Ecole d'ingénieur et centre de recherche en Sciences du numérique

A minimalist approach to remote attestation

Francillon, Aurélien; Nguyen, Quan; Rasmussen, Kasper B; Tsudik, Gene

DATE 2014, Design, Automation and Test in Europe, March 24-28, 2014, Dresden, Germany

Embedded computing devices increasingly permeate many aspects of modern life: from medical to automotive, from building and factory automation to weapons, from critical infrastructures to home entertainment. Despite their specialized nature as well as limited resources and connectivity, these devices are now becoming an increasingly popular and attractive target for attacks, especially, malware infections. A number of research proposals have been made to detect and/or mitigate such attacks. They vary greatly in terms of application generality and underlying assumptions. However, one common theme is the need for Remote Attestation, a distinct security service that allows a trusted party (verifier) to check the internal state of a remote untrusted embedded device (prover). This paper provides a systematic treatment of Remote Attestation, starting with a precise definition of the desired service and proceeding to its systematic deconstruction into necessary and sufficient properties. These properties are, in turn, mapped into a minimal collection of hardware and software components that results in secure Remote Attestation. One distinguishing feature of this line of research is the need to prove (or, at least argue for) architectural minimality, which is rarely encountered in security research. This work also provides a promising platform for attaining more advanced security services and guarantees.

Document Doi Bibtex

Titre:A minimalist approach to remote attestation
Département:Sécurité numérique
Eurecom ref:4177
Copyright: © 2014 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Bibtex: @inproceedings{EURECOM+4177, doi = {}, year = {2014}, title = {{A} minimalist approach to remote attestation}, author = {{F}rancillon, {A}ur{\'e}lien and {N}guyen, {Q}uan and {R}asmussen, {K}asper {B} and {T}sudik, {G}ene}, booktitle = {{DATE} 2014, {D}esign, {A}utomation and {T}est in {E}urope, {M}arch 24-28, 2014, {D}resden, {G}ermany}, address = {{D}resden, {ALLEMAGNE}}, month = {03}, url = {} }
Voir aussi: