TU Darmstadt / ULB / TUbiblio

A Security Framework for Analysis and Design of Software Attestation

Armknecht, Frederik ; Sadeghi, Ahmad-Reza ; Schulz, Steffen ; Wachsmann, Christian :
A Security Framework for Analysis and Design of Software Attestation.
ACM Conference on Computer and Communications Security (CCS) ACM Press
[Konferenz- oder Workshop-Beitrag], (2013)

Kurzbeschreibung (Abstract)

Software attestation has become a popular and challenging research topic at many established security conferences with an expected strong impact in practice. It aims at verifying the software integrity of (typically) resource-constrained embedded devices. However, for practical reasons, software attestation cannot rely on stored cryptographic secrets or dedicated trusted hardware. Instead, it exploits side-channel information, such as the time that the underlying device needs for a specific computation. As traditional cryptographic solutions and arguments are not applicable, novel approaches for the design and analysis are necessary. This is certainly one of the main reasons why the security goals, properties and underlying assumptions of existing software attestation schemes have been only vaguely discussed so far, limiting the confidence in their security claims. Thus, putting software attestation on a solid ground and having a founded approach for designing secure software attestation schemes is still an important open problem.

We provide the first steps towards closing this gap. Our first contribution is a security framework that formally captures security goals, attacker models, and various system and design parameters. Moreover, we present a generic software attestation scheme that covers most existing schemes in the literature. Finally, we analyze its security within our framework, yielding sufficient conditions for provably secure software attestation schemes. We expect that such a consolidating work allows for a meaningful security analysis of existing schemes and supports the design of arguably secure software attestation schemes and will inspire new research in this area.

Typ des Eintrags: Konferenz- oder Workshop-Beitrag (Keine Angabe)
Erschienen: 2013
Autor(en): Armknecht, Frederik ; Sadeghi, Ahmad-Reza ; Schulz, Steffen ; Wachsmann, Christian
Titel: A Security Framework for Analysis and Design of Software Attestation
Sprache: ["languages_typename_1" not defined]
Kurzbeschreibung (Abstract):

Software attestation has become a popular and challenging research topic at many established security conferences with an expected strong impact in practice. It aims at verifying the software integrity of (typically) resource-constrained embedded devices. However, for practical reasons, software attestation cannot rely on stored cryptographic secrets or dedicated trusted hardware. Instead, it exploits side-channel information, such as the time that the underlying device needs for a specific computation. As traditional cryptographic solutions and arguments are not applicable, novel approaches for the design and analysis are necessary. This is certainly one of the main reasons why the security goals, properties and underlying assumptions of existing software attestation schemes have been only vaguely discussed so far, limiting the confidence in their security claims. Thus, putting software attestation on a solid ground and having a founded approach for designing secure software attestation schemes is still an important open problem.

We provide the first steps towards closing this gap. Our first contribution is a security framework that formally captures security goals, attacker models, and various system and design parameters. Moreover, we present a generic software attestation scheme that covers most existing schemes in the literature. Finally, we analyze its security within our framework, yielding sufficient conditions for provably secure software attestation schemes. We expect that such a consolidating work allows for a meaningful security analysis of existing schemes and supports the design of arguably secure software attestation schemes and will inspire new research in this area.

Buchtitel: ACM Conference on Computer and Communications Security (CCS)
Verlag: ACM Press
Freie Schlagworte: ICRI-SC;Secure Things;software attestation, security framework, keyless cryptography
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 04 Aug 2016 10:13
ID-Nummer: TUD-CS-2013-0124
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen