### Secure Code Update for Embedded Devices via Proofs of Secure Erasure

Daniele Perito and Gene Tsudik

##### Abstract

Remote attestation is the process of verifying internal state of a remote embedded device. It is an important component of many security protocols and applications. Although techniques assisted by specialized secure hardware are effective, they not yet viable for low-cost embedded devices. One notable alternative is software-based attestation which is both less costly and more efficient. However, recent results identified weaknesses in some proposed methods, thus showing that security of remote software attestation remains a challenge. Inspired by these developments, this paper explores a different approach that relies neither on secure hardware nor on tight timing constraints. By taking advantage of the bounded memory/storage model of low-cost embedded devices and assuming a small amount of read-only memory (ROM), our uses a new primitive -- Proofs of Secure Erasure (PoSE-s). We show that, even though our PoSE-based approach is effective and provably secure, it is not cheap. However, it is particularly well-suited and practical for two other related tasks: secure code update and secure memory/storage erasure. We consider several flavors of PoSE-based protocols and demonstrate their feasibility in the context of existing commodity embedded devices.

Available format(s)
Category
Applications
Publication info
Published elsewhere. Unknown where it was published
Keywords
smart cards
Contact author(s)
perito @ inrialpes fr
History
2010-07-30: revised
See all versions
Short URL
https://ia.cr/2010/217

CC BY

BibTeX

@misc{cryptoeprint:2010/217,
author = {Daniele Perito and Gene Tsudik},
title = {Secure Code Update for Embedded Devices via Proofs of Secure Erasure},
howpublished = {Cryptology ePrint Archive, Paper 2010/217},
year = {2010},
note = {\url{https://eprint.iacr.org/2010/217}},
url = {https://eprint.iacr.org/2010/217}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.