Published May 27, 2023 | Version v1
Journal article Open

PROVE: Provable remote attestation for public verifiability

  • 1. Department of Electronic Systems, Aalborg University, Copenhagen, Denmark
  • 2. ES&S, imec-COSIC, ESAT, KU Leuven, Diepenbeek, Belgium
  • 3. c Faculty of Engineering, Vrije Universiteit Brussel (VUB), Brussels, Belgium
  • 4. ES&S, imec-COSIC, ESAT, KU Leuven, Diepenbeek, Belgium; LIACS, Leiden University, Leiden, The Netherlands

Description

The expanding attack surface of Internet of Things (IoT) systems calls for innovative security approaches to verify the reliability of IoT devices. To this end, Remote Attestation (RA) serves as a key mechanism that remotely detects the presence of malware in IoT devices. Typically, RA allows a centralized trusted Verifier to retrieve reliable evidence about the software integrity of an untrusted Prover. Existing RA schemes generally rely on the assumption that the Verifier and the Prover know each other and have pre-shared cryptographic keys during the bootstrap phase. However, these assumptions are not realistic to employ over commonly used event-driven IoT networks, in which the interacting parties do not know each other and do not communicate directly.

This paper proposes PROVE, a novel protocol that allows many Verifiers to attest one or more Provers without pre-shared key material and without using public-key cryptography which is often not suitable for resource-constraint IoT devices. In particular, PROVE considers a realistic IoT system where devices adopt the publish/subscribe communication paradigm. In PROVE, the subscribers act as untrusted Verifiers and attest not only the firmware integrity of the publishers that act as untrusted Provers but also the authenticity of the received data originated from these publishers. We simulate PROVE on the Contiki emulator and demonstrate the scalability of the solution. We also validate PROVE through two hardware proof-of-concept implementations: PROVE and PROVE+, which rely on different cryptographic cores. The results show that a complete execution of the protocol takes 4605 ns and 324 ns for PROVE and PROVE+, respectively.

Files

ba9dc861-2fc8-4083-b9c9-bb3cc9a48260.pdf

Files (3.3 MB)

Name Size Download all
md5:ebfd8d3907bcbbdbb2bf4b34ccffc5d9
3.3 MB Preview Download

Additional details

Funding

ASSURED – Future Proofing of ICT Trust Chains: Sustainable Operational Assurance and Verification Remote Guards for Systems-of-Systems Security and Privacy 952697
European Commission