Remote attestation adds trust to critical infrastructures

When collecting measurements (e.g. temperature) from the Internet of Things (IoT), you want to make sure that those measurements are fresh and originate from calibrated and untampered sensor nodes. Integrity verification of sensor nodes is becoming more critical as attacks against IoT devices have become more common and also utilized in large botnets (e.g. the Mirai case). Remote attestation is a mechanism of measuring internal state of the system. It reports fresh state information to a remote verifier that can use this information to verify the node’s integrity.

The whole society is becoming more and more dependent on various distributed networked systems. Remote attestation could be applied to protect integrity of critical infrastructures. The more critical the infrastructure, the more important remote attestation becomes. For example energy systems, payment networks, and the military domain are very critical and proper attestation mechanisms should be in place. Such systems contain many networked nodes that are distributed to large geographic area. Guaranteeing both online and physical security of the networked nodes can be challenging.

Applications and technologies

Remote attestation is typically used as an additional check before permitting access to the provided service. Companies may request attestation before allowing laptops to their wireless networks, forcing software updates in a quarantine network. Cloud-based services can utilize attestation to prove that the virtual machine has been set up correctly and there may be dedicated enclave that is used to run confidential computing tasks. Attestation mechanisms can also be used like virus scanners to perform local health check for network nodes. All these routines create more secure environment to operate in.

Common attestation technologies, protocols, and architectures include:

  • Isolated execution environment to protect measurements and to provide signed integrity report (e.g. Trusted Platform Module (TPM), Intel Software Guard Extensions (SGX), ARM TrustZone).
  • Measurement mechanisms – boot phase and userspace (e.g. Integrity Measurement Architecture (IMA)).
  • Remote attestation protocol (e.g. Open Cloud Integrity Technology (OpenCIT))

Problems and limitations

Like any other paradigm, remote attestation is no silver bullet either. It has its drawbacks such as keeping an up to date whitelist. It is somewhat doable in embedded systems such as IoT devices, which are aimed to perform a limited amount of operations. In the case of full-fledged computers, instead, maintaining a whitelist of all relevant configurations becomes very complex, because of large number of installed applications and software updates.

Another downside of remote attestation is that it concentrates mainly on the executable files, not on the runtime vulnerabilities such as buffer overflows. However, even though remote attestation is not able to identify runtime attacks, attackers often leave behind traces when installing malware components and attestation measuring mechanisms are capable of tracking those.

VTT_Cybersecurity
Figure 1. Remote attestation protocol transfers integrity protected measurements to the verifier

Conclusions

Remote attestation can be used to provide integrity verification for network endpoints. The concept should be used in networks that require additional security, like systems that are part of critical infrastructures.

Download our free report on cyber security and learn how to protect your organization and defend against security incidents.

MarkkuKylanpaa
Markku Kylänpää
Senior Scientist, VTT
markku.kylanpaa(a)vtt.fi
Tel +358 207 226035

More information:

Lee-Thorp A., “Attestation in Trusted Computing: Challenges and Potential Solutions”, Royal Holloway Series, http://cdn.ttgtmedia.com/searchSecurityUK/downloads/RHUL_Thorp_­v2­.­pdf .

Kylänpää M., Rantala A., “Remote Attestation for Embedded Systems”, In: Security of Industrial Control Systems and Cyber Physical Systems. CyberICS 2015, WOS-CPS 2015. Lecture Notes in Computer Science, vol 9588. Springer, 2016.

Industrial renewal is upon us – be bold and gain a foothold!

Digitalisation, automation, IoT, AI, blockchain, 3D printing – I could continue the list with quite a few juicy terms. How many times have you read or heard one of these words during the last week? I dare to wager that it was quite a few. Certain themes rise to the surface and remain a topic for discussion, until a new trendy word rises to everybody’s lips. Instead of using inordinate amounts of time and energy around an individual concept or technology, we should shift our focus to the change taking place in the big picture and to what kind of a future we could create with the help of various technological enablers.

New trends force changes upon the current operations

Automation and robotisation alone are not enough to answer the challenges placed on companies by the global market and the increasingly demanding customer needs. Companies have no choice but to draw parallels between their development and, for instance, the following trends:

  • Smart products, production systems, production and delivery chains;
  • Renovation of the design of products and production through digitalisation and automation;
  • Need-based production, real-time delivery chain, distributed production;
  • Robotisation and flexible automation combined with artificial intelligence;
  • Service business with (or without) the help of digitalisation; and
  • Industrial ecosystems and platform economy.

I believe in the claim that the smart products and services of the future will be created in new industrial ecosystems supported by a globally connected platform economy. The leap from today to this vision seems wild, and the ability of companies to see the steps they need to take can be limited, when there is no concrete action plan available. It is therefore gratifying that we can find examples around us where a company’s own desire for development launches a networking project full of growth potential.

Expand your operations with the help of industrial networks

When a Finnish medium-sized machine manufacturer wishes to broaden its offering in order to speed up its growth in the global marketplace, the traditional model is to start planning business acquisitions. It would be more agile to avoid the risks and slowness of acquisitions by establishing a network structure, where a number of companies linked to the sector in question commit to creating a shared offering.

For global customers, this network appears as a seamless entity, while inside it, different actors work according to their own core competencies and deliver their share of the total. In this model, the success comes from working together, challenging each other within the network and obtaining help from select key customers.

Automation streamlines and adapts production

The radical renovation of design, manufacturing and service business with the help of digitalisation builds competitiveness and business opportunities for the industry also in countries with traditionally high cost structures. Robotics offers various solutions for making production more efficient and increasing productivity in the manufacturing industry.

However, it is not a question of robotisation only; an industrial company must be able to increase its agility and flexibility in order to create solutions that maximise the customer benefit. New manufacturing processes and the delivery chains built around them will bring customer-specific solutions up to a level we have not yet seen.

Thus far, automation has mostly been linked to equipment and production processes. However, the real leap in productivity will take place at the systemic level, where the entire delivery chain is examined, boldly questioning the current operating models. Must a company producing products have its own manufacturing capacity, or could it connect to a network of manufacturing plants and commission the manufacturing of the products from the plant that is most optimal to the need? On a longer term, one could think that this kind of a system is self-learning and able to adapt to the production needs of the owner of each brand. Once again, these are major questions from the perspective from the Finnish manufacturing industry; after all, we wish to ensure that we have strong connections to the future network models.

We help companies realise bold and ambitious visions

VTT possesses strong competence in the above-mentioned themes of industrial renewal, and even now, we are involved in enabling the birth of several industrial networks. In addition to technological research and development, we are a natural and competent partner also for the creation and organisation of new ecosystems.

Mika Toikka VTT

Mika Toikka
Vice President, Sales and Business Development
(Smart Industry and Energy Systems)