State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

Sigurd Frej Joel Jørgensen Ankergård, Edlira Dushku*, Nicola Dragoni

*Corresponding author for this work

Research output: Contribution to journalJournal articleResearchpeer-review

18 Downloads (Pure)

Abstract

The Internet of Things (IoT) ecosystem comprises billions of heterogeneous Internet-connected devices which are revolutionizing many domains, such as healthcare, transportation, smart cities, to mention only a few. Along with the unprecedented new opportunities, the IoT revolution is creating an enormous attack surface for potential sophisticated cyber attacks. In this context, Remote Attestation (RA) has gained wide interest as an important security technique to remotely detect adversarial presence and assure the legitimate state of an IoT device. While many RA approaches proposed in the literature make different assumptions regarding the architecture of IoT devices and adversary capabilities, most typical RA schemes rely on minimal Root of Trust by leveraging hardware that guarantees code and memory isolation. However, the presence of a specialized hardware is not always a realistic assumption, for instance, in the context of legacy IoT devices and resource-constrained IoT devices. In this paper, we survey and analyze existing software-based RA schemes (i.e., RA schemes not relying on specialized hardware components) through the lens of IoT. In particular, we provide a comprehensive overview of their design characteristics and security capabilities, analyzing their advantages and disadvantages. Finally, we discuss the opportunities that these RA schemes bring in attesting legacy and resource-constrained IoT devices, along with open research issues.
Original languageEnglish
Article number1598
JournalSensors
Volume21
Issue number5
Number of pages23
ISSN1424-8220
DOIs
Publication statusPublished - 2021

Keywords

  • Remote attestation
  • Software-based attestation
  • Timing-based attestation
  • Software integrity verification
  • Legacy Internet of Things

Fingerprint Dive into the research topics of 'State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things'. Together they form a unique fingerprint.

Cite this