SDATA: Symmetrical Device Identifier Composition Engine Complied Aggregate Trust Attestation
<p>(<b>a</b>) SDATA system architecture. (<b>b</b>) SDATA entity interaction.</p> "> Figure 2
<p>Device preparation process.</p> "> Figure 3
<p>SDATA attestation process.</p> "> Figure 4
<p>Evaluation of communication volume and aggregation times. (<b>a</b>) Communication volume. (<b>b</b>) Aggregation times.</p> ">
Abstract
:1. Introduction
2. Preliminaries
2.1. DICE
2.2. Aggregate Message Authentication Code
: take bitwise XOR of MAC tags
: for each , recompute and then recalculate , if holds, , otherwise,
3. SDATA
3.1. System Model
3.2. Work Flow
3.3. Security Assumptions and Threats
4. SDATA Design
4.1. Prepare
4.2. Reports
4.2.1. Generate Individual Report
4.2.2. Aggregate Reports
4.3. Verify
4.4. Identify
- If represents the aggregate report from itself and its leaf child nodes, it sends stored individual reports to . Then, set , and the device IDs that were successfully verified are removed from . If , the device goes to step (1) with another aggregate report.
- If is one of the other aggregate reports, the device notifies the corresponding non-leaf child node. This non-leaf child node then goes to step (1).
5. Security Analysis
5.1. Completeness
5.2. Unforgeability
6. Performance Evaluation
6.1. Report Size and Communication Volume
6.2. Distributed Aggregation
7. Discussion
8. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Margolis, J.; Oh, T.T.; Jadhav, S.; Kim, Y.H.; Kim, J.N. An in-depth analysis of the mirai botnet. In Proceedings of the 2017 International Conference on Software Security and Assurance (ICSSA), Altoona, PA, USA, 24–25 July 2017; pp. 6–12. [Google Scholar]
- A Bug in Smart Meters in Spain Could Cause Widespread Blackouts. Available online: http://www.freebuf.com/news/47634.html (accessed on 1 December 2023).
- Overview of IoT Threats in 2023. Available online: https://securelist.com/iot-threat-report-2023/110644/ (accessed on 1 December 2023).
- The 2023 IoT Security Landscape Report. Available online: https://www.bitdefender.com/files/News/CaseStudies/study/429/2023-IoT-Security-Landscape-Report.pdf (accessed on 1 December 2023).
- Ammar, M.; Crispo, B.; Tsudik, G. SIMPLE: A Remote Attestation Approach for Resource-constrained IoT devices. In Proceedings of the 2020 ACM/IEEE 11th International Conference on Cyber-Physical Systems (ICCPS), Sydney, NSW, Australia, 21–25 April 2020; pp. 247–258. [Google Scholar]
- Kuang, B.; Fu, A.; Susilo, W.; Yu, S.; Gao, Y. A survey of remote attestation in Internet of Things: Attacks, countermeasures, and prospects. Comput. Secur. 2022, 112, 102498. [Google Scholar] [CrossRef]
- De Oliveira Nunes, I.; Jakkamsetti, S.; Rattanavipanon, N.; Tsudik, G. On the TOCTOU problem in remote attestation. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, 15–19 November 2021; pp. 2921–2936. [Google Scholar]
- Helble, S.C.; Kretz, I.D.; Loscocco, P.A.; Ramsdell, J.D.; Rowe, P.D.; Alexander, P. Flexible Mechanisms for Remote Attestation. Assoc. Comput. Mach. 2021, 24, 2471–2566. [Google Scholar] [CrossRef]
- Tan, H.; Tsudik, G.; Jha, S. MTRA: Multiple-tier remote attestation in IoT networks. In Proceedings of the 2017 IEEE Conference on Communications and Network Security (CNS), Las Vegas, NV, USA, 9–11 October 2017; pp. 1–9. [Google Scholar]
- De Oliveira Nunes, I.; Eldefrawy, K.; Rattanavipanon, N.; Steiner, M.; Tsudik, G. VRASED: A Verified Hardware/Software Co-Design for Remote Attestation. In Proceedings of the 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, USA, 14–16 August 2019; pp. 1429–1446. [Google Scholar]
- Román, R.; Arjona, R.; Baturone, I. A lightweight remote attestation using PUFs and hash-based signatures for low-end IoT devices. Future Gener. Comput. Syst. 2023, 148, 425–435. [Google Scholar] [CrossRef]
- Cao, J.; Zhu, T.; Ma, R.; Guo, Z.; Zhang, Y.; Li, H. A Software-Based Remote Attestation Scheme for Internet of Things Devices. IEEE Trans. Dependable Secur. Comput. 2023, 20, 1422–1434. [Google Scholar] [CrossRef]
- De Oliveira Nunes, I.; Dessouky, G.; Ibrahim, A.; Rattanavipanon, N.; Sadeghi, A.; Tsudik, G. Towards Systematic Design of Collective Remote Attestation Protocols. In Proceedings of the 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), Dallas, TX, USA, 7–10 July 2019; pp. 1188–1198. [Google Scholar]
- Carpent, X.; ElDefrawy, K.; Rattanavipanon, N.; Tsudik, G. Lightweight swarm attestation: A tale of two lisa-s. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, Abu Dhabi, United Arab Emirates, 2–6 April 2017; pp. 86–100. [Google Scholar]
- Ammar, M.; Washha, M.; Ramabhadran, G.S.; Crispo, B. SlimIoT: Scalable Lightweight Attestation Protocol for the Internet of Things. In Proceedings of the 2018 IEEE Conference on Dependable and Secure Computing (DSC), Kaohsiung, Taiwan, 10–13 December 2018; pp. 1–8. [Google Scholar]
- Ambrosin, M.; Conti, M.; Lazzeretti, R.; Rabbani, M.M.; Ranise, S. PADS: Practical Attestation for Highly Dynamic Swarm Topologies. In Proceedings of the 2018 International Workshop on Secure Internet of Things (SIoT), Barcelona, Spain, 6 September 2018; pp. 18–27. [Google Scholar]
- Kohnhäuser, F.; Büscher, N.; Gabmeyer, S.; Katzenbeisser, S. SCAPI: A Scalable Attestation Protocol to Detect Software and Physical Attacks. In Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Boston, MA, USA, 18–20 July 2017; pp. 75–86. [Google Scholar]
- Ibrahim, A.; Sadeghi, A.; Zeitouni, S. SeED: Secure Non-Interactive Attestation for embedded device. In Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Boston, MA, USA, 18–20 July 2017; pp. 64–74. [Google Scholar]
- Ibrahim, A.; Sadeghi, A.R.; Tsudik, G. HEALED: HEaling & Attestation for Low-End Embedded Devices. In Proceedings of the Financial Cryptography and Data Security, Frigate Bay, St. Kitts and Nevis, 18–22 February 2019; pp. 627–645. [Google Scholar]
- Ambrosin, M.; Conti, M.; Ibrahim, A.; Neven, G.; Sadeghi, A.; Schunter, M. SANA: Secure and Scalable Aggregate Network Attestation. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, New York, NY, USA, 24–28 October 2016; pp. 731–742. [Google Scholar]
- Ibrahim, A.; Sadeghi, A.; Tsudik, G. US-AID: Unattended Scalable Attestation of IoT Devices. In Proceedings of the 2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS), Salvador, Brazil, 2–5 October 2018; pp. 21–30. [Google Scholar]
- Kuang, B.Y.; Fu, A.; Yu, S.; Yang, G.M.; Su, M.; Zhang, Y.Q. ESDRA: An Efficient and Secure Distributed Remote Attestation Scheme for IoT Swarms. IEEE Internet Things J. 2019, 6, 8372–8383. [Google Scholar] [CrossRef]
- Dushku, E.; Rabbani, M.M.; Conti, M.; Mancini, L.V.; Ranise, S. SARA: Secure Asynchronous Remote Attestation for IoT Systems. IEEE Trans. Inf. Forensics Secur. 2020, 15, 3123–3136. [Google Scholar] [CrossRef]
- Khurshid, A.; Raza, S. AutoCert: Automated TOCTOU-secure digital certification for IoT with combined authentication and assurance. Comput. Secur. 2023, 124, 102952. [Google Scholar] [CrossRef]
- Asokan, N.; Brasser, F.; Ibrahim, A.; Sadeghi, A.; Schunter, M.; Tsudik, G.; Wachsmann, C. Seda: Scalable embedded device attestation. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, New York, NY, USA, 12–16 October 2015; pp. 964–975. [Google Scholar]
- Ibrahim, A.; Sadeghi, A.; Tsudik, G.; Zeitouni, S. DARPA: Device Attestation Resilient to Physical Attacks. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, Darmstadt, Germany, 18–20 July 2016; pp. 171–182. [Google Scholar]
- Carpent, X.; Tsudik, G.; Rattanavipanon, N. ERASMUS: Efficient remote attestation via self-measurement for unattended settings. In Proceedings of the 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE), Dresden, Germany, 19–23 March 2018; pp. 1191–1194. [Google Scholar]
- Kohnhäuser, F.; Büscher, N.; Katzenbeisser, S. SALAD: Secure and Lightweight Attestation of Highly Dynamic and Disruptive Networks. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security, Incheon, Republic of Korea, 4–8 June 2018; pp. 329–342. [Google Scholar]
- DICE-Layering-Architecture. Available online: https://trustedcomputinggroup.org/wp-content/uploads/DICE-Layering-Architecture-r19_pub.pdf (accessed on 14 November 2023).
- Aggregate Message Authentication Schemes for Internet of Things Environment (Study Group 17). Available online: https://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-X.1366-202009-I!!PDF-E&type=items (accessed on 13 November 2023).
- Pittacus. Available online: https://github.com/izeigerman/pittacus (accessed on 10 August 2023).
- secp256k1. Available online: https://github.com/bitcoin-core/secp256k1 (accessed on 10 August 2023).
- Eldefrawy, K.; Tsudik, G.; Francillon, A.; Perito, D. Smart: Secure and minimal architecture for (establishing dynamic) root of trust. In Proceedings of the Network and Distributed System Security (NDSS) Symposium, San Diego, CA, USA, 5–8 February 2012; pp. 1–15. [Google Scholar]
- Koeberl, P.; Schulz, S.; Sadeghi, A.; Varadharajan, V. TrustLite: A security architecture for tiny embedded devices. In Proceedings of the Ninth European Conference on Computer Systems, Amsterdam, The Netherlands, 13–16 April 2014; pp. 1–14. [Google Scholar]
- Brasser, F.; El Mahjoub, B.; Sadeghi, A.; Wachsmann, C.; Koeberl, P. TyTAN: Tiny Trust Anchor for Tiny Devices. In Proceedings of the 52nd Annual Design Automation Conference, New York, NY, USA, 7–11 June 2015; pp. 1–6. [Google Scholar]
- DICE Attestation Architecture. Available online: https://trustedcomputinggroup.org/wp-content/uploads/TCG_DICE_Attestation_Architecture_r22_02dec2020.pdf (accessed on 13 November 2023).
- Sato, S.; Shikata, J. Interactive Aggregate Message Authentication Scheme with Detecting Functionality. In Advanced Information Networking and Applications; Springer International Publishing: Cham, Switzerland, 2019; pp. 1316–1328. [Google Scholar]
- Hirose, S.; Shikata, J. Non-adaptive Group-Testing Aggregate MAC Scheme. In Advanced Information Networking and Applications; Springer International Publishing: Cham, Switzerland, 2018; pp. 357–372. [Google Scholar]
- Benedictis, M.D.; Lioy, A. Integrity verification of Docker containers for a lightweight cloud environment. Future Gener. Comput. Syst. 2019, 97, 236–246. [Google Scholar] [CrossRef]
- Sun, Y.; Safford, D.; Zohar, M.; Pendarakis, D.; Gu, Z.S.; Jaeger, T. Security namespace: Making linux security frameworks available to containers. In Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD, USA, 15–17 August 2018; pp. 1423–1439. [Google Scholar]
- Arnautov, S.; Trach, B.; Gregor, F.; Knauth, T.; Martin, A.; Priebe, C.; Lind, J.; Muthukumaran, D.; O’keeffe, D.; Stillwell, M.L.; et al. SCONE: Secure linux containers with intel SGX. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16), Savannah, GA, USA, 2–4 November 2016; pp. 689–703. [Google Scholar]
- Lebedev, I.; Hogan, K.; Devadas, S. Secure Boot and Remote Attestation in the Sanctum Processor. In Proceedings of the 2018 IEEE 31st Computer Security Foundations Symposium (CSF), Oxford, UK, 9–12 July 2018; pp. 46–60. [Google Scholar]
- Ba, H.; Zhou, H.; Mei, S.; Qiao, H.; Hong, T.; Wang, Z.; Ren, J. Astrape: An efficient concurrent cloud attestation with ciphertext-policy attribute-based encryption. Symmetry 2018, 10, 425. [Google Scholar] [CrossRef]
SEDA, DARPA, LISA, SeED, PADS, slimIoT, HEALED | SCAPI, SALAD | ERASMUS, SAP | SDATA | |
---|---|---|---|---|
measurement | ✓ | ✓ | ✓ | only measure layer 0 |
attestation code | ✓ | ✓ | ✓ | ✗ |
reference value | store | receive | ✗ | ✗ |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Yu, F.; Huang, Y. SDATA: Symmetrical Device Identifier Composition Engine Complied Aggregate Trust Attestation. Symmetry 2024, 16, 310. https://doi.org/10.3390/sym16030310
Yu F, Huang Y. SDATA: Symmetrical Device Identifier Composition Engine Complied Aggregate Trust Attestation. Symmetry. 2024; 16(3):310. https://doi.org/10.3390/sym16030310
Chicago/Turabian StyleYu, Fajiang, and Yanting Huang. 2024. "SDATA: Symmetrical Device Identifier Composition Engine Complied Aggregate Trust Attestation" Symmetry 16, no. 3: 310. https://doi.org/10.3390/sym16030310
APA StyleYu, F., & Huang, Y. (2024). SDATA: Symmetrical Device Identifier Composition Engine Complied Aggregate Trust Attestation. Symmetry, 16(3), 310. https://doi.org/10.3390/sym16030310