Distributed Attestation for Device Swarms in IoTs Under the Guidance of Prof. Vinay Ribeiro and Prof. Kolin Paul Samuel Wedaj(2014CSZ8390)
Background: 2 The term “Internet of things” was first coined in 1999 A hybrid network of the Internet and resource- constrained networks Adapted from: Website. http://slideplayer.com/slide/4680231/ Distributed Attestation for IoTs
Background: 3 IoT devices connected to our day to day lives Connected devices 2012: 9 billion 2020: 24 billion Nature of the devices Application domain aeronautics, space, rail, electronic transaction systems , health, military … Distributed Attestation for IoTs
Background: 4 security, life and privacy critical data ultimate target of attackers Distributed Attestation for IoTs
Attestation 5 Verifying correct and safe operation Distributed Attestation for IoTs
6 Smart interconnected devices operate in swarms: large, dynamic, and self-organizing networks Challenges Device nature Number of devices to be attested What to verify? Distributed Attestation for IoTs
Challenges with number of devices to be attested Issues in previous works Single prover approach Y. Li et al. [2010] (Software-based attestation for peripherals. In International Conference on Trust and Trustworthy Computing, pages 16{29. Springer,2010.) Firmware of peripheral devices A . Francillon et al. [2014] (. A minimalist approach to remote attestation. In Proceedings of the conference on Design, Automation & Test in Europe, page 244. European Design and Automation Association, 2014. ) Minimalistic approach based on desired service checking T. Rauter et al. [31-2015] (Privilege-based remote attestation: Towards integrity assurance for lightweight clients. In Proceedings of the 1st ACM Work- shop on IoT Privacy, Trust, and Security, pages 3{9. ACM, 2015) Light weight solution based on privilege checking Issue : scalability and efficiency 7 Distributed Attestation for IoTs
Swarm attestation (Contd..) N. Asokan et al. [2015 ] -SEDA 8 Verifier attdev attest V D 2 D 2 D 8 D 6 D 8 D 6 D 1 D 8 D 1 D 8 D 8 D 8 D 3 D 2 D 8 D 5 D 8 D 3 D 5 D 8 Swarm D 4 D 7 D 4 D 8 D 8 D 8 D 7 D 8 D 2 Communication link Attestation request Attestation response Distributed Attestation for IoTs
Swarm attestation (Contd..) N. Asokan et al. [4-2015 ] -SEDA 9 Distributed Attestation for IoTs
Proposal Overview 10 Distributed Attestation for IoTs
Swarm Attestation 11 A swarm S is a set of s devices with possibly different hardware and software configurations Attestation Properties: resilient Be more efficient Not require VRF to know the detailed configuration of S Support multiple attestation protocol instances. Be independent of the underlying integrity measurement Distributed Attestation for IoTs
Swarm Attestation 12 Device Requirements: (SMART/TrustLite) Integrity measurement : It must be infeasible for ADV to tamper with the mechanism that attests integrity of D’s software. Integrity reporting : It must be infeasible for ADV to forge the integrity measurement report sent from D to VRF. Secure storage : It must be infeasible for ADV to access any cryptographic secret(s) used by D as part of attestation Distributed Attestation for IoTs
Swarm Attestation 13 Assumptions each D in S satisfies minimal requirements for secure remote attestation D can communicate with all its neighboring devices in S, and that the network is connected cryptographic primitives and their implementations are secure OP is trusted swarm topology remains static for the duration of a given attestation protocol instance Distributed Attestation for IoTs
PROTOCOL DESCRIPTION 14 Offline Phase - Initialization Training - Registration Online Phase - Attestation Distributed Attestation for IoTs
Protocol Overview Distributed attestation 15 Distributed Attestation for IoTs
Protocol Overview (Contd …) 16 Distributed attestation Initialization Each Device, D i , is initialized with the following parameters Software configuration C i : hash digest of SW of D i Code certificate Cert(C i ) Identity certificate Cert(pK i ); where K i is device identity given by manufacturer Pair of signing Key (sK i , pK i ) Public key of Operator/Central Verifier, for verifying cert(c) and cert (pK) System parameters, p and q For shared key calculation (all devices in the swarm can have same value) Distributed Attestation for IoTs
Protocol Overview (Contd …) 17 Distributed attestation Registration E sends join request Devices check certificates If valid Exchange parent information shared key ( K EB ) established If not valid Reject join Distributed Attestation for IoTs
Protocol Overview (Contd …) 18 Distributed attestation Attestation Verifier sends, Nonce and session id Prover sends back mac digest Attested node becomes verifier and thus run attest Up on node compromise broadcast error message Restructure network through join Distributed Attestation for IoTs
Results 19 Preliminary Results: Simulation Environment and assumptions used OMNeT++ simulation environment Measured run time performances values of TrustLite[3] implementation used as delays in our simulation end-to-end delay average in ZigBee sensor networks[39]. Low-power, low-cost, low-complexity networking for the Internet of Things Distributed Attestation for IoTs
Preliminary Results 20 Run-time Performance Distributed Attestation for IoTs
Preliminary Results (Contd …) 21 Run-time Performance Distributed Attestation for IoTs
Proposal Overview 22 Run-time Performance Distributed Attestation for IoTs
PERFORMANCE EVALUATION 23 Computation cost Dominating component is cryptographic operations Communication cost Memory cost Each Di must store at least: q, signing key pair ( sk; pk ), its identity certificate cert( pk ), code certificate cert(c), the set of attestation keys K shared with its neighbors and identification for their parent nodes TI MSP430 provide at least 1024 bytes of non-volatile Flash Energy costs Distributed Attestation for IoTs
Advantages 24 no single-point of failure; assures systems resilience well suited to inherent properties of device swarms no prior information regarding total number of devices in the swarm is required. Distributed Attestation for IoTs
References: 25 [1]. N. Asokan, F. Brasser, A. Ibrahim, A.-R. Sadeghi, M. Schunter, G. Tsudik, and C. Wachsmann. Seda: Scalable embedded device attestation. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 964{975. ACM, 2015. [2]. K. Eldefrawy, G. Tsudik, A. Francillon, and D. Perito. SMART: Secure and minimal architecture for (establishing a dynamic) root of trust. In Network and Distributed System Security Symposium, 2012. [3]. P. Koeberl, S. Schulz, A.-R. Sadeghi, and V. Varadharajan. TrustLite: A security architecture for tiny embedded devices. In European Conference on Computer Systems, Distributed Attestation for IoTs 2014.
Recommend
More recommend
