ABSTRACT
Software-based attestation schemes aim at proving the integrity of code and data residing on a platform to a verifying party. However, they do not bind the hardware characteristics to the attestation protocol and are vulnerable to impersonation attacks.
We present PUFatt, a new automatable method for linking software-based attestation to intrinsic device characteristics by means of a novel processor-based Physically Unclonable Function, which enables secure timed (and even) remote attestation particularly suitable for embedded and low-cost devices. Our proof-of-concept implementation on FPGA demonstrates the effectiveness, applicability and practicability of the approach.
- F. Armknecht, R. Maes, A.-R. Sadeghi, F.-X. Standaert, and C. Wachsmann. A formalization of the security features of physical functions. In IEEE Symposium on Security and Privacy (S&P), 2011. Google ScholarDigital Library
- F. Armknecht, A.-R. Sadeghi, S. Schulz, and C. Wachsmann. A security framework for the analysis and design of software attestation. In ACM Conference on Computer and Communications Security (CCS), 2013. Google ScholarDigital Library
- Y.-G. Choi, J. Kang, and D. Nyang. Proactive code verification protocol in wireless sensor network. In Computational Science and Its Applications (ICCSA), 2007. Google ScholarDigital Library
- B. Cline, K. Chopra, D. Blaauw, and Y. Cao. Analysis and modeling of CD variation for statistical static timing. In IEEE/ACM International Conference on Computer-Aided Design (ICCAD), 2006. Google ScholarDigital Library
- K. Eguro. SIRC: An extensible reconfigurable computing communication API. In IEEE Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM), 2010. Google ScholarDigital Library
- R. W. Gardner, S. Garera, and A. D. Rubin. Detecting code alteration by creating a temporary memory bottleneck. IEEE Transactions on Information Forensics and Security, 2009. Google ScholarDigital Library
- B. Gassend, D. Clarke, M. van Dijk, and S. Devadas. Silicon physical random functions. In ACM Conference on Computer and Communications Security (CCS), 2002. Google ScholarDigital Library
- A. Herrewege, S. Katzenbeisser, R. Maes, R. Peeters, A.-R. Sadeghi, I. Verbauwhede, and C. Wachsmann. Reverse fuzzy extractors: Enabling lightweight mutual authentication for PUF-enabled RFIDs. In Financial Cryptography and Data Security (FC). 2012.Google Scholar
- D. Holcomb, W. Burleson, and K. Fu. Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Transactions on Computers, 58(9), 2009. Google ScholarDigital Library
- M. Jakobsson and K.-A. Johansson. Retroactive detection of malware with applications to mobile platforms. In Workshop on Hot Topics in Security (HotSec), 2010. Google ScholarDigital Library
- S. Katzenbeisser, Ünal Kocabaş, V. Rozic, A.-R. Sadeghi, I. Verbauwhede, and C. Wachsmann. PUFs: Myth, fact or busted? A security evaluation of physically unclonable functions (PUFs) cast in silicon. In Workshop on Cryptographic Hardware and Embedded Systems (CHES), 2012. Google ScholarDigital Library
- R. Kennell and L. H. Jamieson. Establishing the genuinity of remote computer systems. In USENIX Security Symposium, 2003. Google ScholarDigital Library
- J. Kong and F. Koushanfar. Processor-based strong physical unclonable functions with aging-based response tuning. IEEE Transactions on Emerging Topics in Computing, PP(99), 2013.Google Scholar
- F. Koushanfar and A. Mirhoseini. A unified framework for multimodal submodular integrated circuits Trojan detection. IEEE Transactions on Information Forensics and Security, 2011. Google ScholarDigital Library
- X. Kovah, C. Kallenberg, C. Weathers, A. Herzog, M. Albin, and J. Butterworth. New results for timing-based attestation. In IEEE Symposium on Security and Privacy (S&P), 2012. Google ScholarDigital Library
- Y. Li, J. M. McCune, and A. Perrig. VIPER: Verifying the integrity of PERipherals' firmware. In ACM Conference on Computer and Communications Security (CCS), 2011. Google ScholarDigital Library
- R. Maes and I. Verbauwhede. Physically unclonable functions: A study on the state of the art and future research directions. In Towards Hardware-Intrinsic Security. Springer, 2010.Google ScholarCross Ref
- A. Mahmoud, U. Rührmair, M. Majzoobi, and F. Koushanfar. Combined modeling and side channel attacks on strong PUFs. ePrint, 2013.Google Scholar
- A. Maiti and P. Schaumont. A novel microprocessor-intrinsic physical unclonable function. In Field Programmable Logic and Applications (FPL), 2012.Google ScholarCross Ref
- M. Majzoobi, F. Koushanfar, and S. Devadas. FPGA PUF using programmable delay lines. In Information Forensics and Security (WIFS), 2010.Google ScholarCross Ref
- M. Majzoobi, F. Koushanfar, and M. Potkonjak. Techniques for design and implementation of secure reconfigurable PUFs. ACM TRETS, 2(1), 2009. Google ScholarDigital Library
- M. Majzoobi, M. Rostami, F. Koushanfar, D. S. Wallach, and S. Devadas. Slender PUF protocol: A lightweight, robust, and secure authentication by substring matching. In IEEE Symposium on Security and Privacy Workshops (SPW), 2012. Google ScholarDigital Library
- D. Markovic, C. Wang, L. Alarcon, T.-T. Liu, and J. Rabaey. Ultralow-power design in near-threshold region. In Proceedings of the IEEE, 2010.Google ScholarCross Ref
- J. Nick L. Petroni, T. Fraser, J. Molina, and W. A. Arbaugh. Copilot --- A coprocessor-based kernel runtime integrity monitor. In USENIX Security Symposium, 2004. Google ScholarDigital Library
- Y. Pan, J. Kong, S. Ozdemir, G. Memik, and S. W. Chung. Selective wordline voltage boosting for caches to manage yield under process variations. In Design Automation Conference (DAC), 2009. Google ScholarDigital Library
- B. Parno, J. M. McCune, and A. Perrig. Bootstrapping trust in commodity computers. In IEEE Symposium on Security and Privacy (S&P), 2010. Google ScholarDigital Library
- U. Rührmair, F. Sehnke, J. Sölter, G. Dror, S. Devadas, and J. Schmidhuber. Modeling attacks on physical unclonable functions. In ACM Conference on Computer and Communications Security (CCS), 2010. Google ScholarDigital Library
- U. Rührmair, X. Xu, J. Sölter, A. Mahmoud, F. Koushanfar, and W. Burleson. Power and timing side channels for pufs and their efficient exploitation. IACR Cryptology ePrint Archive, 2013.Google Scholar
- D. Schellekens, B. Wyseur, and B. Preneel. Remote attestation on legacy operating systems with Trusted Platform Modules. Science of Computer Programming, 2008. Google ScholarDigital Library
- S. Schulz, A.-R. Sadeghi, and C. Wachsmann. Short paper: Lightweight remote attestation using physical functions. In ACM Conference on Wireless Network Security (WiSec), 2011. Google ScholarDigital Library
- A. Seshadri, M. Luk, A. Perrig, L. van Doorn, and P. Khosla. SCUBA: Secure code update by attestation in sensor networks. In ACM Workshop on Wireless security (WiSe), 2006. Google ScholarDigital Library
- A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. Pioneer: Verifying integrity and guaranteeing execution of code on legacy platforms. In ACM Symposium on Operating Systems Principles (SOSP), 2005. Google ScholarDigital Library
- U. Shankar, M. Chew, and J. D. Tygar. Side effects are not sufficient to authenticate software. In USENIX Security Symposium, 2004. Google ScholarDigital Library
- G. E. Suh and S. Devadas. Physical unclonable functions for device authentication and secret key generation. In Design Automation Conference (DAC), 2007. Google ScholarDigital Library
- G. E. Suh, C. W. O'Donnell, and S. Devadas. AEGIS: A single-chip secure processor. Information Security Technical Report, 2005. Google ScholarDigital Library
- Trusted Computing Group (TCG). TPM Spec., 2004.Google Scholar
- Y. Yang, X. Wang, S. Zhu, and G. Cao. Distributed software-based attestation for node compromise detection in sensor networks. In Symposium on Reliable Distributed Systems (SRDS), 2007. Google ScholarDigital Library
- Y. Zheng, M. Hashemian, and S. Bhunia. RESP: A robust physical unclonable function retrofitted into embedded SRAM array. In Design Automation Conference (DAC), 2013. Google ScholarDigital Library
Index Terms
- PUFatt: Embedded Platform Attestation Based on Novel Processor-Based PUFs
Recommendations
An efficient implementation of trusted channels based on openssl
STC '08: Proceedings of the 3rd ACM workshop on Scalable trusted computingSecurity breaches on the Internet rarely involve compromising secure channels - typically based on protocols like Transport Layer Security (TLS) or Internet Protocol Security (IPsec) - because communication endpoints are much easier to compromise. ...
MATEE: multimodal attestation for trusted execution environments
Middleware '22: Proceedings of the 23rd ACM/IFIP International Middleware ConferenceConfidential computing services enable users to run their workloads in Trusted Execution Environments (TEEs) leveraging secure hardware like Intel SGX, and verify them by performing remote attestation. This process offers necessary proof for the ...
Memory Attestation of Wireless Sensor Nodes by Trusted Local Agents
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01Wireless Sensor Networks (WSNs) have been deployed for a wide variety of commercial, scientific, or military applications for the purposes of surveillance and critical data collection. Malicious code injection is a serious threat to the sensor nodes ...
Comments