Abstract
We present a novel scheme called Decentralized Attestation for Device Swarms (DADS), which is, to the best of our knowledge, the first to accomplish decentralized attestation in device swarms. Device swarms are smart, mobile, and interconnected devices that operate in large numbers and are likely to be part of emerging applications in Cyber-Physical Systems (CPS) and Industrial Internet of Things (IIoTs). Swarm devices process and exchange safety, privacy, and mission-critical information. Thus, it is important to have a good code verification technique that scales to device swarms and establishes trust among collaborating devices. DADS has several advantages over current state-of-the-art swarm attestation techniques: It is decentralized, has no single point of failure, and can handle changing topologies after nodes are compromised. DADS assures system resilience to node compromise/failure while guaranteeing only devices that execute genuine code remain part of the group. We conduct performance measurements of communication, computation, memory, and energy using the TrustLite embedded systems architecture in OMNeT++ simulation environment. We show that the proposed approach can significantly reduce communication cost and is very efficient in terms of computation, memory, and energy requirements. We also analyze security and show that DADS is very effective and robust against various attacks.
- Moreno Ambrosin, Mauro Conti, Ahmad Ibrahim, Gregory Neven, Ahmad-Reza Sadeghi, and Matthias Schunter. 2016. SANA: Secure and scalable aggregate network attestation. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 731--742. Google Scholar
Digital Library
- Frederik Armknecht, Ahmad-Reza Sadeghi, Steffen Schulz, and Christian Wachsmann. 2013. A security framework for the analysis and design of software attestation. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 1--12. Google Scholar
Digital Library
- N. Asokan, Ferdinand Brasser, Ahmad Ibrahim, Ahmad-Reza Sadeghi, Matthias Schunter, Gene Tsudik, and Christian Wachsmann. 2015. Seda: Scalable embedded device attestation. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 964--975. Google Scholar
Digital Library
- Luigi Atzori, Antonio Iera, and Giacomo Morabito. 2010. The internet of things: A survey. Comput. Netw. 54, 15 (2010), 2787--2805. Google Scholar
Digital Library
- Jingwen Bai, Yan Sun, and Chris Phillips. 2016. CRRP: A cooperative relay routing protocol for IoT networks. In Proceedings of the IEEE 27th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC’16). IEEE, 1--6.Google Scholar
Cross Ref
- Ayan Banerjee, Krishna K. Venkatasubramanian, Tridib Mukherjee, and Sandeep K. S. Gupta. 2012. Ensuring safety, security, and sustainability of mission-critical cyber-physical systems. Proc. IEEE 100, 1 (2012), 283--299.Google Scholar
Cross Ref
- Mihir Bellare. 2006. New proofs for NMAC and HMAC: Security without collision-resistance. In Proceedings of the Annual International Cryptology Conference. Springer, 602--619. Google Scholar
Digital Library
- Mihir Bellare, Ran Canetti, and Hugo Krawczyk. 1996. Keying hash functions for message authentication. In Proceedings of the Annual International Cryptology Conference. Springer, 1--15. Google Scholar
Digital Library
- Dan Boneh. 1998. The decision diffie-hellman problem. In Proceedings of the International Algorithmic Number Theory Symposium. Springer, 48--63. Google Scholar
Digital Library
- Ferdinand Brasser, Brahim El Mahjoub, Ahmad-Reza Sadeghi, Christian Wachsmann, and Patrick Koeberl. 2015. TyTAN: Tiny trust anchor for tiny devices. In Proceedings of the 52nd Annual Design Automation Conference. ACM, 34. Google Scholar
Digital Library
- Ferdinand Brasser, Kasper B. Rasmussen, Ahmad-Reza Sadeghi, and Gene Tsudik. 2016. Remote attestation for low-end embedded devices: The prover’s perspective. In Proceedings of the 53rd ACM/EDAC/IEEE Design Automation Conference (DAC’16). IEEE, 1--6. Google Scholar
Digital Library
- Tracy Camp, Jeff Boleng, and Vanessa Davies. 2002. A survey of mobility models for ad hoc network research. Wireless Commun. Mobile Comput. 2, 5 (2002), 483--502.Google Scholar
Cross Ref
- Xavier Carpent, Karim ElDefrawy, Norrathep Rattanavipanon, and Gene Tsudik. 2017. LIghtweight swarm attestation: A tale of Two LISA-s. In Proceedings of the ACM Asia Conference on Computer and Communications Security. ACM, 86--100. Google Scholar
Digital Library
- Ray Chen, Yating Wang, and Ding-Chau Wang. 2010. Reliability of wireless sensors with code attestation for intrusion detection. Info. Process. Lett. 110, 17 (2010), 778--786. Google Scholar
Digital Library
- Li Da Xu, Wu He, and Shancang Li. 2014. Internet of things in industries: A survey. IEEE Trans. Industr. Info. 10, 4 (2014), 2233--2243.Google Scholar
Cross Ref
- Whitfield Diffie and Martin Hellman. 1976. New directions in cryptography. IEEE Trans. Info. Theory 22, 6 (1976), 644--654. Google Scholar
Digital Library
- Danny Dolev and Andrew Yao. 1983. On the security of public key protocols. IEEE Trans. Info. Theory 29, 2 (1983), 198--208. Google Scholar
Digital Library
- D. Eastlake III and Paul Jones. 2001. U.S. Secure Hash Algorithm 1 (SHA1). Technical Report. Google Scholar
Digital Library
- Karim Eldefrawy, Gene Tsudik, Aurélien Francillon, and Daniele Perito. 2012. SMART: Secure and minimal architecture for (establishing dynamic) root of trust. In Proceedings of the Network and Distributed System Security Symposium (NDSS’12), Vol. 12. 1--15.Google Scholar
- Aurélien Francillon, Quan Nguyen, Kasper B. Rasmussen, and Gene Tsudik. 2014. A minimalist approach to remote attestation. In Proceedings of the Design, Automation 8 Test in Europe Conference 8 Exhibition (DATE’14). IEEE, 1--6. Google Scholar
Digital Library
- Lei Gong, Yuebin Bai, Ming Chen, and Depei Qian. 2008. Link availability prediction in ad hoc networks. In Proceedings of the 14th IEEE International Conference on Parallel and Distributed Systems (ICPADS’08). IEEE, 423--428. Google Scholar
Digital Library
- Gregory Hackmann, Weijun Guo, Guirong Yan, Zhuoxiong Sun, Chenyang Lu, and Shirley Dyke. 2014. Cyber-physical codesign of distributed structural health monitoring with wireless sensor networks. IEEE Trans. Parallel Distrib. Syst. 25, 1 (2014), 63--72. Google Scholar
Digital Library
- Ahmad Ibrahim, Ahmad-Reza Sadeghi, Gene Tsudik, and Shaza Zeitouni. 2016. DARPA: Device attestation resilient to physical attacks. In Proceedings of the 9th ACM Conference on Security 8 Privacy in Wireless and Mobile Networks. ACM, 171--182. Google Scholar
Digital Library
- A. G. Illera and J. V. Vidal. 2014. Lights off! The darkness of the smart meters. BlackHat Europe (2014). Retrieved from https://www.blackhat.com/eu-14/briefings.html.Google Scholar
- Don Johnson, Alfred Menezes, and Scott Vanstone. 2001. The elliptic curve digital signature algorithm (ECDSA). Int. J. Info. Secur. 1, 1 (2001), 36--63. Google Scholar
Digital Library
- M. Kabay. 2010. Attacks on power systems: Hackers malware. Norwich University (2010). Retrieved from https://www.networkworld.com/article/2217684/attacks-on-power-systems-hackers-malware.html.Google Scholar
- Rick Kennell and Leah H. Jamieson. 2003. Establishing the genuinity of remote computer systems. In Proceedings of the USENIX Security Symposium. 295--308. Google Scholar
Digital Library
- Patrick Koeberl, Steffen Schulz, Ahmad-Reza Sadeghi, and Vijay Varadharajan. 2014. TrustLite: A security architecture for tiny embedded devices. In Proceedings of the 9th European Conference on Computer Systems. ACM, 10. Google Scholar
Digital Library
- Yanlin Li, Jonathan M. McCune, and Adrian Perrig. 2010. SBAP: Software-based attestation for peripherals. In Proceedings of the International Conference on Trust and Trustworthy Computing (TRUST’10). Springer, 16--29. Google Scholar
Digital Library
- Yanlin Li, Jonathan M. McCune, and Adrian Perrig. 2011. VIPER: Verifying the integrity of PERipherals’ firmware. In Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM, 3--16. Google Scholar
Digital Library
- Yehuda Lindell and Jonathan Katz. 2014. Introduction to Modern Cryptography. Chapman and Hall/CRC.Google Scholar
- Hamid Menouar, Ismail Guvenc, Kemal Akkaya, A. Selcuk Uluagac, Abdullah Kadri, and Adem Tuncer. 2017. UAV-enabled intelligent transportation systems for the smart city: Applications and challenges. IEEE Commun. Mag. 55, 3 (2017), 22--28. Google Scholar
Digital Library
- Seyed Morteza Mousavi, Hamid R. Rabiee, M. Moshref, and A. Dabirmoghaddam. 2007. Mobisim: A framework for simulation of mobility models in mobile ad hoc networks. In Proceedings of the 3rd IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (WiMOB’07). IEEE, 82--82. Google Scholar
Digital Library
- Job Noorman, Pieter Agten, Wilfried Daniels, Raoul Strackx, Anthony Van Herrewege, Christophe Huygens, Bart Preneel, Ingrid Verbauwhede, and Frank Piessens. 2013. Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In Proceedings of the USENIX Security Symposium. 479--494. Google Scholar
Digital Library
- Job Noorman, Jo Van Bulck, Jan Tobias Mühlberg, Frank Piessens, Pieter Maene, Bart Preneel, Ingrid Verbauwhede, Johannes Götzfried, Tilo Müller, and Felix Freiling. 2017. Sancus 2.0: A low-cost security architecture for IoT devices. ACM Trans. Privacy Secur. 20, 3 (2017), 7. Google Scholar
Digital Library
- NS-3. {n.d.}. Network simulator tools-3 (NS-3). Retrieved from http://https://www.nsnam.org/.Google Scholar
- Bryan Parno, Jonathan M. McCune, and Adrian Perrig. 2010. Bootstrapping trust in commodity computers. In Proceedings of the IEEE Symposium on Security and Privacy (SP’10). IEEE, 414--429. Google Scholar
Digital Library
- Jonathan Pollet and J. Cummins. 2010. Electricity for free? The dirty underbelly of scada and smart meters. In Proceedings of Black Hat USA.Google Scholar
- Prabhu Ramaswamy. 2016. Iot smart parking system for reducing green house gas emission. In Proceedings of the 5th International Conference On Recent Trends In Information Technology. 1--6.Google Scholar
Cross Ref
- Amit Kumar Saha and David B. Johnson. 2004. Modeling mobility for vehicular ad hoc networks. In Proceedings of the 1st ACM International Workshop on Vehicular Ad Hoc Networks. ACM, 91--92. Google Scholar
Digital Library
- Erol Şahin. 2004. Swarm robotics: From sources of inspiration to domains of application. In Proceedings of the International Workshop on Swarm Robotics. Springer, 10--20. Google Scholar
Digital Library
- Steffen Schulz, Ahmad-Reza Sadeghi, and Christian Wachsmann. 2011. Short paper: Lightweight remote attestation using physical functions. In Proceedings of the 4th ACM Conference on Wireless Network Security. ACM, 109--114. Google Scholar
Digital Library
- Arvind Seshadri, Mark Luk, and Adrian Perrig. 2008. SAKE: Software attestation for key establishment in sensor networks. In Proceedings of the International Conference on Distributed Computing in Sensor Systems. Springer, 372--385. Google Scholar
Digital Library
- Arvind Seshadri, Mark Luk, Adrian Perrig, Leendert van Doorn, and Pradeep Khosla. 2006. SCUBA: Secure code update by attestation in sensor networks. In Proceedings of the 5th ACM workshop on Wireless security. ACM, 85--94. Google Scholar
Digital Library
- Arvind Seshadri, Adrian Perrig, Leendert Van Doorn, and Pradeep Khosla. 2004. Swatt: Software-based attestation for embedded devices. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 272--282.Google Scholar
Cross Ref
- Sean W. Smith. 2004. Outbound authentication for programmable secure coprocessors. Int. J. Info. Secur. 3, 1 (2004), 28--41. Google Scholar
Digital Library
- George Spanogiannopoulos, Natalija Vlajic, and Dusan Stevanovic. 2009. A simulation-based performance analysis of various multipath routing techniques in ZigBee sensor networks. In Proceedings of the International Conference on Ad Hoc Networks. Springer, 300--315.Google Scholar
- TCG. {n.d.}. Trusted Computing Group (TCG). Retrieved from http://www.trustedcomputinggroup.org/.Google Scholar
- Jaikumar Vijayan. 2010. Stuxnet renews power grid security concerns. Computerworld 26 (2010). Retrieved from https://www.computerworld.com/article/2519574/stuxnet-renews-power-grid-security-concerns.html.Google Scholar
- Xinyu Yang, Xiaofei He, Wei Yu, Jie Lin, Rui Li, Qingyu Yang, and Houbing Song. 2015. Towards a low-cost remote memory attestation for the smart grid. Sensors 15, 8 (2015), 20799--20824.Google Scholar
Cross Ref
- Michele Zorzi, Alexander Gluhak, Sebastian Lange, and Alessandro Bassi. 2010. From today’s intranet of things to a future internet of things: A wireless-and mobility-related view. IEEE Wireless Commun. 17, 6 (2010), 44--51. Google Scholar
Digital Library
Index Terms
DADS: Decentralized Attestation for Device Swarms
Recommendations
SEDA: Scalable Embedded Device Attestation
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications SecurityToday, large numbers of smart interconnected devices provide safety and security critical services for energy grids, industrial control systems, gas and oil search robots, home/office automation, transportation, and critical infrastructure. These ...
Lightweight Swarm Attestation: A Tale of Two LISA-s
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications SecurityIn the last decade, Remote Attestation (RA) emerged as a distinct security service for detecting attacks on embedded devices, cyber-physical systems (CPS) and Internet of Things (IoT) devices. RA involves verification of current internal state of an ...
SALAD: Secure and Lightweight Attestation of Highly Dynamic and Disruptive Networks
ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications SecurityToday, tiny embedded Internet of Things (IoT) devices are increasingly used in safety- and privacy-critical application scenarios. In many of these scenarios, devices perform a certain task collectively as a swarm. Remote attestation is an important ...






Comments