Remote attestation is a security technique through which a remote trusted party (i.e., Verifier) checks the trustworthiness of a potentially untrusted device (i.e., Prover). In the Internet of Things (IoT) systems, the existing remote attestation protocols propose various approaches to detect the modified software and physical tampering attacks. However, in an interoperable IoT system, in which IoT devices interact autonomously among themselves, an additional problem arises: a compromised IoT service can influence the genuine operation of other invoked service, without changing the software of the latter. In this paper, we propose a protocol for Remote Attestation of Distributed IoT Services (RADIS), which verifies the trustworthiness of distributed IoT services. Instead of attesting the complete memory content of the entire interoperable IoT devices, RADIS attests only the services involved in performing a certain functionality. RADIS relies on a control-flow attestation technique to detect IoT services that perform an unexpected operation due to their interactions with a malicious remote service. Our experiments show the effectiveness of our protocol in validating the integrity status of a distributed IoT service.
翻译:远程证明是一种安全技术,远程信任方(即验证人)通过这种技术核查潜在不受信任装置(即Prover)的可靠性。在Tings(IoT)的互联网系统中,现有的远程证明协议提出了各种方法来检测经修改的软件和物理篡改攻击。然而,在可互操作的IoT系统中,IoT装置相互自动互动,由此产生了另一个问题:一个失密的IoT服务可以影响其他援引服务的真正运作,而不会改变后者的软件。在本文中,我们提出了一份关于分布式IoT服务(RADIS)的远程监测协议,该协议验证分布式IoT服务(RADIS)的可靠性。在测试整个可互操作IoT装置的完整记忆内容时,RADIS仅证明使用某种功能所涉及的服务。RADIS依靠一种控制-流程验证技术来检测因与恶意远程服务的互动而进行意外操作的IoT服务。我们的实验表明我们的协议在确认已分布式IT服务的完整性方面的有效性。