Proceedings of the 16th ACM Conference on Computer and Communications Security 2009
DOI: 10.1145/1653662.1653711
|View full text |Cite
|
Sign up to set email alerts
|

On the difficulty of software-based attestation of embedded devices

Abstract: Device attestation is an essential feature in many security protocols and applications. The lack of dedicated hardware and the impossibility to physically access devices to be attested, makes attestation of embedded devices, in applications such as Wireless Sensor Networks, a prominent challenge. Several software-based attestation techniques have been proposed that either rely on tight time constraints or on the lack of free space to store malicious code. This paper investigates the shortcomings of existing so… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
153
0

Year Published

2010
2010
2018
2018

Publication Types

Select...
5
4

Relationship

1
8

Authors

Journals

citations
Cited by 173 publications
(153 citation statements)
references
References 24 publications
0
153
0
Order By: Relevance
“…In a code compression attack, 21 the adversary can compress the original firmware codes installed within a compromised CH for obtaining available program memory space where the malicious codes can reside.…”
Section: Security Analysismentioning
confidence: 99%
See 1 more Smart Citation
“…In a code compression attack, 21 the adversary can compress the original firmware codes installed within a compromised CH for obtaining available program memory space where the malicious codes can reside.…”
Section: Security Analysismentioning
confidence: 99%
“…In the demonstration of Castelluccia et al, 21 the malicious codes can be hidden by exploiting return-oriented programming technique. The malicious codes can store its copy in the external storage and remove itself from the unused program memory space.…”
Section: Security Analysismentioning
confidence: 99%
“…The SWATT technique does not require prior authentication on the verified phone memory. Two types of attacks against these software-based attestation protocols were suggested [16]. To conquer these attacks, Jakobsson et al [17] designed a new attestation protocol that evaluates both active applications in the memory and inactive programs that have been swapped out.…”
Section: Software Attestationmentioning
confidence: 99%
“…However, software attestation is difficult to deploy in practice (e.g. because of timeliness constraints and device hardware restrictions [Castelluccia et al 2009]). Attacks that locally modify the sensed environment are also still possible.…”
Section: Introductionmentioning
confidence: 99%