Abstract
The Internet of Things (IoT) is rapidly evolving, while introducing several new challenges regarding security, resilience and operational assurance. In the face of an increasing attack landscape, it is necessary to cater for the provision of efficient mechanisms to collectively verify software- and device-integrity in order to detect run-time modifications. Towards this direction, remote attestation has been proposed as a promising defense mechanism. It allows a third party, the verifier, to ensure the integrity of a remote device, the prover. However, this family of solutions do not capture the real-time requirements of industrial IoT applications and suffer from scalability and efficiency issues. In this paper, we present a lightweight dynamic control-flow property-based attestation architecture (CFPA) that can be applied on both resource-constrained edge and cloud devices and services. It is a first step towards a new line of security mechanisms that enables the provision of control-flow attestation of only those specific, critical software components that are comparatively small, simple and limited in function, thus, allowing for a much more efficient verication. Our goal is to enhance run-time software integrity and trustworthiness with a scalable and decentralized solution eliminating the need for federated infrastructure trust. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that security do not hinder the deployment of intelligent edge computing systems.
Highlights
Six decades since the start of the computer revolution, four decades since the invention of the micro-processor, and two decades into the rise of modern Internet, all of the technology required to transform industries through software has matured and can be widely delivered at a global scale
We present a lightweight dynamic control-flow property-based attestation architecture (CFPA) that can be applied on both resource-constrained edge and cloud devices and services
With the advent of Internet of Things (IoT), we have just begun reaping the benefits of this evolution that, brings a number of new challenges; with security, resilience and operational assurance being some of the major concerns at both logical extremes of a network, namely the edge and the cloud
Summary
Six decades since the start of the computer revolution, four decades since the invention of the micro-processor, and two decades into the rise of modern Internet, all of the technology required to transform industries through software has matured and can be widely delivered at a global scale. Considering that competitive IIoT application markets will always produce innovative and large systems comprising diverse-origin software-based components, with uncertain security properties, the best one can hope for is that a sub-set of such loaded software functions can be efficiently protected (in near realtime) against sophisticated run-time exploitation attacks [24] This exact goal sets the challenge ahead: Can we identify adequate behavioural and execution properties that can capture the chains-of-trust, needed for the correct execution of a system, and that reflect the security- and safety-critical code widgets to be verified from the untrusted code of the commodity platform or the cloud service provider? This is clearly a viable approach for remedying the limitations of existing attestation techniques, there is a need to still overcome a number of open issues towards a holistic end-to-end security approach
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
