Cryptology ePrint Archive: Report 2017/577

Boot Attestation: Secure Remote Reporting with Off-The-Shelf IoT Sensors

Steffen Schulz and André Schaller and Florian Kohnhäuser and Stefan Katzenbeisser

Abstract: A major challenge in computer security is about establishing the trustworthiness of remote platforms. Remote attestation is the most common approach to this challenge. It allows a remote platform to measure and report its system state in a secure way to a third party. Unfortunately, existing attestation solutions either provide low security, as they rely on unrealistic assumptions, or are not applicable to commodity low-cost and resource-constrained devices, as they require custom secure hardware extensions that are difficult to adopt across IoT vendors. In this work, we propose a novel remote attestation scheme, named Boot Attestation, that is particularly optimized for low-cost and resource-constrained embedded devices. In Boot Attestation, software integrity measurements are immediately committed to during boot, thus relaxing the traditional requirement for secure storage and reporting. Our scheme is very light on cryptographic requirements and storage, allowing efficient implementations, even on the most low-end IoT platforms available today. We also describe extensions for more flexible management of ownership and third party (public-key) attestation that may be desired in fully Internet-enabled devices. Our scheme is supported by many existing off-the-shelf devices. To this end, we review the hardware protection capabilities for a number of popular device types and present implementation results for two such commercially available platforms.

Category / Keywords: cryptographic protocols / remote attestation, implementation, embedded devices

Date: received 13 Jun 2017, last revised 3 Jul 2017

Contact author: steffen schulz at intel com

Available format(s): PDF | BibTeX Citation

Version: 20170703:110052 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]