Software-Based Remote Network Attestation

Abstract

Internet of Things (IoT) applications build upon resource-constrained, distributed devices that generate data and enable communication. For such applications to be truly trustworthy, it must be ensured that the devices are not compromised by malicious software. Remote attestation (RA), a prominent technique, exploits challenge-response protocols to detect malware on remote devices. Given the increasing scale and number of IoT deployments, recent work on RA has explored collective attestation of <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">swarms</i> of devices. However state-of-the-art swarm attestation techniques require trusted hardware which makes them inapplicable to both legacy and next generation IoT deployments without trusted hardware. We present SWARNA, a <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">software-based</i> swarm attestation for IoT devices. After highlighting the challenges in designing such a solution, we present two protocol variants for IEEE 802.15.4 TSCH networks. We assess their performance analytically and empirically through testbed experiments. SWARNA maintains a constant payload size whereas, it increases linearly with the network size for existing solutions requiring trusted hardware. The two protocol variants attest 30 nodes networks, in 6s and 1.5s to 8.2s, respectively, depending on the number of malicious nodes. Further, we demonstrate that attestation traffic has a negligible impact on the packet delivery ratio (0.4 percent drop) of a typical data collection application.