Remote Attestation: A Literature Review
Abstract
With the rising number of IoT devices, the security of such devices becomes increasingly important. Remote attestation (RA) is a distinct security service that allows a remote verifer to reason about the state of an untrusted remote prover (device). Paradigms of remote attestation span from exclusively software, in software-based attestation, to exclusively hardware-based. In between the extremes are hybrid attestation that utilize the enhanced security of secure hardware components in combination with the lower cost of purely software-based implementations. Traditional remote attestation protocols are concerned with reasoning about the state of a prover. However, extensions to remote attestation also exist, such as code updates, device resets, erasure and attestation of the device's run-time state. Furthermore, as interconnected IoT devices are becoming increasingly more popular, so is the need for attestation of device swarms. We will describe and evaluate the state-of-the-art for remote attestation, which covers singular attestation of devices as well as newer research in the area of formally verified RA protocols, swarm attestation and control-flow attestation.
- Publication:
-
arXiv e-prints
- Pub Date:
- May 2021
- DOI:
- 10.48550/arXiv.2105.02466
- arXiv:
- arXiv:2105.02466
- Bibcode:
- 2021arXiv210502466S
- Keywords:
-
- Computer Science - Cryptography and Security
- E-Print:
- 34 pages, 2 figures, 6 tables