research-article

Privilege-Based Remote Attestation: Towards Integrity Assurance for Lightweight Clients

Authors:

Andrea Höller,

Nermin Kajtazovic,

Christian KreinerAuthors Info & Claims

IoTPTS '15: Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and Security

Pages 3 - 9

https://doi.org/10.1145/2732209.2732211

Published: 14 April 2015 Publication History

Abstract

Remote attestation is used to assure the integrity of a trusted platform (prover) to a remote party (challenger). Traditionally, plain binary attestation (i.e., attesting the integrity of software by measuring their binaries) is the method of choice. Especially in the resource-constrained embedded domain with the ever-growing number of integrated services per platform, this approach is not feasible since the challenger has to know all possible 'good' configurations of the prover. In this work, a new approach based on software privileges is presented. It reduces the number of possible configurations the challenger has to know by ignoring all services on the prover that are not used by the challenger. For the ignored services, the challenger ensures that they do not have the privileges to manipulate the used services. To achieve this, the prover measures the privileges of its software modules by parsing their binaries for particular system API calls. The results show significant reduction of need-to-know configurations. The implementation of the central system parts show its practicability, especially if combined with a fine-grained system API.

References

[1]

R. Akram, K. Markantonakis, and K. Mayes. Remote Attestation Mechanism based on Physical Unclonable Functions. The 2013 Workshop on RFID and IoT Security, 2013.

[2]

I. Bente, G. Dreo, and B. Hellmann. Towards permission-based attestation for the android platform. Trust and Trustworthy Computing, pages 108--115, 2011.

Digital Library

[3]

M. Ceccato, Y. Ofek, and P. Tonella. A Protocol for Property-Based Attestation. Theory and Practice of Computer Science, page 7, 2008.

[4]

L. Chen, H. Löhr, M. Manulis, and A. Sadeghi. Property-based attestation without a trusted third party. Information Security, pages 1--16, 2008.

Digital Library

[5]

A. Francillon, Q. Nguyen, K. B. Rasmussen, and G. Tsudik. A minimalist approach to Remote Attestation. Design, Automation & Test in Europe Conference & Exhibition (DATE), 2014, pages 1--6, 2014.

Digital Library

[6]

Google. Android Home Page. URL: http://www.android.com/.

[7]

J. Hollingsworth, B. Miller, and J. Cargille. Dynamic program instrumentation for scalable performance tools. Scalable High-Performance Computing Conference, 1994.

[8]

T. Jaeger, R. Sailer, and U. Shankar. PRIMA: policy-reduced integrity measurement architecture. In ACM Symposium on Access Control Models and Technologies, pages 19--28, 2006.

Digital Library

[9]

M. LeMay and C. a. Gunter. Cumulative Attestation Kernels for Embedded Systems. IEEE Transactions on Smart Grid, 3(2):744--760, June 2012.

[10]

J. Li, H. Zhang, and B. Zhao. Research of reliable trusted boot in embedded systems. In Computer Science and Network Technology (ICCSNT), 2011.

[11]

N. P. Loscocco. Integrating exible support for security policies into the Linux operating system. In FREENIX Track: 2001 USENIX Annual Technical, number February, 2001.

Digital Library

[12]

M. Nauman, S. Khan, X. Zhang, and J. Seifert. Beyond kernel-level integrity measurement: enabling remote attestation for the android platform. Trust and Trustworthy Computing, pages 1--15, 2010.

Digital Library

[13]

A. Sadeghi and C. Stüble. Property-based attestation for computing platforms: caring about properties, not mechanisms. Proceedings of the 2004 workshop on New Security Paradigms, pages 67--77, 2004.

Digital Library

[14]

R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the 13th conference on USENIX Security Symposium, Berkeley, CA, USA, 2004. USENIX Association.

Digital Library

[15]

S. W. Smith. Outbound authentication for programmable secure coprocessors. International Journal of Information Security, 3(1):28--41, May 2004.

Digital Library

[16]

Trusted Computing Group. TPM Main Specificication Level 2 Version 1.2, 2006.

[17]

W. Xu, X. Zhang, and H. Hu. Remote attestation with domain-based integrity model and policy analysis. Dependable and Secure Computing, 9(3):429--442, 2012.

Digital Library

[18]

Q. Zhang, Y. He, and C. Meng. Semantic Remote Attestation for Security Policy. 2010 International Conference on Information Science and Applications, pages 1--8, 2010.

Cited By

Zhang XChen ZZhang XShen QWu Z(2024)IPOD2: an irrecoverable and verifiable deletion scheme for outsourced dataThe Computer Journal10.1093/comjnl/bxae05367:10(2877-2889)Online publication date: 30-Jun-2024
https://doi.org/10.1093/comjnl/bxae053
Zhou WJia YPeng AZhang YLiu P(2019)The Effect of IoT New Features on Security and Privacy: New Threats, Existing Solutions, and Challenges Yet to Be SolvedIEEE Internet of Things Journal10.1109/JIOT.2018.28477336:2(1606-1616)Online publication date: Apr-2019
https://doi.org/10.1109/JIOT.2018.2847733
Rauter TIber JKreiner C(2018)Integrating Integrity Reporting Into Industrial Control SystemsSolutions for Cyber-Physical Systems Ubiquity10.4018/978-1-5225-2845-6.ch014(358-382)Online publication date: 2018
https://doi.org/10.4018/978-1-5225-2845-6.ch014
Show More Cited By

Index Terms

Privilege-Based Remote Attestation: Towards Integrity Assurance for Lightweight Clients

Recommendations

Analysis of existing remote attestation techniques

This paper has been written as a part of the research project that is working towards the implementation of dynamic behavioral attestation for mobile platforms. The motivation behind this paper was to analyze the existing remote attestation techniques ...
Credibility Attestation of Property Remote Attestation Method
FITME '09: Proceedings of the 2009 Second International Conference on Future Information Technology and Management Engineering

During the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of ...
Model-Driven Remote Attestation: Attesting Remote System from Behavioral Aspect
ICYCS '08: Proceedings of the 2008 The 9th International Conference for Young Computer Scientists

Remote attestation was introduced in TCG specificationsto determine whether a remote system is trusted to behavein a particular manner for a specific purpose; however,most of the existing approaches attest only the integritystate of a remote system and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IoTPTS '15: Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and Security

April 2015

50 pages

ISBN:9781450334495

DOI:10.1145/2732209

Program Chairs:
Richard Chow
Intel Corporation
,
Gokay Saldamli
Samsung Research America

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 April 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Österreichische Forschungsförderungsgesellschaft

Conference

ASIA CCS '15

Sponsor:

SIGSAC

ASIA CCS '15: 10th ACM Symposium on Information, Computer and Communications Security

April 14 - March 14, 2015

Singapore, Republic of Singapore

Acceptance Rates

IoTPTS '15 Paper Acceptance Rate 5 of 13 submissions, 38%;

Overall Acceptance Rate 16 of 39 submissions, 41%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
338
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)2

Reflects downloads up to 26 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhang XChen ZZhang XShen QWu Z(2024)IPOD2: an irrecoverable and verifiable deletion scheme for outsourced dataThe Computer Journal10.1093/comjnl/bxae05367:10(2877-2889)Online publication date: 30-Jun-2024
https://doi.org/10.1093/comjnl/bxae053
Zhou WJia YPeng AZhang YLiu P(2019)The Effect of IoT New Features on Security and Privacy: New Threats, Existing Solutions, and Challenges Yet to Be SolvedIEEE Internet of Things Journal10.1109/JIOT.2018.28477336:2(1606-1616)Online publication date: Apr-2019
https://doi.org/10.1109/JIOT.2018.2847733
Rauter TIber JKreiner C(2018)Integrating Integrity Reporting Into Industrial Control SystemsSolutions for Cyber-Physical Systems Ubiquity10.4018/978-1-5225-2845-6.ch014(358-382)Online publication date: 2018
https://doi.org/10.4018/978-1-5225-2845-6.ch014
Luo WRuan AShen QWu Z(2018)TProv: Towards a Trusted Provenance-Aware Service Based on Trusted ComputingWeb Services – ICWS 201810.1007/978-3-319-94289-6_5(67-83)Online publication date: 19-Jun-2018
https://doi.org/10.1007/978-3-319-94289-6_5
Rauter THoller AIber JKrisper MKreiner C(2017)Integration of Integrity Enforcing Technologies into Embedded Control Devices: Experiences and Evaluation2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing (PRDC)10.1109/PRDC.2017.29(155-164)Online publication date: Jan-2017
https://doi.org/10.1109/PRDC.2017.29
Zhang YWang LYou YYi L(2017)A Remote-Attestation-Based Extended Hash Algorithm for Privacy Protection2017 International Conference on Computer Network, Electronic and Automation (ICCNEA)10.1109/ICCNEA.2017.60(254-257)Online publication date: Sep-2017
https://doi.org/10.1109/ICCNEA.2017.60
Vinh TCagnon HBouzefrane SBanerjee S(2017)Property‐based token attestation in mobile computingConcurrency and Computation: Practice and Experience10.1002/cpe.435032:1Online publication date: 27-Oct-2017
https://doi.org/10.1002/cpe.4350
Rauter THöller AIber JKreiner CRömer KLangendoen KVoigt T(2016)Thingtegrity: A Scalable Trusted Computing Architecture for the Internet of ThingsProceedings of the 2016 International Conference on Embedded Wireless Systems and Networks10.5555/2893711.2893715(23-34)Online publication date: 15-Feb-2016
https://dl.acm.org/doi/10.5555/2893711.2893715
Luo WLiu WLuo YRuan AShen QWu Z(2016)Partial Attestation: Towards Cost-Effective and Privacy-Preserving Remote Attestations2016 IEEE Trustcom/BigDataSE/ISPA10.1109/TrustCom.2016.0058(152-159)Online publication date: Aug-2016
https://doi.org/10.1109/TrustCom.2016.0058

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten