Practical analysis framework for software-based attestation scheme

Practical analysis framework for software-based attestation scheme

An increasing number of ”smart” embedded devices are employed in our living environment nowadays. Unlike traditional computer systems, these devices are often physically accessible to the attackers. It is therefore almost impossible to guarantee that they are un-compromised, i.e., that indeed the de...

Full description

Saved in:
Bibliographic Details
Main Authors: LI, Li, HU, Hong, SUN, Jun, LIU, Yang, DONG Jin Song
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2014
Subjects:
Memory State
Data Memory
Memory Address
Malicious Code
Embed Device
Software Engineering
Online Access:https://ink.library.smu.edu.sg/sis_research/4986
https://ink.library.smu.edu.sg/context/sis_research/article/5989/viewcontent/practical_analysis.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:An increasing number of ”smart” embedded devices are employed in our living environment nowadays. Unlike traditional computer systems, these devices are often physically accessible to the attackers. It is therefore almost impossible to guarantee that they are un-compromised, i.e., that indeed the devices are executing the intended software. In such a context, software-based attestation is deemed as a promising solution to validate their software integrity. It guarantees that the software running on the embedded devices are un-compromised without any hardware support. However, designing software-based attestation protocols are shown to be error-prone. In this work, we develop a framework for design and analysis of software-based attestation protocols. We first propose a generic attestation scheme that captures most existing software-based attestation protocols. After formalizing the security criteria for the generic scheme, we apply our analysis framework to several well-known software-based attestation protocols and report various potential vulnerabilities. To the best of our knowledge, this is the first practical analysis framework for software-based attestation protocols.

Similar Items