A Talk with Gene Tsudik

WCH 205/206

TITLE: Reconciling Security and Real-Time Constraints For Simple IOT Devices

Remote attestation (RA) is a means of malware detection, typically realized as an interaction between a trusted verifier and a potentially compromised remote device (prover). RA is especially relevant for low-end embedded devices that are incapable of protecting themselves against malware infection. Most current RA techniques require on-demand and uninterruptible (atomic) operation. The former fails to detect transient malware that enters and leaves between successive RA instances; the latter involves performing potentially time-consuming computation over prover's memory and/or storage, which can be harmful to the device's safety-critical functionality and general availability. However, relaxing either on-demand or atomic RA operation is tricky and prone to vulnerabilities. This work identifies some issues that arise in reconciling requirements of safety-critical operation with those of secure remote attestation, including detection of transient and self-relocating malware. It also investigates mitigation techniques, including periodic selfmeasurements as well as interruptible attestation modality that involves shuffled memory traversals and various memory locking mechanisms. This talk is based, in part, on joint work with N. Rattanavipanon, I. Oliveira Nunes, K. Eldefrawy, X. Carpent and A. Sadeghi. (An earlier version of this talk was presented at DAC 2018.)

Target Audience