LIRA-V: Lightweight Remote Attestation for Constrained RISC-V Devices

Shepherd, Carlton; Markantonakis, Konstantinos; Jaloyan, Georges-Axel

doi:10.48550/arxiv.2102.08804

Cited by 2 publications

(3 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These techniques usually use some form of deeply integrated hardware extensions of the Central Processing Unit (CPU). Further, regarding the time at which the attestation evidence is generated the attestation techniques can be classified in attestation with boot time evidence generation [28,53,60], attestation with on-request evidence generation [20,27,32,41,56] and attestation with self-initiated evidence generation [25,26,34].…”

Section: Related Workmentioning

confidence: 99%

“…Those techniques are applicable only when the communication channel between prover and verifier has constant delays, therefore they are not suitable for devices communicating over the Internet. Hybrid techniques, e.g., [20,27,32,41,56] have lower hardware cost than the hardware techniques and at the same time does not impose timing requirements on the communication as the software-based techniques which makes them the preferred choice for constrained IoT devices. These techniques usually use some form of deeply integrated hardware extensions of the Central Processing Unit (CPU).…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A TOCTOU Attack on DICE Attestation

Hristozov,

Wettermann,

Huber

2022

Preprint

View full text Add to dashboard Cite

A major security challenge for modern Internet of Things (IoT) deployments is to ensure that the devices run legitimate firmware free from malware. This challenge can be addressed through a security primitive called attestation which allows a remote backend to verify the firmware integrity of the devices it manages. In order to accelerate broad attestation adoption in the IoT domain the Trusted Computing Group (TCG) has introduced the Device Identifier Composition Engine (DICE) series of specifications. DICE is a hardwaresoftware architecture for constrained, e.g., microcontroller-based IoT devices where the firmware is divided into successively executed layers.In this paper, we demonstrate a remote Time-Of-Check Time-Of-Use (TOCTOU) attack on DICE-based attestation. We demonstrate that it is possible to install persistent malware in the flash memory of a constrained microcontroller that cannot be detected through DICE-based attestation. The main idea of our attack is to install malware during runtime of application logic in the top firmware layer. The malware reads the valid attestation key and stores it on the device's flash memory. After reboot, the malware uses the previously stored key for all subsequent attestations to the backend. We conduct the installation of malware and copying of the key through Return-Oriented Programming (ROP). As a platform for our demonstration we use the Cortex-M-based nRF52840 microcontroller. We provide a discussion of several possible countermeasures which can mitigate the shortcomings of the DICE specifications. CCS CONCEPTS• Security and privacy → Embedded systems security.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

A TOCTOU Attack on DICE Attestation

Hristozov,

Wettermann,

Huber

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Such proposals could reflect possible commercial services and serve as future attack targets. Moreover, new TEEs and security mechanisms continue to be developed using the RISC-V open-source instruction set architecture [85,102,134,141]. The efficacy of SCAs and FIAs against these systems is another interesting future research direction, especially if RISC-V becomes increasingly used by mobile device OEMs.…”

Section: Future Directionsmentioning

confidence: 99%

Physical Fault Injection and Side-Channel Attacks on Mobile Devices: A Comprehensive Analysis

Shepherd,

Markantonakis,

van Heijningen

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Today's mobile devices contain densely packaged system-on-chips (SoCs) with multi-core, highfrequency CPUs and complex pipelines. In parallel, sophisticated SoC-assisted security mechanisms have become commonplace for protecting device data, such as trusted execution environments (TEEs), full-disk and file-based encryption. Both advancements have dramatically complicated the use of conventional physical attacks, which has required the development of specialised attacks. In this survey, we consolidate recent developments in physical fault injections (FIAs) and side-channel attacks (SCAs) on modern mobile devices. In total, we comprehensively survey over 50 fault injection and side-channel attack papers published between 2009-2021. We evaluate the prevailing methods, compare existing attacks using a common framework, identify several challenges and shortcomings, and suggest future directions of research. Part of this work was presented to the European Commission during the EU Horizon 2020 EXFILES project (No. 88315) [43].

show abstract

LIRA-V: Lightweight Remote Attestation for Constrained RISC-V Devices

Cited by 2 publications

References 22 publications

A TOCTOU Attack on DICE Attestation

A TOCTOU Attack on DICE Attestation

Physical Fault Injection and Side-Channel Attacks on Mobile Devices: A Comprehensive Analysis

Contact Info

Product

Resources

About