Authors:
Aída Diop
1
;
Maryline Laurent
2
;
Jean Leneutre
3
and
Jacques Traoré
4
Affiliations:
1
Télécom SudParis, Télécom ParisTech, Orange Labs, Caen, France
;
2
SAMOVAR, CNRS, Télécom SudParis, Institut Polytechnique de Paris, France
;
3
LTCI, Télécom ParisTech, Université Paris-Saclay, France
;
4
Orange Labs, Caen, France
Keyword(s):
Security, Remote Attestation, Collective Attestation.
Abstract:
Embedded Internet of Things (IoT) devices are deployed in the functioning of a number of applications such as industrial control, building automation, and the smart grid. The lack of robustness of IoT devices has however rendered such systems vulnerable to a number of remote cyber-attacks. Remote attestation is a security mechanism which enables to remotely verify the integrity of the software running on IoT devices. Similarly, collective remote attestation protocols are designed to efficiently verify the integrity of a group of devices. Existing collective attestation protocols do not provide an efficient and secure mechanism to detect compromised devices. In particular, it is not possible to efficiently trace the origin of an erroneous attestation response back to the concerned node. In this paper, we introduce CoRA, a highly scalable collective attestation protocol, which leverages the aggregating property of the underlying cryptographic scheme during the attestation process. CoRA
is the first collective attestation protocol to also provide sequential detection, where the identity of the compromised node is revealed. We provide rigorous security proofs for our protocol and its underlying cryptographic primitive, and demonstrate its efficiency in highly scalable networks.
(More)