research-article

SALAD: Secure and Lightweight Attestation of Highly Dynamic and Disruptive Networks

Authors:

Florian Kohnhäuser,

Niklas Büscher,

Stefan KatzenbeisserAuthors Info & Claims

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

Pages 329 - 342

https://doi.org/10.1145/3196494.3196544

Published: 29 May 2018 Publication History

Abstract

Today, tiny embedded Internet of Things (IoT) devices are increasingly used in safety- and privacy-critical application scenarios. In many of these scenarios, devices perform a certain task collectively as a swarm. Remote attestation is an important cornerstone for the security of these IoT devices, as it allows to verify the integrity of the software on remote devices. Recently proposed collective attestation protocols are able to attest entire device swarms in an efficient way. However, these protocols are inefficient or even inapplicable when devices in the network are mobile or lack continuous connectivity. This work presents SALAD, the first collective attestation protocol for highly dynamic and disruptive networks. SALAD uses a novel distributed approach, where devices incrementally establish a common view on the integrity of all devices in the network. In contrast to existing protocols, SALAD performs well in highly dynamic and disruptive network topologies, increases resilience against targeted Denial of Service (DoS) attacks, and allows to obtain the attestation result from any device. Moreover, SALAD is capable of mitigating physical attacks in an efficient manner, which is achieved by adapting and extending recently proposed aggregation schemes. We demonstrate the security of SALAD and show its effectiveness by providing large-scale simulation results.

References

[1]

2017. Gartner Says 8.4 Billion Connected "Things" Will Be in Use in 2017, Up 31 Percent From 2016. (2017). http://www.gartner.com/newsroom/id/3598917.

[2]

Tigist Abera, N Asokan, Lucas Davi, Jan-Erik Ekberg, Thomas Nyman, Andrew Paverd, Ahmad-Reza Sadeghi, and Gene Tsudik. 2016. C-FLAT: control-flow attestation for embedded systems software. In ACM CCS.

Digital Library

[3]

Moreno Ambrosin, Mauro Conti, Ahmad Ibrahim, Gregory Neven, Ahmad-Reza Sadeghi, and Matthias Schunter. 2016. SANA: secure and scalable aggregate network attestation. In ACM CCS.

Digital Library

[4]

N Asokan, Ferdinand Brasser, Ahmad Ibrahim, Ahmad-Reza Sadeghi, Matthias Schunter, Gene Tsudik, and Christian Wachsmann. 2015. Seda: Scalable embedded device attestation. In ACM CCS.

Digital Library

[5]

Alexander Becher, Zinaida Benenson, and Maximillian Dornseif. 2006. Tampering with motes: Real-world physical attacks on wireless sensor networks. In International Conference on Security in Pervasive Computing.

Digital Library

[6]

Daniel J Bernstein. 2006. Curve25519: new Diffie-Hellman speed records. In PKC.

Digital Library

[7]

Daniel J Bernstein. 2009. Supercop: System for unified performance evaluation related to cryptographic operations and primitives. (2009).

[8]

Ben Romdhanne Bilel, Nikaein Navid, and Mohamed Said Mosli Bouksiaa. 2012. Hybrid cpu-gpu distributed framework for large scale mobile networks simulation. In IEEE/ACM DS-RT.

[9]

Dan Boneh, Craig Gentry, Ben Lynn, and Hovav Shacham. 2003. Aggregate and verifiably encrypted signatures from bilinear maps. In EUROCRYPT.

Digital Library

[10]

Coen Bron and Joep Kerbosch. 1973. Algorithm 457: finding all cliques of an undirected graph. Commun. ACM (1973).

Digital Library

[11]

T Ryan Burchfield, S Venkatesan, and Douglas Weiner. 2007. Maximizing throughput in ZigBee wireless networks through analysis, simulations and implementations. In LOCALALGOS.

[12]

Jenna Burrell, Tim Brooke, and Richard Beckwith. 2004. Vineyard computing: Sensor networks in agricultural production. IEEE Pervasive computing (2004).

Digital Library

[13]

Xavier Carpent, Karim ElDefrawy, Norrathep Rattanavipanon, and Gene Tsudik. 2017. LIghtweight Swarm Attestation: a Tale of Two LISA-s. In ACM ASIACCS.

Digital Library

[14]

Claude Castelluccia, Aurélien Francillon, Daniele Perito, and Claudio Soriente. 2009. On the difficulty of software-based attestation of embedded devices. In ACM CCS.

Digital Library

[15]

Andrei Costin, Jonas Zaddach, Aurélien Francillon, Davide Balzarotti, and Sophia Antipolis. 2014. A large-scale analysis of the security of embedded firmwares. In USENIX Security.

Digital Library

[16]

Ang Cui, Michael Costello, and Salvatore J Stolfo. 2013. When Firmware Modifications Attack: A Case Study of Embedded Exploitation. In NDSS.

[17]

Karim Eldefrawy, Gene Tsudik, Aurélien Francillon, and Daniele Perito. 2012. SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust. In NDSS.

[18]

Aurélien Francillon, Quan Nguyen, Kasper B Rasmussen, and Gene Tsudik. 2014. A minimalist approach to remote attestation. In DATE.

Digital Library

[19]

Zheng Guo, Gioele Colombi, Bing Wang, Jun-Hong Cui, Dario Maggiorini, and Gian Paolo Rossi. 2008. Adaptive routing in underwater delay/disruption tolerant sensor networks. In IEEE WONS.

[20]

Lingxuan Hu and David Evans. 2003. Secure aggregation for wireless networks. In IEEE SAINT.

Digital Library

[21]

Ahmad Ibrahim, Ahmad-Reza Sadeghi, Gene Tsudik, and Shaza Zeitouni. 2016. DARPA: Device attestation resilient to physical attacks. In ACM WiSec.

Digital Library

[22]

Ahmad Ibrahim, Ahmad-Reza Sadeghi, and Shaza Zeitouni. 2017. SeED: secure non-interactive attestation for embedded devices. In ACM WiSec.

Digital Library

[23]

Intel Open Source Technology Center. 2017. TinyCrypt Cryptographic Library. https://github.com/01org/tinycrypt.

[24]

Jonathan Katz and Andrew Lindell. 2008. Aggregate message authentication codes. Topics in Cryptology--CT-RSA 2008 (2008).

Digital Library

[25]

Ari Keränen, Jörg Ott, and Teemu Kärkkäinen. 2009. The ONE simulator for DTN protocol evaluation. In SIMUtools.

[26]

Patrick Koeberl, Steffen Schulz, Ahmad-Reza Sadeghi, and Vijay Varadharajan. 2014. TrustLite: A security architecture for tiny embedded devices. In ACM EuroSys.

Digital Library

[27]

Florian Kohnhäuser, Niklas Büscher, Sebastian Gabmeyer, and Stefan Katzenbeisser. 2017. SCAPI: A Scalable Attestation Protocol to Detect Software and Physical Attacks. In ACM WiSec.

Digital Library

[28]

Xeno Kovah, Corey Kallenberg, Chris Weathers, Amy Herzog, Matthew Albin, and John Butterworth. 2012. New results for timing-based attestation. In IEEE S&P.

Digital Library

[29]

Hugo Krawczyk, Ran Canetti, and Mihir Bellare. 1997. HMAC: Keyed-hashing for message authentication. In RFC 2104. Network Working Group.

Digital Library

[30]

KrebsOnSecurity. 2017. Reaper: Calm Before the IoT Security Storm? (2017). https: //krebsonsecurity.com/2017/10/reaper-calm-before-the-iot-security-storm/.

[31]

Yanlin Li, Jonathan M McCune, and Adrian Perrig. 2011. VIPER: verifying the integrity of PERipherals' firmware. In ACM CCS.

Digital Library

[32]

Steve Lu, Rafail Ostrovsky, Amit Sahai, Hovav Shacham, and Brent Waters. 2006. Sequential Aggregate Signatures and Multisignatures Without Random Oracles. In EUROCRYPT.

Digital Library

[33]

Bartosz Przydatek, Dawn Song, and Adrian Perrig. 2003. SIA: Secure information aggregation in sensor networks. In ACM Sensys.

Digital Library

[34]

Steffen Schulz, André Schaller, Florian Kohnhäuser, and Stefan Katzenbeisser. 2017. Boot Attestation: Secure Remote Reporting with Off-The-Shelf IoT Sensors. In ESORICS.

[35]

Leo Selavo, Anthony Wood, Qing Cao, Tamim Sookoor, Hengchang Liu, Aravind Srinivasan, Yafeng Wu, Woochul Kang, John Stankovic, Don Young, et al. 2007. Luster: wireless sensor network for environmental research. In ACM SenSys.

Digital Library

[36]

Arvind Seshadri, Mark Luk, and Adrian Perrig. 2008. SAKE: Software attestation for key establishment in sensor networks. In DCOSS.

Digital Library

[37]

Sergei Petrovich Skorobogatov. 2005. Semi-invasive attacks: a new approach to hardware security analysis. Ph.D. Dissertation. University of Cambridge.

[38]

Gelareh Taban and Virgil Gligor. 2008. Efficient handling of adversary attacks in aggregation applications. In ESORICS.

Digital Library

[39]

Noriki Uchida, Noritaka Kawamura, Tomoyuki Ishida, and Yoshitaka Shibata. 2014. Proposal of autonomous flight wireless nodes with delay tolerant networks for disaster use. In IMIS.

Digital Library

[40]

András Varga and Rudolf Hornig. 2008. An overview of the OMNeT++ simulation environment. In SIMUTools.

Digital Library

[41]

Peng Wang, Dengguo Feng, Changlu Lin, and Wenling Wu. 2009. Security of Truncated MACs. In Information Security and Cryptology.

Digital Library

[42]

Yi Yang, Xinran Wang, Sencun Zhu, and Guohong Cao. 2008. SDAP: A secure hop-by-hop data aggregation protocol for sensor networks. ACM TISSEC (2008).

Digital Library

[43]

Zhensheng Zhang. 2006. Routing in intermittently connected mobile ad hoc networks and delay tolerant networks: overview and challenges. IEEE Communications Surveys &Tutorials 8, 1 (2006).

Digital Library

Cited By

El-Zawawy MVasudev HConti M(2025)BDMFA: Forensic-enabling attestation technique for Internet of Medical ThingsInternet of Things10.1016/j.iot.2024.10146429(101464)Online publication date: Jan-2025
https://doi.org/10.1016/j.iot.2024.101464
Bai FWang ZZeng KZhang CShen TZhang XGong B(2025)ZKSA: Secure mutual Attestation against TOCTOU Zero-knowledge Proof based for IoT DevicesComputers & Security10.1016/j.cose.2024.104136148(104136)Online publication date: Jan-2025
https://doi.org/10.1016/j.cose.2024.104136
Dushku EDragoni N(2025)Swarm AttestationEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1783(2558-2562)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1783
Show More Cited By

Index Terms

SALAD: Secure and Lightweight Attestation of Highly Dynamic and Disruptive Networks

Recommendations

SANA: Secure and Scalable Aggregate Network Attestation
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Large numbers of smart connected devices, also named as the Internet of Things (IoT), are permeating our environments (homes, factories, cars, and also our body - with wearable devices) to collect data and act on the insight derived. Ensuring software ...
LICAPA: Lightweight collective attestation for physical attacks detection in highly dynamic networks
Abstract
UAVs or vehicular networks have been extensively used in different domains. Such a system network consists of various heterogeneous and mobile devices operating autonomously and cooperatively to provide flexible services. However, ensuring ...
A collective attestation scheme towards cloud system
Abstract
Considering cloud computing continues to grow and flourish, the increasing number of cloud infrastructures results in unlimited resources and convenient pay-as-you-go services, which makes it essential to ensure software integrity (including OS, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

May 2018

866 pages

ISBN:9781450355766

DOI:10.1145/3196494

General Chairs:
Jong Kim
Pohang University of Science and Technology, South Korea
,
Gail-Joon Ahn
Arizona State University, USA &Samsung Electronics, South Korea
,
Seungjoo Kim
Korea University, South Korea
,
Program Chairs:
Yongdae Kim
KAIST, South Korea
,
Javier Lopez
University of Malaga, Spain
,
Taesoo Kim
Georgia Tech, USA

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 May 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

DFG
LOEWE
Hessen State Ministry for Higher Education Research and the Arts (HMWK)

Conference

ASIA CCS '18

Sponsor:

SIGSAC

ASIA CCS '18: ACM Asia Conference on Computer and Communications Security

June 4, 2018

Incheon, Republic of Korea

Acceptance Rates

ASIACCS '18 Paper Acceptance Rate 52 of 310 submissions, 17%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

38
Total Citations
View Citations
552
Total Downloads

Downloads (Last 12 months)44
Downloads (Last 6 weeks)7

Reflects downloads up to 29 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

El-Zawawy MVasudev HConti M(2025)BDMFA: Forensic-enabling attestation technique for Internet of Medical ThingsInternet of Things10.1016/j.iot.2024.10146429(101464)Online publication date: Jan-2025
https://doi.org/10.1016/j.iot.2024.101464
Bai FWang ZZeng KZhang CShen TZhang XGong B(2025)ZKSA: Secure mutual Attestation against TOCTOU Zero-knowledge Proof based for IoT DevicesComputers & Security10.1016/j.cose.2024.104136148(104136)Online publication date: Jan-2025
https://doi.org/10.1016/j.cose.2024.104136
Dushku EDragoni N(2025)Swarm AttestationEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1783(2558-2562)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1783
Yu FHuang Y(2024)SDATA: Symmetrical Device Identifier Composition Engine Complied Aggregate Trust AttestationSymmetry10.3390/sym1603031016:3(310)Online publication date: 6-Mar-2024
https://doi.org/10.3390/sym16030310
Ferro LBravi ESisinni SLioy AGupta MAbdelsalam MPritom MAwaysheh F(2024)SAFEHIVE: Secure Attestation Framework for Embedded and Heterogeneous IoT Devices in Variable EnvironmentsProceedings of the 2024 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems10.1145/3643650.3658609(41-50)Online publication date: 21-Jun-2024
https://dl.acm.org/doi/10.1145/3643650.3658609
Vliegen JRabbani MHellemans WMentens N(2024)HAGAR: Hashgraph-based Aggregated Communication and Remote AttestationProceedings of the 21st ACM International Conference on Computing Frontiers: Workshops and Special Sessions10.1145/3637543.3654655(10-16)Online publication date: 7-May-2024
https://dl.acm.org/doi/10.1145/3637543.3654655
Zilberman AStulman ADvir A(2024)Identifying a Malicious Node in a UAV NetworkIEEE Transactions on Network and Service Management10.1109/TNSM.2023.330080921:1(1226-1240)Online publication date: Feb-2024
https://doi.org/10.1109/TNSM.2023.3300809
El-Zawawy MLal CConti M(2024)A Location-Aware and Healing Attestation Scheme for Air-Supported Internet of VehiclesIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2023.331677525:2(2017-2033)Online publication date: Feb-2024
https://doi.org/10.1109/TITS.2023.3316775
Sisinni SBerbecaru DDonnini VLioy A(2024)MATCH-IN: Mutual Attestation for Trusted Collaboration in Heterogeneous IoT Networks2024 IEEE Symposium on Computers and Communications (ISCC)10.1109/ISCC61673.2024.10733616(1-6)Online publication date: 26-Jun-2024
https://doi.org/10.1109/ISCC61673.2024.10733616
Lee DShin OCha YLee JYun TKim JOh HNicopoulos CLee S(2024)A Hardware-Based Correct Execution Environment Supporting Virtual MemoryIEEE Access10.1109/ACCESS.2024.344350912(114008-114022)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3443509
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten