One of the main challenges in IoT security is to assure the integrity of the firmware running on a constrained low-cost device. A solution to this challenge could be provided by security service called attestation, where the device generates an evidence about its firmware which is attested by a remote verifier. How attestation evidence can be generated at boot time on a tiny microcontroller was investigated in earlier work and also specified by the TCG's DICE specification. It is, however, challenging to generate such attestation evidence during runtime, where the device usually is prone to powerful attacks. Previous contributions have attempted to solve this by using custom hardware extensions of the CPU architecture. We, however, present a method based on DICE to securely generate attestation evidence at runtime using only standard CPU features like MPU, privileged/unprivileged levels of execution and the required by DICE boot ROM and lock mechanism. Precisely, we use the MPU and privilege levels to effectively isolate the attestation firmware and secrets from the remaining application. As a result, our method can immediately be applied to a broad range of popular microcontrollers. We provide a proof of concept implementation for the Cortex-M4-based STM32L476 microcontroller.
Abstract.eSciDoc is the open-source e-Research framework jointly developed by the German Max Planck Society and FIZ Karlsruhe. It consists of a generic set of basic services ("eSciDoc Infrastructure") and various applications built on top of this infrastructure ("eSciDoc Solutions"). This paper focuses on the eSciDoc Infrastructure, highlights the differences to the underlying Fedora repository, and demonstrates its powerful und application-centric programming model. Further on, we discuss challenges for e-Research Infrastructures and how we addressed them with the eSciDoc Infrastructure.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.