Surminski, Sebastian ; Niesler, Christian ; Linsner, Sebastian ; Davi, Lucas ; Reuter, Christian (2023)
SCAtt-man: Side-Channel-Based Remote Attestation for Embedded Devices that Users Understand.
13th ACM Conference on Data and Application Security and Privacy. Charlotte, United States (24.04.2023-26.04.2023)
doi: 10.1145/3577923.3583652
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
From the perspective of end-users, IoT devices behave like a black box: As long as they work as intended, users will not detect any compromise. Users have minimal control over the software. Hence, it is very likely that the user misses that illegal recordings and transmissions occur if a security camera or a smart speaker is hacked. In this paper, we present SCAtt-man, the first remote attestation scheme that is specifically designed with the user in mind. SCAtt-man deploys software-based attestation to check the integrity of remote devices, allowing users to verify the integrity of IoT devices with their smartphones. The key novelty of SCAtt-man resides in the utilization of user-observable side-channels such as light or sound in the attestation protocol. Our proof-of-concept implementation targets a smart speaker and an attestation protocol that is based on a data-over-sound protocol. Our evaluation demonstrates the effectiveness of \toolname against a variety of attacks and its usability based on a user study with 20 participants.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2023 |
| Autor(en): | Surminski, Sebastian ; Niesler, Christian ; Linsner, Sebastian ; Davi, Lucas ; Reuter, Christian |
| Art des Eintrags: | Bibliographie |
| Titel: | SCAtt-man: Side-Channel-Based Remote Attestation for Embedded Devices that Users Understand |
| Sprache: | Englisch |
| Publikationsjahr: | 24 April 2023 |
| Verlag: | ACM |
| Buchtitel: | CODASPY '23: Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy |
| Veranstaltungstitel: | 13th ACM Conference on Data and Application Security and Privacy |
| Veranstaltungsort: | Charlotte, United States |
| Veranstaltungsdatum: | 24.04.2023-26.04.2023 |
| DOI: | 10.1145/3577923.3583652 |
| URL / URN: | https://dl.acm.org/doi/abs/10.1145/3577923.3583652 |
| Kurzbeschreibung (Abstract): | From the perspective of end-users, IoT devices behave like a black box: As long as they work as intended, users will not detect any compromise. Users have minimal control over the software. Hence, it is very likely that the user misses that illegal recordings and transmissions occur if a security camera or a smart speaker is hacked. In this paper, we present SCAtt-man, the first remote attestation scheme that is specifically designed with the user in mind. SCAtt-man deploys software-based attestation to check the integrity of remote devices, allowing users to verify the integrity of IoT devices with their smartphones. The key novelty of SCAtt-man resides in the utilization of user-observable side-channels such as light or sound in the attestation protocol. Our proof-of-concept implementation targets a smart speaker and an attestation protocol that is based on a data-over-sound protocol. Our evaluation demonstrates the effectiveness of \toolname against a variety of attacks and its usability based on a user study with 20 participants. |
| Freie Schlagworte: | Solutions, S2, Engineering, E7, Science and Technology for Peace and Security (PEASEC), Secure Software Systems (SYSSEC) |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Wissenschaft und Technik für Frieden und Sicherheit (PEASEC) 20 Fachbereich Informatik > Systemsicherheit DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
| Hinterlegungsdatum: | 10 Jul 2023 09:22 |
| Letzte Änderung: | 10 Jul 2023 09:22 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum