Abstract
There are increasing deployments of networked embedded systems and rising threats of malware intrusions on such systems. To mitigate this threat, it is desirable to enable commonly-used embedded processors known as flash MCUs to provide remote attestation assurances like the Trusted Platform Module (TPM) provides for PCs. However, flash MCUs have special limitations concerning cost, power efficiency, computation, and memory that influence how this goal can be achieved. Moreover, many types of applications require integrity guarantees for the system over an interval of time rather than just at a given instant. The aim of this paper is to demonstrate how an architecture we call a Cumulative Attestation Kernel (CAK) can address these concerns by providing cryptographically secure firmware auditing on networked embedded systems. To illustrate the value of CAKs, we demonstrate practical remote attestation for Advanced Metering Infrastructure (AMI), a core technology in emerging smart power grid systems that requires cumulative integrity guarantees. To this end, we show how to implement a CAK in less than one quarter of the memory available on low end AVR32 flash MCUs similar to those used in AMI deployments. We analyze one of the specialized features of such applications by formally proving that remote attestation requirements are met by our implementation even if no battery backup is available to prevent sudden halt conditions.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Southern california edison achieves key advanced metering goal. Electric Energy Online (August 2, 2007), http://electricenergyonline.com/IndustryNews.asp?m=1&id=71649
TCG specification architecture overview. Trusted Computing Group (August 2, 2007), http://www.trustedcomputinggroup.org/developers/trusted_platform_module/specifications
Anderson, R.J., Kuhn, M.: Low cost attacks on tamper resistant devices. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998)
Brown, B., et al.: AMI system security requirements (December 2008), http://osgug.ucaiug.org/utilisec/amisec/default.aspx
Bellare, M., Yee, B.: Forward integrity for secure audit logs. ACM Transactions on Information and Systems Security (1997)
Bernardeschi, C., Fantechi, A., Gnesi, S.: Model checking fault tolerant systems. Software Testing, Verification & Reliability 12(4), 251–275 (2002)
Chun, B., Maniatis, P., Shenker, S., Kubiatowicz, J.: Attested append-only memory: making adversaries stick to their word. In: Proceedings of the 21st ACM Symposium on Operating Systems Principles, pp. 189–204. ACM Press, New York (2007)
Clavel, M., Duran, F., Eker, S., Lincoln, P., Martı-Oliet, N., Meseguer, J., Talcott, C.: Maude Manual (Version 2.1). SRI International, Menlo Park (April 2005)
David, F., Chan, E., Carlyle, J., Campbell, R.: Cloaker: Hardware Supported Rootkit Concealment. In: Proceeedings of the 29th IEEE Symposium on Security and Privacy, pp. 296–310 (2008)
Dunlap, G., King, S., Cinar, S., Basrai, M., Chen, P.: ReVirt: enabling intrusion analysis through virtual-machine logging and replay. ACM SIGOPS Operating Systems Review 36, 211–224 (2002)
Eker, S., Meseguer, J., Sridharanarayanan, A.: The Maude LTL Model Checker. Electronic Notes in Theoretical Computer Science 71, 162–187 (2004)
Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. LNCS, pp. 251–261 (2001)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles, pp. 193–206. ACM Press, New York (2003)
Herzog, J.: Applying protocol analysis to security device interfaces. IEEE Security and Privacy 4(4), 84–87 (2006)
Laadan, O., Baratto, R., Phung, D., Potter, S., Nieh, J.: DejaView: a personal virtual computer recorder. In: Proceedings of the 21st ACM Symposium on Operating Systems Principles, pp. 279–292. ACM Press, New York (2007)
LeMay, M., Gross, G., Gunter, C.A., Garg, S.: Unified architecture for large-scale attested metering. In: Proceedings of the 40th Hawaii International Conference on System Sciences, Big Island, Hawaii, January 2007. IEEE, Los Alamitos (2007)
Levin, D., Douceur, J.R., Lorch, J.R., Moscibroda, T.: TrInc: Small trusted hardware for large distributed systems. In: Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation (2009)
Liu, A., Ning, P.: TinyECC: Elliptic Curve Cryptography for Sensor Networks (September 2005), http://cdl.csc.ncsu.edu/software/TinyECC/
Matsumoto, M., Nishimura, T.: Mersenne twister: a 623-dimensionally equidistributed uniform pseudo-random number generator. ACM Transactions on Modeling and Computer Simulation (TOMACS) 8(1), 3–30 (1998)
Sailer, R., Zhang, X., Jaeger, T., Doorn, L.v.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th USENIX Security Symposium, August 2004, pp. 233–238. USENIX Association (2004)
Schmidt, A., Kuntze, N., Kasper, M.: On the deployment of Mobile Trusted Modules. In: Proceedings of the 9th IEEE Conference on Wireless Communications and Networking, pp. 3169–3174
Seshadri, A., Perrig, A., van Doorn, L., Khosla, P.: SWATT: software-based attestation for embedded devices. In: Proceedings of the 25th IEEE Symposium on Security and Privacy, pp. 272–282 (2004)
Troncoso, C., Danezis, G., Kosta, E., Preneel, B.: Pripayd: privacy friendly pay-as-you-drive insurance. In: Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society, pp. 99–107. ACM Press, New York (2007)
Winter, J.: Trusted Computing building blocks for embedded Linux-based ARM TrustZone platforms. In: Proceedings of the 2008 ACM Workshop on Scalable Trusted Computing. ACM Press, New York (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
LeMay, M., Gunter, C.A. (2009). Cumulative Attestation Kernels for Embedded Systems. In: Backes, M., Ning, P. (eds) Computer Security – ESORICS 2009. ESORICS 2009. Lecture Notes in Computer Science, vol 5789. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04444-1_40
Download citation
DOI: https://doi.org/10.1007/978-3-642-04444-1_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04443-4
Online ISBN: 978-3-642-04444-1
eBook Packages: Computer ScienceComputer Science (R0)