RADIS: Remote Attestation of Distributed IoT Services
Remote attestation is a security technique by which a potentially untrusted device called Prover can evidence its current state to an external trusted party called Verifier. The main goal of a remote attestation protocol is to guarantee the reliability of the evidence, such that the Verifier can verify remotely the trustworthiness of the Prover. In the Internet of Things (IoT) systems, which are increasingly becoming exposed to a broad range of exploitations, the existing remote attestation protocols aim to check the integrity of each individual IoT device by detecting the modified softwares and physical tampering attacks. However, in an interconnected IoT system, in which IoT devices interact autonomously among themselves, a compromised IoT service can influence the genuine operation of other invoked service, without changing the software. In this paper, we show how a compromised service in a distributed IoT service can induce malicious behavior on genuine services, and we highlight the need for distributed services attestation. We propose a protocol for Remote Attestation of Distributed IoT Services (RADIS), which provides a complete evidence about the trustworthiness of distributed IoT services. RADIS relies on a control-flow attestation technique to detect IoT services that perform an unexpected operation due to their interactions with a malicious remote service. Additionally, RADIS traces the interactions between IoT distributed services, allowing the Verifier to check whether the activities follow a legitimate interaction model. We discuss the effectiveness of our protocol in validating the integrity status of a distributed IoT service.
READ FULL TEXT