Secure Verifiable Remote Attestation of Embedded Devices

Remote attestation in embedded devices is a service that allows a verifier to check the internal state of a prover (the embedded device). Previous work in remote attestation assume trusted verifier. This renders the prover prone to receive and responds to unauthenticated requests which may allow a malicious verifier to flood a prover with faked requests causing Denial of Service (DoS) attack. Furthermore, previous work paid little attention to provide efficient solutions for attesting dynamic memory. Most of the available solutions work for static memory. To this end, this paper introduces a new remote attestation protocol that aims to mitigate the aforementioned problems. We investigate applying hash trees to remote attestation. The protocol includes a challengeresponse authentication mechanism. In addition, it adapts a known method for interactive remote validation for trusted platforms using hash trees into our context. We propose two new topologies for the hash tree with the aim of better verification performance and granularity. We analyse the security of the protocol against replay attacks and malware presence in the prover. We conclude that the protocol provides verifier authentication and the tree structure provides improved granularity in the verification process over the static verification method. However, further research and evaluation of the protocol is still needed