Titulo Estágio
Remote Attestation for IoT devices with Root of Trust
Local do Estágio
Instituto Pedro Nunes (IPN)
Enquadramento
The increased digitalization of our
society and its economic sectors, helped by technological advances such as the
Internet of Things (IoT), cellular communications or AI, has unlocked
disruptive services and significantly increased productivity (e.g., through
automation, remote work or services). It has, however, also created the ideal
circumstances for malicious actors / attackers, as reflected by the increased frequency
and impact of cybersecurity incidents.
IoT devices (i.e., sensors and / or
actuators) and systems are particularly prone to attacks such as eavesdropping
or brute-force, which can lead to huge consequences both on cyber and physical
domains, as demonstrated by attacks such as Mirai[1].
By 2025, over 25% of cyber-attacks against businesses are estimated to be
IoT-based[2],
which stresses the importance of securing IoT technologies.
In this context, trust in devices
plays a crucial role, including from a supply chain perspective. Remote Attestation
is a valuable security service by which a trusted entity (“Verifier”) assesses
the trustworthiness of a potentially untrusted peer (“Attester”) – being it device,
service or other entity. To do so, the Attester sends proofs or claims regarding
itself and its state (e.g., component identifier, roots of trust, manufacturer,
token ID, etc). Remote attestation is employed in IoT systems to assess IoT
devices, applications and services, employing challenge-response approaches
issued by one or more Verifiers towards one or more devices (potentially
swarms).
[1] Netscout,
weaponization of internet infrastructure.
https://www.netscout.com/use-case/weaponization-internet-infrastructure (July
2020)
[2] Gartner
insights on how to lead in a connected world.
https://www.gartner.com/imagesrv/books/iot/iotEbook digital.pdf/
Objetivo
The objective of this work is to implement
and experiment with attestation mechanisms comprising claims confidentiality
mechanisms, root of trust hardware approaches (e.g. TPMs, cryptochips), including
the support of multiple verifiers in the attestation procedures. The devised solution
should leverage secure challenge-response protocols, as well as safe and
distributed approaches. The following activities are part of the objectives: a)
the definition of one or more reference use case(s) in the target application
environments (e.g., remote health monitoring, drone-based video monitoring,
smart grid monitoring); b) analysis of requirements (e.g., support for multiple
Verifiers, nature of attestation evidence or results and associated assessment
policies); c) specification of enhancements for the baseline solution; d) the
implementation, testing, integration with external encryption and RoT
mechanisns, and final evaluation the solution in an experimental environment.
Plano de Trabalhos - Semestre 1
The envisaged work plan of this internship
includes the following activities:
[Week 1 - 8] - Literature review of
the most suitable attestation mechanisms in IoT environments such as example challenge-response,
integrity verification of operational state (e.g., the program memory or
run-time state of data memory), including the analysis of relevant
standardization activities such as IETF’s Remote ATtestation ProcedureS (RATS).
[Week 9 - 12] - Identification and familiarization
with reference open-source implementations, such as Veraison[1]
or CHARRA[2].
[Week 13 - 16] – Analysis and
specification of requirements (e.g., security properties) and target use case;
[Week 15 - 20] – Design of the
solution based on baseline approach;
[Week 16 - 20] - Preparation of the master's dissertation interim
report.
[1]
https://github.com/veraison/veraison
[2]
https://github.com/Fraunhofer-SIT/charra
Plano de Trabalhos - Semestre 2
[Week 1 - 6] - Experimentation with
selected open-source tools(s);
[Week 4 - 12] – Implementation and
integration of mechanism(s) for supporting IoT device attestation in
experimental settings;
[Week 13 - 17] - Evaluation of the implemented
solution;
[Week 14 - 20] - Preparation of the
final master thesis / report.
Condições
The place of work will be at
Laboratório de Informática e Sistemas (LIS), Instituto Pedro Nunes
(IPN).
This topic is part of the
Autonomous Trust, Security and Privacy Management Framework for IoT
(ARCADIAN-IoT) project, coordinated by the Pedro Nunes Institute (IPN), and
funded by the European Commission's H2020 program (agreement nº 101020259), and
the associated work will take place in a multi-disciplinary team addressing
other similar or more distant research topics.
The student may apply for a research grant,
for a period of 6 months, possibly renewable, with the amount of €875.98 /
month.
Observações
During the application phase,
doubts related to this proposal, namely about the objectives and conditions,
must be clarified with the supervisors, via email or a meeting, to be arranged
after an email contact.
Orientador
Sérgio Figueiredo
sfigueiredo@ipn.pt 📩