Abstract
Internet of Things (IOT) by its nature comprises of heterogeneous devices with varying degree of resources and capabilities with common attributes that those are connected and uniquely identifiable over the network. Given the always on always connected nature of IoT devices along with virtually limitless applications, the attack surface of constituent IoT device is very large. Hence ability to attest IoT devices for its trustworthiness is very important factor in determining trustworthiness of IoT network. In past significant amount of research has focused on possible attestation mechanisms for IoT but all those proposals invariably depend on specific hardware implementation like TrustZone, SGX, TPM, RTC, memory with OTP etc. Sine all such security primitives are either architecture or manufacturer specific it is not possible to build common unified attestation scheme for all constituent IoT devices in a typical IoT network using any of those primitives. This research work proposes different pragmatic approach to define such common and scalable attestation scheme that all IoT devices within IoT network could deploy. The proposed scheme makes use of memory management which is one of most basic features of any processor or controller to build common and scalable attestation mechanism for all types of IoT devices. The approach is to understand threat model and then develop mitigations in pragmatic manner.
Highlights
Over last few years Internet of Things (IOT) has emerged as an overarching all-inclusive term used to address every device which is either connected to internet directly or indirectly and is uniquely identifiable remotely
This research work briefly analyzes some of significant approaches towards attestation techniques for IoT proposed so far over last few years on the parameters of feasibility, return on investment (RoI), resilience and gaps
Multi-layer Attestation for Internet of Things. This solution mandates use of specific hardware technologies like ARM TrustZone, e-fuses, Real Time Clock, expects each device to have secured storage, layered privileged yet unstandardized software architecture calling for separation of Rich Execution Environment (REE) & Trusted Execution Environment (TEE), all of which are typically present in higher end devices meant for mobiles & handhelds
Summary
IoT devices most commonly work as end points which collect vital information from field and feed it to data aggregators In turn such data aggregators make decisions based upon aggregated data using additional software intelligence. This research work briefly analyzes some of significant approaches towards attestation techniques for IoT proposed so far over last few years on the parameters of feasibility, return on investment (RoI), resilience and gaps. These authors proceed to define holistic but differing view of security needs of IoT segment followed by comprehensive and pragmatic solutions to meet those needs
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Engineering and Advanced Technology
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
