Integrity Verification of Distributed Nodes in Critical Infrastructures

Sisinni, Silvia; Margaria, Davide; Pedone, Ignazio; Lioy, Antonio; Vesco, Andrea

doi:10.3390/s22186950

Cited by 3 publications

(3 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Section: Remote Code Attestationmentioning

confidence: 99%

“…Related to our goal are the previous works in trusted computing that studied the remote code attestation using both the software and the hardware security (e.g., trusted platform module and trusted execution environment), real-time interactive protocols for providing fresh evidence (e.g., challenge and response), and a remote trusted server, e.g., [25][26][27][28][29][30][31][32][33][34][35][36][37]. Some of the aforementioned previous research specifically focused on the wireless and mobile networking context [34][35][36][37] and is thus especially related to our work. In [34], the authors proposed two attestation protocols for wireless sensor networks where the base station and the sensor node use node-specific identities during attestation and involve additional networking communications, including the challenge-response protocol (to authenticate the attestation request).…”

Section: Remote Code Attestationmentioning

confidence: 99%

See 1 more Smart Citation

Distributed and Lightweight Software Assurance in Cellular Broadcasting Handshake and Connection Establishment

Purification,

Kim,

Kim

et al. 2023

Electronics

View full text Add to dashboard Cite

With developments in OpenRAN and software-defined radio (SDR), the mobile networking implementations for radio and security control are becoming increasingly software-based. We design and build a lightweight and distributed software assurance scheme, which ensures that a wireless user holds the correct software (version/code) for their wireless networking implementations. Our scheme is distributed (to support the distributed and ad hoc networking that does not utilize the networking-backend infrastructure), lightweight (to support the resource-constrained device operations), modular (to support compatibility with the existing mobile networking protocols), and supports broadcasting (as mobile and wireless networking has broadcasting applications). Our scheme is distinct from the remote code attestation in trusted computing, which requires hardwarebased security and real-time challenge-and-response communications with a centralized trusted server, thus making its deployment prohibitive in the distributed and broadcasting-based mobile networking environments. We design our scheme to be prover-specific and incorporate the Merkle tree for the verification efficiency to make it appropriate for a wireless-broadcasting medium with multiple receivers. In addition to the theoretical design and analysis, we implement our scheme to assure srsRAN (a popular open-source software for cellular technology, including 4G and 5G) and provide a concrete implementation and application instance to highlight our scheme’s modularity, backward compatibility to the existing 4G/5G standardized protocol, and broadcasting support. Our scheme implementation incorporates delivering the proof in the srsRAN-implemented 4G/5G cellular handshake and connection establishment in radio resource control (RRC). We conduct experiments using SDR and various processors to demonstrate the lightweight design and its appropriateness for wireless networking applications. Our results show that the number of hash computations for the proof verification grows logarithmically with the number of software code files being assured and that the verification takes three orders of magnitude less time than the proof generation, while the proof generation overhead itself is negligible compared to the software update period.

show abstract

Section: Remote Code Attestationmentioning

confidence: 99%

Section: Remote Code Attestationmentioning

confidence: 99%

Distributed and Lightweight Software Assurance in Cellular Broadcasting Handshake and Connection Establishment

Purification,

Kim,

Kim

et al. 2023

Electronics

View full text Add to dashboard Cite

show abstract

“…To resume, the Verifier performs the following operations: 1) checks the TPM quote signature; 2) validates that the ML entries match the value of PCR 10; 3) checks whether the files in the ML are the same ones as in the Verifier's whitelist (golden values) and their digests must match. A more detailed explanation of this process can be found also in [72] and [78].…”

Section: ) Remote Attestation Technique Adoptedmentioning

confidence: 99%

Mitigating Software Integrity Attacks With Trusted Computing in a Time Distribution Network

et al. 2023

Self Cite

View full text Add to dashboard Cite

Time Distribution Networks (TDNs) evolve as new technologies occur to ensure more accurate, reliable, and secure timing information. These networks typically exploit several distributed time servers, organized in a master-slave architecture, that communicate via dedicated timing protocols. From the security perspective, timing data must be protected since its modification or filtering can lead to grave consequences in different time-based contexts, such as health, energy, finance, or transportation. Thus, adequate countermeasures must be employed in all the stages and systems handling timing data from its calculation until it reaches the final users. We consider a TDN offering highly accurate (nanosecond level) time synchronization through specific time unit devices that exploit terrestrial atomic or rubidium clocks and Global Navigation Satellite Systems (GNSS) receivers. Such devices are appealing targets for attackers, who might exploit various attack vectors to compromise their functionality. We individuate three possible software integrity attacks against time devices, and we propose a solution to counter them by exploiting the cryptographic Trusted Platform Module (TPM), defined and supported by the Trusted Computing Group. We used remote attestation software for cloud environments, namely the Keylime framework, to verify (periodically) the software daemons running on the time devices (or their configuration) from a trusted node. Experiments performed on a dedicated testbed set up in the ROOT project with customized time unit devices from Seven Solutions (currently Orolia Spain) allow us to demonstrate that exploiting TPMs and remote attestation in the TDNs is not only helpful but is fundamental for discovering some attacks that would remain otherwise undetected. Our work helps thus TDN operators build more robust, accurate, and secure time synchronization services.INDEX TERMS Software attacks, time distribution networks, GNSS, trusted computing, remote attestation, keylime.

show abstract