research-article

On the difficulty of software-based attestation of embedded devices

Authors:

Claude Castelluccia,

Aurélien Francillon,

Daniele Perito,

Claudio SorienteAuthors Info & Claims

CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Pages 400 - 409

https://doi.org/10.1145/1653662.1653711

Published: 09 November 2009 Publication History

Abstract

Device attestation is an essential feature in many security protocols and applications. The lack of dedicated hardware and the impossibility to physically access devices to be attested, makes attestation of embedded devices, in applications such as Wireless Sensor Networks, a prominent challenge. Several software-based attestation techniques have been proposed that either rely on tight time constraints or on the lack of free space to store malicious code. This paper investigates the shortcomings of existing software-based attestation techniques. We first present two generic attacks, one based on a return-oriented rootkit} and the other on code compression. We further describe specific attacks on two existing proposals, namely SWATT and ICE-based schemes, and argue about the difficulty of fixing them. All attacks presented in this paper were implemented and validated on commodity sensors.

References

[1]

Abadi, M., Budiu, M., Erlingsson, U., and Ligatti, J. Control-flow integrity. In CCS'05: Proceedings of the 12th ACM conference on Computer and Communications Security (2005), ACM.

Digital Library

[2]

Anderson, R., and Kuhn, M. Tamper resistance - a cautionary note. In In Proceedings of the Second Usenix Workshop on Electronic Commerce (1996).

Digital Library

[3]

Atmel Corporation. Atmega128 datasheet. http://www.atmel.com/atmel/acrobat/doc2467.pdf.

[4]

Buchanan, E., Roemer, R., Shacham, H., and Savage, S. When good instructions go bad: generalizing return-oriented programming to RISC. In Proceedings of CCS'08 (2008), ACM.

Digital Library

[5]

Choi, Y.-G., Kang, J., and Nyang, D. Proactive code verification protocol in wireless sensor network. In ICCSA (2007), O. Gervasi and M. L. Gavrilova, Eds., vol. 4706 of Lecture Notes in Computer Science, Springer.

Digital Library

[6]

Cooprider, N., Archer, W., Eide, E., Gay, D., and Regehr, J. Efficient memory safety for TinyOS. In SenSys'07 (2007), ACM.

Digital Library

[7]

England, P., Lampson, B., Manferdelli, J., Peinado, M., and Willman, B. A trusted open platform. Computer 36, 7 (2003).

Digital Library

[8]

Ferguson, C., Gu, Q., and Shi, H. Self-healing control flow protection in sensor applications. In WiSec'09 (2009), ACM.

Digital Library

[9]

Francillon, A., and Castelluccia, C. Code injection attacks on Harvard-architecture devices. In ACM Conference on Computer and Communications Security (2008), P. Ning, P. F. Syverson, and S. Jha, Eds., ACM.

Digital Library

[10]

Goodspeed, T. Exploiting wireless sensor networks over 802.15.4. In Texas Instruments Developper Conference (2008).

[11]

Gu, Q., and Noorani, R. Towards self-propagate mal-packets in sensor networks. In WiSec (2008), ACM.

Digital Library

[12]

Hoglund, G., and Butler, J. Rootkits : Subverting the Windows Kernel. Addison-Wesley, 2005.

Digital Library

[13]

Hu, W., Corke, P., Shih, W. C., and Overs, L. secfleck: A public key technology platform for wireless sensor networks. In EWSN (2009), vol. 5432 of Lecture Notes in Computer Science, Springer.

Digital Library

[14]

Huffman, D.A. A method for the constructionof minimum redundancy codes. Proceedings of the IRE 40 (1962).

[15]

Hund, R., Holz, T., and Freiling, F. C. Return-oriented rootkits: Bypassing kernel code integrity protection mechanisms. In Proceedings of the 18th USENIX Security Symposium (August 2009).

Digital Library

[16]

Kennell, R., and Jamieson, L. H. Establishing the genuinity of remote computer systems. In SSYM'03: Proceedings of the 12th conference on USENIX Security Symposium (Berkeley, CA, USA, 2003), USENIX Association, pp. 21--21.

Digital Library

[17]

Klimov, A., and Shamir, A. New cryptographic primitives based on multiword t-functions. In Fast Software Encryption, 11th International Workshop, FSE 2004 (2004).

[18]

Krahmer, S. x86-64 buffer overflow exploits and the borrowed code chunks exploitation technique. Tech. rep., suse, September 2005. available at http://www.suse.de/ krahmer/no-nx.pdf.

[19]

Kuo, C., Luk, M., Negi, R., and Perrig, A. Message-in-a-bottle: user-friendly and secure key deployment for sensor nodes. In SenSys'07: Proceedings of the 5th international conference on Embedded networked sensor systems (2007), ACM.

Digital Library

[20]

Nergal. The advanced return-into-lib(c) exploits (pax case study). Phrack Magazine 58, 4 (2001). http://www.phrack.org/issues.html?issue=58&id=4http://www.phrack.or%g/issues.html?issue=58&id=4.

[21]

Park, T., and Shin, K. G. Soft tamper-proofing via program integrity verification in wireless sensor networks. IEEE Trans. Mob. Comput. 4, 3 (2005).

Digital Library

[22]

Seshadri, A., Luk, M., and Perrig, A. SAKE: Software attestation for key establishment in sensor networks. In DCOSS'08: Proceedings of the 4th IEEE international conference on Distributed Computing in Sensor Systems (2008).

Digital Library

[23]

Seshadri, A., Luk, M., Perrig, A., van Doorn, L., and Khosla, P. SCUBA: Secure code update by attestation in sensor networks. In WiSe'06: Proceedings of the 5th ACM workshop on Wireless security (2006), ACM.

Digital Library

[24]

Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., and Khosla, P. Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. In SOSP'05: Proceedings of the twentieth ACM symposium on Operating systems principles (2005), ACM.

Digital Library

[25]

Seshadri, A., Perrig, A., van Doorn, L., and Khosla, P. Using SWATT for verifying embedded systems in cars. In Proceedings of Embedded Security in Cars Workshop (ESCAR 2004) (Nov. 2004).

[26]

Seshadri, A., Perrig, A., van Doorn, L., and Khosla, P. K. SWATT: SoftWare-based ATTestation for embedded devices. In IEEE Symposium on Security and Privacy (2004), IEEE Computer Society.

[27]

Shacham, H. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of CCS 2007 (2007), ACM.

Digital Library

[28]

Shaneck, M., Mahadevan, K., Kher, V., and Kim, Y. Remote software-based attestation for wireless sensors. In ESAS (2005).

Digital Library

[29]

Shankar, U., Chew, M., and Tygar, J. D. Side effects are not sufficient to authenticate software. In Proceedings of the 13th USENIX Security Symposium (August 2004).

Digital Library

[30]

Solar Designer. return-to-libc attack. Bugtraq mailing list, August 1997.

[31]

Texas Instruments. Msp430 f1611 datasheet.

[32]

Yang, X., Cooprider, N., and Regehr, J. Eliminating the call stack to save ram. In To appear in LCTES 2009 (June 2009), ACM.

Digital Library

[33]

Yang, Y., Wang, X., Zhu, S., and Cao, G. Distributed software-based attestation for node compromise detection in sensor networks. In SRDS (2007), IEEE Computer Society.

Digital Library

Cited By

Sarker AWuthier SKim JKim JChang S(2024)Blockchain Handshaking with Software Assurance: Version++ Protocol for Bitcoin CryptocurrencyElectronics10.3390/electronics1319385713:19(3857)Online publication date: 29-Sep-2024
https://doi.org/10.3390/electronics13193857
Grisafi MAmmar MRoveri MCrispo B(2024)FLAShadow: A Flash-based Shadow Stack for Low-end Embedded SystemsACM Transactions on Internet of Things10.1145/36704135:3(1-29)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1145/3670413
Bursuc SGil-Pons RMauw STrujillo-Rasua R(2024)Software-Based Memory Erasure with Relaxed Isolation Requirements2024 IEEE 37th Computer Security Foundations Symposium (CSF)10.1109/CSF61375.2024.00022(01-16)Online publication date: 8-Jul-2024
https://doi.org/10.1109/CSF61375.2024.00022
Show More Cited By

Index Terms

On the difficulty of software-based attestation of embedded devices
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

RealSWATT: Remote Software-based Attestation for Embedded Devices under Realtime Constraints
CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

Smart factories, critical infrastructures, and medical devices largely rely on embedded systems that need to satisfy realtime constraints to complete crucial tasks. Recent studies and reports have revealed that many of these devices suffer from crucial ...
Memory attestation of wireless sensor nodes through trusted remote agents

Wireless sensor networks (WSNs) have been deployed in various commercial, scientific, and military applications for surveillance and critical data collection. A serious threat to sensor nodes is malicious code injection attack that results in fake data ...
New Results for Timing-Based Attestation
SP '12: Proceedings of the 2012 IEEE Symposium on Security and Privacy

In this paper we present a comprehensive timing-based attestation system suitable for typical enterprise use, and evidence of that system's performance. This system, similar to Pioneer [20] but built with relaxed assumptions, successfully detects ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

November 2009

664 pages

ISBN:9781605588940

DOI:10.1145/1653662

General Chair:
Ehab Al-Shaer
University of North Carolina, Charlotte, USA
,
Program Chairs:
Somesh Jha
University of Wisconsin, USA
,
Angelos D. Keromytis
Columbia University, USA and Symantec Research Labs Europe, France

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 November 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '09

Sponsor:

SIGSAC

CCS '09: 16th ACM Conference on Computer and Communications Security 2009

November 9 - 13, 2009

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

144
Total Citations
View Citations
1,232
Total Downloads

Downloads (Last 12 months)38
Downloads (Last 6 weeks)1

Reflects downloads up to 30 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sarker AWuthier SKim JKim JChang S(2024)Blockchain Handshaking with Software Assurance: Version++ Protocol for Bitcoin CryptocurrencyElectronics10.3390/electronics1319385713:19(3857)Online publication date: 29-Sep-2024
https://doi.org/10.3390/electronics13193857
Grisafi MAmmar MRoveri MCrispo B(2024)FLAShadow: A Flash-based Shadow Stack for Low-end Embedded SystemsACM Transactions on Internet of Things10.1145/36704135:3(1-29)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1145/3670413
Bursuc SGil-Pons RMauw STrujillo-Rasua R(2024)Software-Based Memory Erasure with Relaxed Isolation Requirements2024 IEEE 37th Computer Security Foundations Symposium (CSF)10.1109/CSF61375.2024.00022(01-16)Online publication date: 8-Jul-2024
https://doi.org/10.1109/CSF61375.2024.00022
Laeuchli JTrujillo-Rasua R(2024)Software-based remote memory attestation using quantum entanglementQuantum Information Processing10.1007/s11128-024-04421-x23:6Online publication date: 27-May-2024
https://doi.org/10.1007/s11128-024-04421-x
Zhang ZXue JMu TYu TQiu KChen TLi Y(2024)DRSA: Debug Register-Based Self-relocating Attack Against Software-Based Remote AuthenticationBlockchain Technology and Emerging Applications10.1007/978-3-031-60037-1_2(23-40)Online publication date: 3-May-2024
https://doi.org/10.1007/978-3-031-60037-1_2
Li Calsi DZaccaria V(2023)Interruptible Remote Attestation of Low-end IoT Microcontrollers via Performance CountersACM Transactions on Embedded Computing Systems10.1145/361167422:5(1-19)Online publication date: 26-Sep-2023
https://dl.acm.org/doi/10.1145/3611674
Surminski SNiesler CLinsner SDavi LReuter CShehab MFernandez MLi N(2023)SCAtt-man: Side-Channel-Based Remote Attestation for Embedded Devices that Users UnderstandProceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy10.1145/3577923.3583652(225-236)Online publication date: 24-Apr-2023
https://dl.acm.org/doi/10.1145/3577923.3583652
Yadav NGanapathy VMeng WJensen CCremers CKirda E(2023)Whole-Program Control-Flow Path AttestationProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616687(2680-2694)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616687
Makhdoom IAbolhasan MLipman JFranklin DPiccardi M(2023)I2Map: IoT Device Attestation Using Integrity Map2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom60117.2023.00258(1900-1907)Online publication date: 1-Nov-2023
https://doi.org/10.1109/TrustCom60117.2023.00258
Cao JZhu TMa RGuo ZZhang YLi H(2023)A Software-Based Remote Attestation Scheme for Internet of Things DevicesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.315488720:2(1422-1434)Online publication date: 1-Mar-2023
https://doi.org/10.1109/TDSC.2022.3154887
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents