Titulo Estágio
Remote Attestation for IoT services
Local do Estágio
Coimbra
Enquadramento
The increased digitalization of our society and its economic sectors, helped by technological advances such as the Internet of Things (IoT), cellular communications or AI, has unlocked disruptive services and significantly increased productivity (e.g., through automation, remote work or services). It has, however, also created the ideal circumstances for malicious actors / attackers, as reflected by the increased frequency and impact of cybersecurity incidents.
IoT devices (i.e., sensors and / or actuators) and systems are particularly prone to attacks such as eavesdropping or brute-force, which can lead to huge consequences both on cyber and physical domains, as demonstrated by attacks such as Mirai[1]. By 2025, over 25% of cyber-attacks against businesses are estimated to be IoT-based[2], which stresses the importance of securing IoT technologies.
In this context, trust in devices and services plays a crucial role, including from a supply chain perspective. Remote Attestation is a valuable security service by which a trusted entity (“Verifier”) assesses the trustworthiness of a potentially untrusted peer (“Attester”) – being it device, service or other entity. To do so, the Attester sends proofs or claims regarding itself and its state (e.g., component identifier, roots of trust, manufacturer, token ID, etc). Remote attestation is employed in IoT systems to assess IoT devices, applications and services, employing challenge-response approaches issued by one or more Verifiers towards one or more devices (potentially swarms). However, while extensive work focusing the attestation of IoT devices exists, there has been limited effort in attesting IoT services, e.g., checking their integrity[3].
This topic is part of the Autonomous Trust, Security and Privacy Management Framework for IoT (ARCADIAN-IoT) project, coordinated by the Pedro Nunes Institute (IPN), and funded by the European Commission's H2020 program (agreement nº 101020259), and the associated work will take place in a multi-disciplinary team addressing other similar or more distant research topics.
[1]Netscout, weaponization of internet infrastructure. https://www.netscout.com/use-case/weaponization-internet-infrastructure (July 2020)
[2]Gartner insights on how to lead in a connected world. https://www.gartner.com/imagesrv/books/iot/iotEbook digital.pdf/
[3]Conti, M.; Dushku, E.; Mancini, L.V. RADIS: Remote Attestation of Distributed IoT Services. In Proceedings of the 6th IEEE International Conference on Software Defined Systems (SDS 2019), Rome, Italy, 10–13 June 2019
Objetivo
The objectives of this work are to:
a) analyse and understand state of the art approaches for Remote Attestation (e.g., Entity Attestation Token protocol, Challenge-Response attestation) and their suitability and potential adaptation for attesting the trustworthiness of IoT services;
b) establish a reference use case in one of the target application environments (e.g., remote health monitoring, drone-based video monitoring, smart grid monitoring);
c) specify the solution (e.g., based on control-flow deviation analysis) and associated technical requirements (e.g., support for multiple Verifiers, nature of attestation evidence or results and associated assessment policies);
d) implement, test and evaluate the solution in an experimental environment.
This work falls within the scope of the “Autonomous Trust, Security and Privacy Management Framework for IoT” (ARCADIAN-IoT) project, coordinated by Instituto Pedro Nunes and funded by the European Commission's H2020 program.
Plano de Trabalhos - Semestre 1
Attestation mechanisms rely on schemes that provide evidence of the integrity of the components and trustworthiness of services through distributed and scalable approaches. The envisaged work plan of this internship includes the following activities:
[Week 1 - 8] - Literature review of the most suitable attestation mechanisms in IoT environments such as example challenge-response, integrity verification of operational state (e.g., the program memory or run-time state of data memory), including the analysis of relevant standardization activities such as IETF’s Remote ATtestation ProcedureS (RATS).
[Week 9 - 12] - Identification and familiarization with reference open-source implementations, such as Veraison or CHARRA .
[Week 13 - 16] - Definition of requirements (e.g., security properties) and target use case;
[Week 15 - 20] - High-level specification of the solution;
[Week 16 - 20] - Preparation of the master's dissertation interim report.
Plano de Trabalhos - Semestre 2
[Week 1 - 6] - Experimentation with selected open-source tools(s);
[Week 4 - 12] – Detailed design and implementation of mechanism(s) for supporting IoT service attestation, considering the established requirements and target use case, in experimental settings;
[Week 13 - 17] - Evaluation of the implemented solution;
[Week 14 - 20] - Preparation of the final master thesis / report.
Condições
The place of work will be at Laboratório de Informática e Sistemas (LIS), Instituto Pedro Nunes (IPN).
This work will be integrated into an international research project. The student may apply for a research grant, for a period of 6 months, possibly renewable, with the amount of €875.98 / month.
Observações
During the application phase, doubts related to this proposal, namely about the objectives and conditions, must be clarified with the supervisors, via email or a meeting, to be arranged after an email contact.
Orientador
Sérgio Miguel Calafate de Figueiredo
sfigueiredo@ipn.pt 📩