
shared key is generated by the verifier and distributed
to RP and attester during the protocol run.
An important feature of our approach is the sep-
aration of roles between the relying party and veri-
fier, which delegates the processing of attestation evi-
dence to a third device, critically decreasing the power
and memory requirements on the relying party device.
The relying party only needs to process attestation re-
sult, the verifier’s simple, standard-format verdict on
the evidence.
REFERENCES
3GPP (2023). Security architecture and procedures for 5G
system. Technical Specification TS 33.501 V18.2.0,
3GPP.
Aldoseri, A., Clothia, T., Moreira, J., and Oswald, D.
(2023). Symbolic modelling of remote attestation pro-
tocols for device and app integrity on Android. In
Proceedings of the 2023 ACM on Asia Conference
on Computer and Communication Security, ASIA
CCS’23, pages 218–231, New York, NY, USA. As-
sociation for Computer Machinery.
Ammar, M., Crispo, B., and Tsudik, G. (2020). SIM-
PLE: A remote attestation approach for resource-
constrained IoT devices. In 2020 ACM/IEEE 11th
International Conference on Cyber-Physical Systems
(ICCPS), pages 247–258.
Ammar, M., Washha, M., Ramabhadran, G. S., and Crispto,
B. (2018). SlimIOT: Scalable lightweight attestation
protocol for the internet of things. In 2018 IEEE Con-
ference on Dependable and Secure Computing (DSC).
IEEE.
Birkholz, H., Thaler, D., Richardson, M., Smith, N.,
and Pan, W. (2023). Remote attestation procedures
(RATS) architecture. RFC 9334.
Blanchet, B., Smyth, B., Cheval, V., and Sylvestre, M.
(2018). ProVerif 2.00: automatic cryptographic pro-
tocol verifier, user manual and tutorial.
Bormann, C., Ersue, M., and Keranen, A. (2014). Termi-
nology for constrained-node networks. RFC 7228.
Bormann, C. and Hoffman, P. (2020). Concise binary object
representation (CBOR). RFC 8949.
Coker, G., Guttman, J., Loscocco, P., Herzog, A., Millen,
J., O’Hanlon, B., Ramsdell, H., Segall, A., Sheehy, J.,
and Sniffen, B. (2011). Principles of remote attesta-
tion. International Journal of Information Security,
10:63–81.
Dhar, A., Puddu, I., Kostiainen, K., and Capkun, S. (2020).
ProximiTEE: Hardened SGX attestation by proximity
verification. In Proceedings of the Tenth ACM Confer-
ence on Data and Application Security and Privacy,
CODASPY ’20, page 5–16, New York, NY, USA. As-
sociation for Computing Machinery.
Dolev, D. and Yao, A. C. (1983). On the security of pub-
lic key protocols. IEEE Transactions on Information
Theory, 29:198–208.
Feng, W., Qin, Y., Zhao, S., and Feng, D. (2018). AAoT:
Lightweight attestation and authentication for low-
resource things in IoT and CPS. Computer Networks,
134:167–182.
Fossati, T., Voit, E., and Trofimov, S. (2023). EAT Attesta-
tion Results. https://www.ietf.org/archive/id/draft-f
v-rats-ear-01.html. Last Accessed: 17-07-2023.
Gunn, L., Asokan, N., Ekberg, J.-E., Liljestrand, H.,
Nayani, V., and Nyman, T. (2022). Hardware platform
security for mobile devices. Foundations and Trends
in Privacy and Security, 3:214–394.
Hristozov, S., Wettermann, M., and Huber, M. (2022).
A TOUCTOU attack on DICE attestation. In CO-
DASPY’22: Proceedings of the Twelft ACM Confer-
ence on Data and Application Security and Privacy,
pages 226–235, New York, NY, USA. Association for
Computing Machinery.
Intel (2017). TinyCrypt Cryptographic Library. https://gith
ub.com/intel/tinycrypt.
J
¨
ager, L., Petri, R., and Fuchs, A. (2017). Rolling DICE:
Lightweight remote attestation for COTS IOT hard-
ware. In ARES’17: Proceedings of the 12th Interna-
tional Conference on Availability, Reliability and Se-
curity, ARES ’17, New York, NY, USA. Association
for Computing Machinery.
Johnson, W. A., Ghafoor, S., and Prowell, S. (2021). A
taxonomy and review of remote attestation schemes in
embedded systems. IEEE Access, 9:142390–14210.
Kohnh
¨
auser, F., B
¨
uscher, N., Gabmeyer, S., and Katzen-
beisser, S. (2017). SCAPI: A scalable attestation pro-
tocol to detect software and physical attacks. In Pro-
ceedings of the 10th ACM Conference on Security and
Privacy in Wireless and Mobile Networks, pages 75–
86.
Moustafa, M., Niemi, A., Ginzboorg, P., and Ekberg, J. E.
(2023). Attestation with constrained relying party.
arXiv preprint, abs/2312.08903.
Niemi, A., Bop, V. A. B., and Ekberg, J.-E. (2021). Trusted
Sockets Layer: A TLS 1.3 based trusted channel pro-
tocol. In Tuveri, N., editor, Secure IT Systems: 26th
Nordic Conference, NordSec 2021, Lecture Notes in
Computer Science, pages 175–191, Cham. Springer
International Publishing.
Niemi, A., Nayani, V., Moustafa, M., and Ekberg, J. E.
(2023). Platform attestation in consumer devices. In
2023 33rd Conference of Open Innovations Associa-
tion (FRUCT), pages 198–209. IEEE.
Nordic Semiconductor (2023). nRF5340 DK. https://www.
nordicsemi.com/Products/Development-hardware/nR
F5340-DK. Last Accessed: 17-07-2023.
Parno, B. (2008). Bootstrapping trust in a “trusted” plat-
form. In Proceedings of the 3rd Conference on Hot
Topics in Security, HOTSEC’08, USA. USENIX As-
sociation.
TCG (2021). DICE Attestation Architecture. Trusted Com-
puting Group. Version 1.0, revision 0.23.
Zephyr (2023). Bluetooth: IPSP Sample. https://docs.zep
hyrproject.org/latest/samples/bluetooth/ipsp/READM
E.html. Last Accessed: 17-07-2023.
ICISSP 2024 - 10th International Conference on Information Systems Security and Privacy
708