Abstract
As Internet of Things (IoT) networks keep growing with regards to the number of devices they contain, they become more attractive targets for attackers. Protecting these networks and the IoT devices they encompass is a major security challenge, and remote attestation enables checking of the integrity of devices (and thus networks). There are three categories of existing remote attestation protocols: software, hardware and hybrid attestation protocols. However, they all tackle specific issues only, such as small networks, IoT swarms, static networks, device-to-device attestation and network attestation. To provide as generic a solution as possible, which enhances security, we propose CRAFT, the first agnostic continuous remote attestation framework for IoT. CRAFT can be used in any real-world IoT network topology and can use any preexisting remote attestation protocol while remaining open to upgrades and extensions. A rigorous performance evaluation shows that CRAFT is very flexible and improves network security with little or no overhead, depending on the chosen parameters.
Highlights
Connected objects are taking a growing part in everyday life
The assumption was made that data volume and number of HMAC operations followed a normal distribution. To show that this assumption was valid, we repeated the simulation of a scenario using the Continuous Remote Attestation Framework for IoT (CRAFT) +SEDA implementation 100 times, and we proceeded to check our assumption using graphical methods: for both metrics, we first created a histogram, as shown in Fig. 16a and Fig. 16c, to show whether the shape of our values distribution was similar to a normal distribution
Mobility is not compared here, as the SEDA attestation model has been shown not to work at all with moving devices. These results show that CRAFT is far more flexible than SEDA, and can do better in security, performance or both, depending on the context and the chosen parameters
Summary
Connected objects are taking a growing part in everyday life. Devices range from simple connected sensors like thermometers to drones or even cars. The second phase is the Online Phase, which encompasses the lifecycle of the network as explained in Section IV-B2.b. At the beginning of that phase, connections are established between neighbours, and regular messages are exchanged to maintain continuous attestation even when devices move, by broadcasting information required to enable reconnection of devices. Connect contains the sending device parameters hi, Tai and Tbi. The Other Options field enables CRAFT to be extended with additional features the network might require but are too network-specific to be detailed here as required by FR5, without the need for defining other packets. The Lost Device Configuration Hash field is a hash of hi, Tai , Tbi and PKi. when Di connects back to the network, its new neighbour Kk can check that the parameters sent upon reconnection match the hash received in the lost message, proving that Di. FIGURE 14. This enables Di to establish a connection with Kk and to prove that Kk received a trusted lost message that followed a trusted path
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
