When collecting measurements (e.g. temperature) from the Internet of Things (IoT), you want to make sure that those measurements are fresh and originate from calibrated and untampered sensor nodes. Integrity verification of sensor nodes is becoming more critical as attacks against IoT devices have become more common and also utilized in large botnets (e.g. the Mirai case). Remote attestation is a mechanism of measuring internal state of the system. It reports fresh state information to a remote verifier that can use this information to verify the node’s integrity.
The whole society is becoming more and more dependent on various distributed networked systems. Remote attestation could be applied to protect integrity of critical infrastructures. The more critical the infrastructure, the more important remote attestation becomes. For example energy systems, payment networks, and the military domain are very critical and proper attestation mechanisms should be in place. Such systems contain many networked nodes that are distributed to large geographic area. Guaranteeing both online and physical security of the networked nodes can be challenging.
Applications and technologies
Remote attestation is typically used as an additional check before permitting access to the provided service. Companies may request attestation before allowing laptops to their wireless networks, forcing software updates in a quarantine network. Cloud-based services can utilize attestation to prove that the virtual machine has been set up correctly and there may be dedicated enclave that is used to run confidential computing tasks. Attestation mechanisms can also be used like virus scanners to perform local health check for network nodes. All these routines create more secure environment to operate in.
Common attestation technologies, protocols, and architectures include:
- Isolated execution environment to protect measurements and to provide signed integrity report (e.g. Trusted Platform Module (TPM), Intel Software Guard Extensions (SGX), ARM TrustZone).
- Measurement mechanisms – boot phase and userspace (e.g. Integrity Measurement Architecture (IMA)).
- Remote attestation protocol (e.g. Open Cloud Integrity Technology (OpenCIT))
Problems and limitations
Like any other paradigm, remote attestation is no silver bullet either. It has its drawbacks such as keeping an up to date whitelist. It is somewhat doable in embedded systems such as IoT devices, which are aimed to perform a limited amount of operations. In the case of full-fledged computers, instead, maintaining a whitelist of all relevant configurations becomes very complex, because of large number of installed applications and software updates.
Another downside of remote attestation is that it concentrates mainly on the executable files, not on the runtime vulnerabilities such as buffer overflows. However, even though remote attestation is not able to identify runtime attacks, attackers often leave behind traces when installing malware components and attestation measuring mechanisms are capable of tracking those.
Figure 1. Remote attestation protocol transfers integrity protected measurements to the verifier
Remote attestation can be used to provide integrity verification for network endpoints. The concept should be used in networks that require additional security, like systems that are part of critical infrastructures.
Download our free report on cyber security and learn how to protect your organization and defend against security incidents.
Senior Scientist, VTT
Tel +358 207 226035
Lee-Thorp A., “Attestation in Trusted Computing: Challenges and Potential Solutions”, Royal Holloway Series, http://cdn.ttgtmedia.com/searchSecurityUK/downloads/RHUL_Thorp_v2.pdf .
Kylänpää M., Rantala A., “Remote Attestation for Embedded Systems”, In: Security of Industrial Control Systems and Cyber Physical Systems. CyberICS 2015, WOS-CPS 2015. Lecture Notes in Computer Science, vol 9588. Springer, 2016.