Visible to the public Biblio

Filters: Keyword is Quality-of-Attestation  [Clear All Filters]
2019-02-13
Carpent, X., Tsudik, G., Rattanavipanon, N..  2018.  ERASMUS: Efficient remote attestation via self-measurement for unattended settings. 2018 Design, Automation Test in Europe Conference Exhibition (DATE). :1191–1194.
Remote attestation (RA) is a popular means of detecting malware in embedded and IoT devices. RA is usually realized as a protocol via which a trusted verifier measures software integrity of an untrusted remote device called prover. All prior RA techniques require on-demand operation. We identify two drawbacks of this approach in the context of unattended devices: First, it fails to detect mobile malware that enters and leaves the prover between successive RA instances. Second, it requires the prover to engage in a potentially expensive computation, which can negatively impact safety-critical or real-time devices. To this end, we introduce the concept of self-measurement whereby a prover periodically (and securely) measures and records its own software state. A verifier then collects and verifies these measurements. We demonstrate a concrete technique called ERASMUS, justify its features, and evaluate its performance. We show that ERASMUS is well-suited for safety-critical applications. We also define a new metric - Quality of Attestation (QoA).