Brasser, Ferdinand ; Rasmussen, Kasper ; Sadeghi, Ahmad-Reza ; Tsudik, Gene (2016)
Remote Attestation for Low-End Embedded Devices: the Prover's Perspective.
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Security of embedded devices is a timely and important issue, due to their proliferation into numerous and diverse settings, and growing popularity of these devices as attack targets, especially via remote malware infestations. One important defense mechanism is attestation, whereby a trusted, and possibly remote, party (verifier) checks the internal state of an untrusted, and potentially compromised, device (prover).Despite much prior work, attestation remains a vibrant research topic. However, most attestation schemes naturally focus on the scenario where the verifier is trusted and the prover is not. The opposite setting - where the prover is benign, and the verifier is malicious - has not received any attention. This paper considers this important issue of prover security, including: verifier impersonation, denial-of-service (DoS) and replay attacks, all of which allow the adversary to incapacitate the prover at a critical moment. We argue that protection of the prover from these attacks must be treated as an important component of any remote attestation method. We formulate a new roaming adversary model for this scenario and present the trade offs involved in countering this threat. We also identify new features and methods needed to protect the prover with minimal additional requirements.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2016 |
| Autor(en): | Brasser, Ferdinand ; Rasmussen, Kasper ; Sadeghi, Ahmad-Reza ; Tsudik, Gene |
| Art des Eintrags: | Bibliographie |
| Titel: | Remote Attestation for Low-End Embedded Devices: the Prover's Perspective |
| Sprache: | Deutsch |
| Publikationsjahr: | 2016 |
| Verlag: | ACM |
| Buchtitel: | Proceedings of the 53nd Annual Design Automation Conference |
| Reihe: | DAC '16 |
| Kurzbeschreibung (Abstract): | Security of embedded devices is a timely and important issue, due to their proliferation into numerous and diverse settings, and growing popularity of these devices as attack targets, especially via remote malware infestations. One important defense mechanism is attestation, whereby a trusted, and possibly remote, party (verifier) checks the internal state of an untrusted, and potentially compromised, device (prover).Despite much prior work, attestation remains a vibrant research topic. However, most attestation schemes naturally focus on the scenario where the verifier is trusted and the prover is not. The opposite setting - where the prover is benign, and the verifier is malicious - has not received any attention. This paper considers this important issue of prover security, including: verifier impersonation, denial-of-service (DoS) and replay attacks, all of which allow the adversary to incapacitate the prover at a critical moment. We argue that protection of the prover from these attacks must be treated as an important component of any remote attestation method. We formulate a new roaming adversary model for this scenario and present the trade offs involved in countering this threat. We also identify new features and methods needed to protect the prover with minimal additional requirements. |
| Freie Schlagworte: | ICRI-SC;STC Secure and Trustworthy Systems; Solutions; S2;Secure Things;Security |
| ID-Nummer: | TUD-CS-2016-0048 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Systemsicherheit DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
| Hinterlegungsdatum: | 04 Aug 2016 10:13 |
| Letzte Änderung: | 02 Mai 2019 12:51 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum