TY - JOUR
T1 - SARA
T2 - Secure Asynchronous Remote Attestation for IoT Systems
AU - Dushku, Edlira
AU - Rabbani, Md Masoom
AU - Conti, Mauro
AU - Mancini, Luigi V.
AU - Ranise, Silvio
N1 - Funding Information:
Manuscript received September 25, 2019; revised January 30, 2020 and March 4, 2020; accepted March 17, 2020. Date of publication March 25, 2020; date of current version April 15, 2020. This work was supported by the EU LOCARD Project under Grant H2020-SU-EC-2018-832735. The work of Edlira Dushku and Luigi V. Mancini was supported in part by the Italian MIUR through the Dipartimento di Informatica, Sapienza University of Rome, under Grant Dipartimenti di eccellenza 2018–2022. The work of Masoom Rabbani was supported by the Fondazione Bruno Kessler Fund for his Ph.D. degree. The associate editor coordinating the review of this manuscript and approving it for publication was Mr. Frederik Armknecht. (Corresponding author: Edlira Dushku.) Edlira Dushku and Luigi V. Mancini are with the Dipartimento di Informatica, Sapienza University of Rome, 00198 Rome, Italy (e-mail: dushku@di.uniroma1.it; mancini@di.uniroma1.it).
Funding Information:
This work was supported by the EU LOCARD Project under Grant H2020-SU-EC-2018-832735. The work of Edlira Dushku and Luigi V. Mancini was supported in part by the Italian MIUR through the Dipartimento di Informatica, Sapienza University of Rome, under Grant Dipartimenti di eccellenza 2018-2022.
Publisher Copyright:
© 2020 IEEE.
PY - 2020
Y1 - 2020
N2 - Remote attestation has emerged as a valuable security mechanism which aims to verify remotely whether or not a potentially untrusted device has been compromised. The protocols of Remote attestation are particularly important for securing Internet of Things (IoT) systems which, due to the large number of interconnected devices and limited security protections, are susceptible to a wide variety of cyber attacks. To guarantee the integrity of a software running on a single device, remote attestation is usually executed as an uninterrupted procedure: at the attestation time, a device stops the normal operation and executes the attestation of the entire device without interruption. The remote attestation protocols that aim to attest a large number of devices also follow the assumption on uninterrupted execution: when a device attests its network neighbours, each device verified in the neighborhood suspends its normal operation until the attestation protocol is completed. To avoid unnecessary suspension of the normal operation of the devices, this paper proposes a novel Secure Asynchronous Remote Attestation (SARA) protocol that releases the constraint of synchronous interaction among devices. In particular, SARA is an attestation protocol that exploits asynchronous communication capabilities among IoT devices in order to attest a distributed IoT service executed by them. SARA verifies both that each IoT device is not compromised (device trustworthiness), and that the exchanged communication data have not maliciously influence the communicating devices (legitimate operations). By tracing the execution order of each service invocation of an asynchronous distributed service, SARA allows each service to collect accurately historical data of its interactions, and transmits asynchronously such historical data to other interacting services. We have implemented and validated SARA through a realistic simulation on the Contiki emulator that demonstrates the functionality and efficiency of our protocol. The results confirm the suitability of SARA for low-end devices.
AB - Remote attestation has emerged as a valuable security mechanism which aims to verify remotely whether or not a potentially untrusted device has been compromised. The protocols of Remote attestation are particularly important for securing Internet of Things (IoT) systems which, due to the large number of interconnected devices and limited security protections, are susceptible to a wide variety of cyber attacks. To guarantee the integrity of a software running on a single device, remote attestation is usually executed as an uninterrupted procedure: at the attestation time, a device stops the normal operation and executes the attestation of the entire device without interruption. The remote attestation protocols that aim to attest a large number of devices also follow the assumption on uninterrupted execution: when a device attests its network neighbours, each device verified in the neighborhood suspends its normal operation until the attestation protocol is completed. To avoid unnecessary suspension of the normal operation of the devices, this paper proposes a novel Secure Asynchronous Remote Attestation (SARA) protocol that releases the constraint of synchronous interaction among devices. In particular, SARA is an attestation protocol that exploits asynchronous communication capabilities among IoT devices in order to attest a distributed IoT service executed by them. SARA verifies both that each IoT device is not compromised (device trustworthiness), and that the exchanged communication data have not maliciously influence the communicating devices (legitimate operations). By tracing the execution order of each service invocation of an asynchronous distributed service, SARA allows each service to collect accurately historical data of its interactions, and transmits asynchronously such historical data to other interacting services. We have implemented and validated SARA through a realistic simulation on the Contiki emulator that demonstrates the functionality and efficiency of our protocol. The results confirm the suitability of SARA for low-end devices.
KW - asynchronous communication
KW - distributed IoT services
KW - Internet of Things (IoT) security
KW - publish/subscribe
KW - remote attestation
UR - http://www.scopus.com/inward/record.url?scp=85084132703&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2020.2983282
DO - 10.1109/TIFS.2020.2983282
M3 - Journal article
AN - SCOPUS:85084132703
SN - 1556-6013
VL - 15
SP - 3123
EP - 3136
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
M1 - 9046860
ER -