• PDF / 433,163 Bytes
• 18 Pages / 439.37 x 666.142 pts Page_size
• 104 Downloads / 173 Views

DOWNLOAD

REPORT

Abstract. In this paper we describe a novel approach to securely obtain measurements with respect to the integrity of software running on a lowcost and low-power computing node autonomously or on request. We propose to use these measurements as an indication of the trustworthiness of that node. Our approach is based on recent developments in Program Counter Based Access Control. Specifically, we employ Sancus, a light-weight hardware-only Trusted Computing Base and Protected Module Architecture, to integrate trust assessment modules into an untrusted embedded OS without using a hypervisor. Sancus ensures by means of hardware extensions that code and data of a protected module cannot be tampered with, and that the module’s data remains confidential. Sancus further provides cryptographic primitives that are employed by our approach to enable the trust management system to verify that the obtained trust metrics are authentic and fresh. Thereby, our trust assessment modules can inspect the OS or application code and securely report reliable trust metrics to an external trust management system. We evaluate a prototypic implementation of our approach that integrates Sancus-protected trust assessment modules with the Contiki OS running on a Sancus-enabled TI MSP430 microcontroller. Keywords: Internet of Things · Wireless sensor networks · Trust assessment · Trust management · Protected software modules

1

Introduction

In the past decades, security research and security practice has focused on desktop and server environments. While threats to these systems grew with increased interconnectivity and deployment in safety-critical environments, elaborate security mechanisms were added. Of course these mechanisms impose certain costs in terms of a performance decrease on the host system. However, with the availability of more potent hardware, these costs quickly became acceptable to a degree where virus scanners, firewalls and intrusion detection systems can operate in the background of every modern off-the-shelf PC. Ongoing developments in our ever-changing computing environment have lead to a situation where every physical object can have a virtual counterpart on the Internet. These virtual representations of things provide and consume c Springer International Publishing Switzerland 2015  G. Pernul et al. (Eds.): ESORICS 2015, Part I, LNCS 9326, pp. 503–520, 2015. DOI: 10.1007/978-3-319-24174-6 26

504

J.T. M¨ uhlberg et al.

services and can be assigned to collaborate towards achieving a common goal. While this Internet of Things (IoT) brings us unpreceded convenience through novel possibilities to acquire and process data from our environment, the situation with respect to the safe and secure deployment and use of such extremely interconnected devices is quite different from the server-and-desktop world [26]. Devices in the IoT may be equipped with inexpensive low-performance microcontrollers that provide just enough computing power to periodically perform their intended tasks, i.e. obtain sensor readings and communicate wit

Recommend Documents

Lightweight Cryptography for the Internet of Things

181 70 123MB

Privacy-Preserving Lightweight Data Monitoring in Internet of Things Environments

177 82 2MB

Trust IoHT: A Trust Management Model for Internet of Healthcare Things

162 48 15MB

LightBC: A Lightweight Hash-Based Blockchain for the Secured Internet of Things

158 12 319KB

Object Recognition for the Internet of Things

171 22 7MB

A New Lightweight Database Encryption and Security Scheme for Internet-of-Things

152 27 60MB

Secure Big Data Transmission with Trust Management for the Internet of Things (IoT)

145 33 9MB

Middleware Solutions for the Internet of Things

239 88 3MB

Correction to: A New Lightweight Database Encryption and Security Scheme for Internet-of-Things

164 54 60MB

MySQL for the Internet of Things

214 81 9MB

Internet of Things for Vessels

182 51 49MB

Architecting the Internet of Things

266 106 12MB