Reducing Trust Assumptions with OSCORE, RISC-V, and Layer 2 One-Time Passwords

Abstract

In the Internet of things (IoT), traffic often goes via middleboxes, such as brokers or virtual private network (VPN) gateways, thereby increasing the trusted computing base (TCB) of IoT applications considerably. A remedy is offered by the application layer security protocol Object Security for Constrained RESTful Environments (OSCORE). It allows for basic middlebox functions without breaking end-to-end security. With OSCORE, however, traffic is routed to IoT devices largely unfiltered. This opens up avenues for remote denial-of-sleep attacks where a remote attacker injects OSCORE messages so as to cause IoT devices to consume more energy. The state-of-the-art defense is to let a trusted middlebox perform authenticity, freshness, and per-client rate limitation checks before forwarding OSCORE messages to IoT devices, but this solution inflates the TCB and hence negates the idea behind OSCORE. In this paper, we suggest filtering OSCORE messages in a RISC-V-based trusted execution environment (TEE) running on a middlebox that remains widely untrusted. To realize this approach, we also put forward the tiny remote attestation protocol (TRAP), as well as a Layer 2 integration that prevents attackers from bypassing our TEE. Experimental results show our remote denial-of-sleep defense to be lightweight enough for low-end IoT devices and to keep the TCB small.