Research On Remote Attestation Protocols For Embedded Devices In The Internet Of Things

Recently,the Internet of Things(IoT)is developing rapidly.Various “things”(also called IoT devices)penetrate all aspects of people's daily life.The number of IoT devices is growing explosively.However,massive IoT devices not only bring convenience but also incur some unseen security and privacy threats.Many embedded IoT devices are resource-constrained in computing,memory,and cost.These embedded IoT devices lack the necessary resource to defend themselves against various attacks.Even worse,these embedded IoT devices are directly exposed to adversaries.Frequent security incidents in IoT also force the related department to pay more attention to the study in the security of IoT devices.Nowadays,how to ensure the security of IoT devices has become a research hotspot.Remote attestation mechanism allows a trusted party to verify the state of a remote and potentially compromised device.For its low overhead,strong adaptation,and reliable detection ability,remote attestation mechanism becomes one of the most popular approaches to ensure the security of IoT devices.Facing billions of IoT devices,designing a more efficient remote attestation for a swarm of IoT devices becomes an issue that cannot be ignored in the field of remote attestation.While,the existing swarm attestation schemes remain some problems,such as physical attacks,heterogeneity of IoT devices,and the dynamic of a swarm.To this end,this paper conducts research and analysis of existing swarm attestation schemes.It focuses on the studies about efficient and secure swarm attestation schemes for embedded IoT devices.The main work is as follows:(1)Aiming at the problem that IoT devices are vulnerable to physical attacks,this paper proposes a swarm attestation scheme that resilient to physical attacks(EAPA).This scheme combines the existence detection and remote attestation to verify physical attacks in IoT.EAPA utilizes the distributed attestation mode to avoid the single point failure in previous schemes and reduce the communication overhead for each device.Besides,we introduce an accusation mechanism to report compromised devices,which ensures that physical attacks can be detected more quickly.The novel key update method provides security while reduces the computation overhead of authentication between devices.Besides,EAPA can detect physical attacks in IoT swarm with constant computation and run-time cost.The security analysis shows the correctness and security of EAPA.(2)Considering the differences in attestation requirements of heterogeneous IoT devices,this paper proposes an automatic swarm attestation for heterogeneous devices(ASA).In this scheme,machine learning technology is used to select the devices that are mostly needed to be attested in each attestation period to meet the attestation requirement of heterogeneous IoT devices and reduce unnecessary attestation overhead.ASA combines the static characteristics and dynamic attributes of each device to predict the state of it,which improves the accuracy of the machine learning model.Besides,ASA utilizes physically fixed devices as the communication nodes to forward every message in the swarm.So that,ASA can adapt to the dynamic swarm where devices move arbitrarily.Compared with previous swarm attestation for a dynamic swarm,ASA greatly reduces the communication overhead of each device.Furthermore,we present a security analysis to demonstrate the security of ASA.(3)We use the OMNET++ simulation tool to simulate the proposed schemes in this paper and some existing swarm attestation schemes.Compared with the current remote attestation that resilient to physical attacks,EAPA consumes the lowest energy.Besides,the number of devices in the swarm has little impact on the run-time cost of EAPA.Compared with the classic swarm attestation scheme—SEDA,the scheme that for highly dynamic swarm—SALAD,and the distributed swarm attestation scheme—ESDRA,ASA significantly reduces the energy cost and the overall running time.At the same time,we find that ASA shows better performance when applying it in a dynamic swarm compared with SALAD.