Advancing remote attestation via computer-aided formal verification of designs and synthesis of executables

Abstract

Remote Attestation (RA) of embedded/smart/IoT devices is a very important issue on today's security landscape. RA enables a verifier to measures the current internal memory state of an untrusted remote device (prover). RA helps the verifier establish a static or dynamic root of trust in prover. Despite much prior work, state-of-the-art RA techniques unfortunately still lack any solid foundation and offer no ironclad security, safety or robustness guarantees. This paper argues that computer-aided formal verification, and synthesis of executables, of RA protocols and hybrid (software-hardware) architectures is required and currently unaddressed. We believe that this is achievable with current (computer-aided) formal methods frameworks and tools, and that this can help advance and mature RA research if used to establish more rigorous and clear security arguments. To support our opinion, we highlight several examples where subtle issues were missed in the design and security analysis of RA techniques. Despite deceptive simplicity of such protocols, manual analyses and ad hoc implementations often lead to over-simplification of (and subsequent glossing over) important details in the underlying processor and system architectures. Computer-aided formal verification forces a more scrupulous and disciplined consideration of such details, since, otherwise, verification simply fails. The key objective of the research direction we propose is to increase confidence in correctness and security guarantees of current and future RA techniques and their implementations.