On the difficulty of software-based attestation of embedded devices

11 years 9 months ago
On the difficulty of software-based attestation of embedded devices
Device attestation is an essential feature in many security protocols and applications. The lack of dedicated hardware and the impossibility to physically access devices to be attested, makes attestation of embedded devices, in applications such as Wireless Sensor Networks, a prominent challenge. Several software-based attestation techniques have been proposed that either rely on tight time constraints or on the lack of free space to store malicious code. This paper investigates the shortcomings of existing software-based attestation techniques. We first present two generic attacks, one based on a return-oriented rootkit and the other on code compression. We further describe specific attacks on two existing proposals, namely SWATT and ICE-based schemes, and argue about the difficulty of fixing them. All attacks presented in this paper were implemented and validated on commodity sensors. Categories and Subject Descriptors K.6.5 [Operating Systems]: Security and Protection General Terms...
Claude Castelluccia, Aurélien Francillon, D
Added 12 Aug 2010
Updated 12 Aug 2010
Type Conference
Year 2009
Where CCS
Authors Claude Castelluccia, Aurélien Francillon, Daniele Perito, Claudio Soriente
Comments (0)