestation for IoTs
23
no single-point of failure; assures systems resilience well suited to inherent properties of device
no prior information regarding total number of
Distributed Attestation for IoTs
24
Distributed Attestation for IoTs
25