Remote Attestation for Embedded Systems

Markku Kylänpää (Corresponding author), Aarne Rantala

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    2 Citations (Scopus)

    Abstract

    Large distributed systems, like Industrial Control Systems, should be able to verify that devices that are connected to trusted entities are real authorized network nodes running unmodified firmware. Remote attestation is a mechanism that can provide limited confidence of device identity and integrity. Remote attestation allows a remote verifier, e.g. a service provider, to verify integrity of the connecting system before providing a service. The current standard practice in remote attestation, defined by the Trusted Computing Group (TCG), is based on integrity measurements whose results are stored into an isolated trusted component called Trusted Platform Module (TPM) inside the system to be attested. The proof-of-concept scenario implementing similar functionality using an ARM processor secure environment is discussed. The implementation is done using ARM processor emulator which includes emulation for ARM TrustZone Trusted Execution Environment (TEE) providing isolated trusted component functionality. Challenges and security issues of the chosen approach are discussed.
    Original languageEnglish
    Title of host publicationSecurity of Industrial Control Systems and Cyber Physical Systems
    Subtitle of host publicationCyberICS 2015, WOS-CPS 2015
    PublisherSpringer
    Number of pages15
    ISBN (Electronic)978-3-319-40385-4
    ISBN (Print)978-3-319-40384-7
    DOIs
    Publication statusPublished - 2015
    MoE publication typeA4 Article in a conference publication
    EventConference on Cybersecurity of Industrial Control Systems, Workshop on the Security of Cyper Physical Systems, CyberICS 2015, WOS-CPS 2015 - Vienna, Austria
    Duration: 21 Sep 201522 Sep 2015

    Publication series

    SeriesLecture Notes in Computer Science
    Volume9588

    Conference

    ConferenceConference on Cybersecurity of Industrial Control Systems, Workshop on the Security of Cyper Physical Systems, CyberICS 2015, WOS-CPS 2015
    Abbreviated titleCyberICS 2015, WOS-CPS 2015
    CountryAustria
    CityVienna
    Period21/09/1522/09/15

    Fingerprint

    ARM processors
    Embedded systems
    Firmware
    Control systems

    Keywords

    • embedded systems
    • industrial control systems
    • internet of things
    • cyber-physical systems
    • security
    • attestation
    • trusted execution environment

    Cite this

    Kylänpää, M., & Rantala, A. (2015). Remote Attestation for Embedded Systems. In Security of Industrial Control Systems and Cyber Physical Systems : CyberICS 2015, WOS-CPS 2015 Springer. Lecture Notes in Computer Science, Vol.. 9588 https://doi.org/10.1007/978-3-319-40385-4_6
    Kylänpää, Markku ; Rantala, Aarne. / Remote Attestation for Embedded Systems. Security of Industrial Control Systems and Cyber Physical Systems : CyberICS 2015, WOS-CPS 2015. Springer, 2015. (Lecture Notes in Computer Science, Vol. 9588).
    @inproceedings{9a707626213b4dad99bdde5a4db8fe87,
    title = "Remote Attestation for Embedded Systems",
    abstract = "Large distributed systems, like Industrial Control Systems, should be able to verify that devices that are connected to trusted entities are real authorized network nodes running unmodified firmware. Remote attestation is a mechanism that can provide limited confidence of device identity and integrity. Remote attestation allows a remote verifier, e.g. a service provider, to verify integrity of the connecting system before providing a service. The current standard practice in remote attestation, defined by the Trusted Computing Group (TCG), is based on integrity measurements whose results are stored into an isolated trusted component called Trusted Platform Module (TPM) inside the system to be attested. The proof-of-concept scenario implementing similar functionality using an ARM processor secure environment is discussed. The implementation is done using ARM processor emulator which includes emulation for ARM TrustZone Trusted Execution Environment (TEE) providing isolated trusted component functionality. Challenges and security issues of the chosen approach are discussed.",
    keywords = "embedded systems, industrial control systems, internet of things, cyber-physical systems, security, attestation, trusted execution environment",
    author = "Markku Kyl{\"a}np{\"a}{\"a} and Aarne Rantala",
    note = "Project code: 100664",
    year = "2015",
    doi = "10.1007/978-3-319-40385-4_6",
    language = "English",
    isbn = "978-3-319-40384-7",
    series = "Lecture Notes in Computer Science",
    publisher = "Springer",
    booktitle = "Security of Industrial Control Systems and Cyber Physical Systems",
    address = "Germany",

    }

    Kylänpää, M & Rantala, A 2015, Remote Attestation for Embedded Systems. in Security of Industrial Control Systems and Cyber Physical Systems : CyberICS 2015, WOS-CPS 2015. Springer, Lecture Notes in Computer Science, vol. 9588, Conference on Cybersecurity of Industrial Control Systems, Workshop on the Security of Cyper Physical Systems, CyberICS 2015, WOS-CPS 2015, Vienna, Austria, 21/09/15. https://doi.org/10.1007/978-3-319-40385-4_6

    Remote Attestation for Embedded Systems. / Kylänpää, Markku (Corresponding author); Rantala, Aarne.

    Security of Industrial Control Systems and Cyber Physical Systems : CyberICS 2015, WOS-CPS 2015. Springer, 2015. (Lecture Notes in Computer Science, Vol. 9588).

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - Remote Attestation for Embedded Systems

    AU - Kylänpää, Markku

    AU - Rantala, Aarne

    N1 - Project code: 100664

    PY - 2015

    Y1 - 2015

    N2 - Large distributed systems, like Industrial Control Systems, should be able to verify that devices that are connected to trusted entities are real authorized network nodes running unmodified firmware. Remote attestation is a mechanism that can provide limited confidence of device identity and integrity. Remote attestation allows a remote verifier, e.g. a service provider, to verify integrity of the connecting system before providing a service. The current standard practice in remote attestation, defined by the Trusted Computing Group (TCG), is based on integrity measurements whose results are stored into an isolated trusted component called Trusted Platform Module (TPM) inside the system to be attested. The proof-of-concept scenario implementing similar functionality using an ARM processor secure environment is discussed. The implementation is done using ARM processor emulator which includes emulation for ARM TrustZone Trusted Execution Environment (TEE) providing isolated trusted component functionality. Challenges and security issues of the chosen approach are discussed.

    AB - Large distributed systems, like Industrial Control Systems, should be able to verify that devices that are connected to trusted entities are real authorized network nodes running unmodified firmware. Remote attestation is a mechanism that can provide limited confidence of device identity and integrity. Remote attestation allows a remote verifier, e.g. a service provider, to verify integrity of the connecting system before providing a service. The current standard practice in remote attestation, defined by the Trusted Computing Group (TCG), is based on integrity measurements whose results are stored into an isolated trusted component called Trusted Platform Module (TPM) inside the system to be attested. The proof-of-concept scenario implementing similar functionality using an ARM processor secure environment is discussed. The implementation is done using ARM processor emulator which includes emulation for ARM TrustZone Trusted Execution Environment (TEE) providing isolated trusted component functionality. Challenges and security issues of the chosen approach are discussed.

    KW - embedded systems

    KW - industrial control systems

    KW - internet of things

    KW - cyber-physical systems

    KW - security

    KW - attestation

    KW - trusted execution environment

    U2 - 10.1007/978-3-319-40385-4_6

    DO - 10.1007/978-3-319-40385-4_6

    M3 - Conference article in proceedings

    SN - 978-3-319-40384-7

    T3 - Lecture Notes in Computer Science

    BT - Security of Industrial Control Systems and Cyber Physical Systems

    PB - Springer

    ER -

    Kylänpää M, Rantala A. Remote Attestation for Embedded Systems. In Security of Industrial Control Systems and Cyber Physical Systems : CyberICS 2015, WOS-CPS 2015. Springer. 2015. (Lecture Notes in Computer Science, Vol. 9588). https://doi.org/10.1007/978-3-319-40385-4_6