Abstract
With the widespread adoption of Internet of Things (IoT) devices, remote attestation is crucial for ensuring their security. However, current schemes that require a central verifier or interactive approaches are expensive and inefficient for collaborative autonomous systems. Furthermore, the security of the software state cannot be guaranteed before or between successive attestations, leaving devices vulnerable to Time-Of-Check-Time-Of-Use (TOCTOU) attacks, as well as confidentiality issues arising from pre-sharing software information with the verifier. Therefore, we propose the Secure mutual Attestation against TOCTOU Zero-Knowledge proof based for IoT devices (ZKSA), which allows devices to mutually attest without a central verifier, and the attestation result is transparent while preserving confidentiality. We implement a ZKSA prototype on a Raspberry Pi 3B, demonstrating its feasibility and security. Even if malware is removed before the next attestation, it will be detected and the detection time is typically constant. Simulations show that compared to other schemes for mutual attestation, such as DIAT and CFRV, ZKSA exhibits scalability. When the prover attests to numerous verifier devices, ZKSA reduces the verification time from linear to constant.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
