TY - GEN
T1 - Cumulative attestation kernels for embedded systems
AU - Lemay, Michael
AU - Gunter, Carl A.
PY - 2009
Y1 - 2009
N2 - There are increasing deployments of networked embedded systems and rising threats of malware intrusions on such systems. To mitigate this threat, it is desirable to enable commonly-used embedded processors known as flash MCUs to provide remote attestation assurances like the Trusted Platform Module (TPM) provides for PCs. However, flash MCUs have special limitations concerning cost, power efficiency, computation, and memory that influence how this goal can be achieved. Moreover, many types of applications require integrity guarantees for the system over an interval of time rather than just at a given instant. The aim of this paper is to demonstrate how an architecture we call a Cumulative Attestation Kernel (CAK) can address these concerns by providing cryptographically secure firmware auditing on networked embedded systems. To illustrate the value of CAKs, we demonstrate practical remote attestation for Advanced Metering Infrastructure (AMI), a core technology in emerging smart power grid systems that requires cumulative integrity guarantees. To this end, we show how to implement a CAK in less than one quarter of the memory available on low end AVR32 flash MCUs similar to those used in AMI deployments. We analyze one of the specialized features of such applications by formally proving that remote attestation requirements are met by our implementation even if no battery backup is available to prevent sudden halt conditions.
AB - There are increasing deployments of networked embedded systems and rising threats of malware intrusions on such systems. To mitigate this threat, it is desirable to enable commonly-used embedded processors known as flash MCUs to provide remote attestation assurances like the Trusted Platform Module (TPM) provides for PCs. However, flash MCUs have special limitations concerning cost, power efficiency, computation, and memory that influence how this goal can be achieved. Moreover, many types of applications require integrity guarantees for the system over an interval of time rather than just at a given instant. The aim of this paper is to demonstrate how an architecture we call a Cumulative Attestation Kernel (CAK) can address these concerns by providing cryptographically secure firmware auditing on networked embedded systems. To illustrate the value of CAKs, we demonstrate practical remote attestation for Advanced Metering Infrastructure (AMI), a core technology in emerging smart power grid systems that requires cumulative integrity guarantees. To this end, we show how to implement a CAK in less than one quarter of the memory available on low end AVR32 flash MCUs similar to those used in AMI deployments. We analyze one of the specialized features of such applications by formally proving that remote attestation requirements are met by our implementation even if no battery backup is available to prevent sudden halt conditions.
UR - http://www.scopus.com/inward/record.url?scp=70350381132&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70350381132&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-04444-1_40
DO - 10.1007/978-3-642-04444-1_40
M3 - Conference contribution
AN - SCOPUS:70350381132
SN - 3642044433
SN - 9783642044434
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 655
EP - 670
BT - Computer Security - ESORICS 2009 - 14th European Symposium on Research in Computer Security, Proceedings
T2 - 14th European Symposium on Research in Computer Security, ESORICS 2009
Y2 - 21 September 2009 through 23 September 2009
ER -