research-article

Thingtegrity: A Scalable Trusted Computing Architecture for the Internet of Things

Authors:

Andrea Höller,

Christian KreinerAuthors Info & Claims

EWSN '16: Proceedings of the 2016 International Conference on Embedded Wireless Systems and Networks

Pages 23 - 34

Published: 15 February 2016 Publication History

Abstract

Remote attestation is used to prove the integrity of one system (prover) to another (challenger). The prover measures its configuration and transmits the result to the challenger for verification. Common attestation methods lead to complex configuration measurements (e.g., hash of all executables), which are updated every time one of the software modules changes. The updated configuration has to be distributed to all possible challengers since they need a reference to enable the verification. Recently, an idea of reducing the complexity of the configuration measurement by taking into account privileges of software modules has been presented. However, this approach has not been exhaustively analyzed since, as yet, no implementation exists. Especially in the Internet of Things (IoT) domain, where resources are constrained strictly while devices are potentially physically exposed to adversaries, attestation methodologies with reduced overhead are desireable. In this work we combine binary-, property- and privilege-based remote attestation to integrate a trusted computing architecture transparently into \iotivity, an existing IoT middleware. As a first step, we aim to enable to attestation of the integrity of complex devices with different services to constrained devices. With the help of an illustrative simulated environment, we show that our architecture reduces the effort of bootstrapping trusted relations, as well as updating single modules in the whole system, even if software and devices from different vendors are combined.

References

[1]

Gartner Inc., ¿Analysts to Explore the Disruptive Impact of IoT on Business,¿ in Gartner Symposium/ITxpo, 2014.

[2]

BBC, ¿Not in front of the telly: Warning over ¿listening¿ TV,¿ 2015. {Online}. Available: http://bbc.com/news/technology-31296188

[3]

A. Chapman, ¿Hacking into Internet Connected Light Bulbs,¿ 2014. {Online}. Available: http://www.contextis.com/resources/blog/hacking-internet-connected-light-bulbs/

[4]

D. Halperin, S. S. Clark, and K. Fu, ¿Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses,¿ Proceedings - IEEE Symposium on Security and Privacy, 2008.

Digital Library

[5]

B. Miller and D. Rowe, ¿A survey SCADA of and critical infrastructure incidents,¿ Annual Conference on Research in Information Technology, p. 51, 2012.

Digital Library

[6]

Trusted Computing Group, ¿TPM Main Specificication Level 2 Version 1.2,¿ 2006.

[7]

S. W. Smith, -Outbound authentication for programmable secure coprocessors,- International Journal of Information Security, vol. 3, no. 1, pp. 28-41, May 2004.

Digital Library

[8]

M. Nauman, S. Khan, X. Zhang, and J. Seifert, -Beyond kernel-level integrity measurement: enabling remote attestation for the android platform,- Trust and Trustworthy Computing, pp. 1-15, 2010.

Digital Library

[9]

A. Francillon, Q. Nguyen, K. B. Rasmussen, and G. Tsudik, -A minimalist approach to Remote Attestation,- Design, Automation & Test in Europe Conference & Exhibition (DATE), 2014, pp. 1-6, 2014.

Digital Library

[10]

R. Akram, K. Markantonakis, and K. Mayes, ¿Remote Attestation Mechanism based on Physical Unclonable Functions,¿ Workshop on RFID and IoT Security, 2013.

[11]

M. LeMay and C. a. Gunter, -Cumulative Attestation Kernels for Embedded Systems,- IEEE Transactions on Smart Grid, vol. 3, no. 2, pp. 744-760, Jun. 2012.

[12]

R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn, ¿Design and implementation of a TCG-based integrity measurement architecture,¿ in USENIX Security Symposium, 2004.

Digital Library

[13]

A. Sadeghi and C. Stüble, -Property-based attestation for computing platforms: caring about properties, not mechanisms,- Proceedings of the 2004 workshop on New Security Paradigms, pp. 67-77, 2004.

Digital Library

[14]

M. Ceccato, Y. Ofek, and P. Tonella, ¿A Protocol for Property-Based Attestation,¿ Theory and Practice of Computer Science, p. 7, 2008.

[15]

T. Jaeger, R. Sailer, and U. Shankar, ¿Policy-Reduced Integrity Measurement Architecture,¿ in Symposium on Access Control Models and Technologies, 2006.

Digital Library

[16]

W. Xu, X. Zhang, and H. Hu, -Remote attestation with domainbased integrity model and policy analysis,- Dependable and Secure Computing, vol. 9, no. 3, pp. 429-442, 2012.

Digital Library

[17]

T. Rauter, A. Höller, N. Kajtazovic, and C. Kreiner, ¿Privilege-Based Remote Attestation: Towards Integrity Assurance for Lightweight Clients,¿ in Workshop on IoT Privacy, Trust, and Security, 2015.

Digital Library

[18]

T. Alves and D. Felton, -Trustzone: Integrated hardware and software security,- ARM white paper, vol. 3, no. 4, pp. 18-24, 2004.

[19]

James Greene, ¿Intel Trusted Execution Technology,¿ Intel Whitepaper, 2003.

[20]

D. Perito, G. Tsudik, and K. E. Defrawy, ¿SMART : Secure and Minimal Architecture for ( Establishing a Dynamic ) Root of Trust,¿ Security, 2012.

[21]

P. Koeberl, S. Schulz, A.-r. Sadeghi, and V. Varadharajan, ¿TrustLite: A Security Architecture for Tiny Embedded Devices,¿ in Proceedings of the Ninth European Conference on Computer Systems, 2014.

Digital Library

[22]

F. Brasser, B. E. Mahjoub, A.-r. Sadeghi, C. Wachsmann, and P. Koeberl, ¿TyTAN: Tiny Trust Anchor for Tiny Devices,¿ in Design, Automation & Test in Europe Conference & Exhibition, 2015.

Digital Library

[23]

L. Chen, H. Löhr, M. Manulis, and A. Sadeghi, ¿Property-based attestation without a trusted third party,¿ Information Security, 2008.

Digital Library

[24]

J. Li, H. Zhang, and B. Zhao, ¿Research of reliable trusted boot in embedded systems,¿ in Computer Science/Network Technology, 2011.

[25]

C. Yu and M. T. Yuan, -Integrity measurement of hardware based on TPM,- International Conference on Computer Science and Information Technology, vol. 3, pp. 507-510, 2010.

[26]

E. R. Sparks, ¿A Security Assessment of Trusted Platform Modules,¿ Tech. Rep., 2007.

[27]

F. Hao and P. Y. a. Ryan, ¿Password authenticated key exchange by juggling,¿ Lecture Notes in Computer Science, 2008.

[28]

L. Davi, A. Sadeghi, and M. Winandy, -ROPdefender: A detection tool to defend against return-oriented programming attacks,- ASIACCS, pp. 1-22, 2011.

Digital Library

Cited By

Hoeller AIber JRauter TKreiner CRömer KLangendoen KVoigt T(2016)Poster: Towards a Secure, Resilient, and Distributed Infrastructure for Hydropower Plant Unit ControlProceedings of the 2016 International Conference on Embedded Wireless Systems and Networks10.5555/2893711.2893759(253-254)Online publication date: 15-Feb-2016
https://dl.acm.org/doi/10.5555/2893711.2893759

Recommendations

Integrity Management Infrastructure for Trusted Computing

Computer security concerns have been rapidly increasing because of repeated security breaches and leakages of sensitive personal information. Such security breaches are mainly caused by an inappropriate management of the PCs, so maintaining integrity of ...
Decentralized Public Key Infrastructure for Internet-of-Things
MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM)
In many envisioned IoT applications, security is crucial. However, designing and/or deploying existing security techniques in IoT systems is not straightforward due to the inherent heterogeneity of IoT devices as well as their huge number. A critical ...
Internet of Things security

The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the IoT ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

EWSN '16: Proceedings of the 2016 International Conference on Embedded Wireless Systems and Networks

February 2016

366 pages

ISBN:9780994988607

General Chair:
Kay Römer
TU Graz, Austria
,
Program Chairs:
Koen Langendoen
TU Delft, The Netherlands
,
Thiemo Voigt
Uppsala University and SICS Swedish ICT, Sweden

Sponsors

EWSN: International Conference on Embedded Wireless Systems and Networks

In-Cooperation

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Junction Publishing

United States

Publication History

Published: 15 February 2016

Check for updates

Qualifiers

Research-article

Conference

EWSN '16

Sponsor:

EWSN

February 15 - 17, 2016

Graz, Austria

Acceptance Rates

Overall Acceptance Rate 81 of 195 submissions, 42%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hoeller AIber JRauter TKreiner CRömer KLangendoen KVoigt T(2016)Poster: Towards a Secure, Resilient, and Distributed Infrastructure for Hydropower Plant Unit ControlProceedings of the 2016 International Conference on Embedded Wireless Systems and Networks10.5555/2893711.2893759(253-254)Online publication date: 15-Feb-2016
https://dl.acm.org/doi/10.5555/2893711.2893759

View Options

View options

Figures

Tables

Media

View Table of Conten