Remote Attestation for Embedded Systems

Markku Kylänpää (Corresponding author), Aarne Rantala

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

2 Citations (Scopus)

Abstract

Large distributed systems, like Industrial Control Systems, should be able to verify that devices that are connected to trusted entities are real authorized network nodes running unmodified firmware. Remote attestation is a mechanism that can provide limited confidence of device identity and integrity. Remote attestation allows a remote verifier, e.g. a service provider, to verify integrity of the connecting system before providing a service. The current standard practice in remote attestation, defined by the Trusted Computing Group (TCG), is based on integrity measurements whose results are stored into an isolated trusted component called Trusted Platform Module (TPM) inside the system to be attested. The proof-of-concept scenario implementing similar functionality using an ARM processor secure environment is discussed. The implementation is done using ARM processor emulator which includes emulation for ARM TrustZone Trusted Execution Environment (TEE) providing isolated trusted component functionality. Challenges and security issues of the chosen approach are discussed.
Original languageEnglish
Title of host publicationSecurity of Industrial Control Systems and Cyber Physical Systems
Subtitle of host publicationCyberICS 2015, WOS-CPS 2015
PublisherSpringer
Number of pages15
ISBN (Electronic)978-3-319-40385-4
ISBN (Print)978-3-319-40384-7
DOIs
Publication statusPublished - 2015
MoE publication typeA4 Article in a conference publication
EventConference on Cybersecurity of Industrial Control Systems, Workshop on the Security of Cyper Physical Systems, CyberICS 2015, WOS-CPS 2015 - Vienna, Austria
Duration: 21 Sep 201522 Sep 2015

Publication series

SeriesLecture Notes in Computer Science
Volume9588

Conference

ConferenceConference on Cybersecurity of Industrial Control Systems, Workshop on the Security of Cyper Physical Systems, CyberICS 2015, WOS-CPS 2015
Abbreviated titleCyberICS 2015, WOS-CPS 2015
CountryAustria
CityVienna
Period21/09/1522/09/15

Fingerprint

ARM processors
Embedded systems
Firmware
Control systems

Keywords

  • embedded systems
  • industrial control systems
  • internet of things
  • cyber-physical systems
  • security
  • attestation
  • trusted execution environment

Cite this

Kylänpää, M., & Rantala, A. (2015). Remote Attestation for Embedded Systems. In Security of Industrial Control Systems and Cyber Physical Systems : CyberICS 2015, WOS-CPS 2015 Springer. Lecture Notes in Computer Science, Vol.. 9588 https://doi.org/10.1007/978-3-319-40385-4_6
Kylänpää, Markku ; Rantala, Aarne. / Remote Attestation for Embedded Systems. Security of Industrial Control Systems and Cyber Physical Systems : CyberICS 2015, WOS-CPS 2015. Springer, 2015. (Lecture Notes in Computer Science, Vol. 9588).
@inproceedings{9a707626213b4dad99bdde5a4db8fe87,
title = "Remote Attestation for Embedded Systems",
abstract = "Large distributed systems, like Industrial Control Systems, should be able to verify that devices that are connected to trusted entities are real authorized network nodes running unmodified firmware. Remote attestation is a mechanism that can provide limited confidence of device identity and integrity. Remote attestation allows a remote verifier, e.g. a service provider, to verify integrity of the connecting system before providing a service. The current standard practice in remote attestation, defined by the Trusted Computing Group (TCG), is based on integrity measurements whose results are stored into an isolated trusted component called Trusted Platform Module (TPM) inside the system to be attested. The proof-of-concept scenario implementing similar functionality using an ARM processor secure environment is discussed. The implementation is done using ARM processor emulator which includes emulation for ARM TrustZone Trusted Execution Environment (TEE) providing isolated trusted component functionality. Challenges and security issues of the chosen approach are discussed.",
keywords = "embedded systems, industrial control systems, internet of things, cyber-physical systems, security, attestation, trusted execution environment",
author = "Markku Kyl{\"a}np{\"a}{\"a} and Aarne Rantala",
note = "Project code: 100664",
year = "2015",
doi = "10.1007/978-3-319-40385-4_6",
language = "English",
isbn = "978-3-319-40384-7",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
booktitle = "Security of Industrial Control Systems and Cyber Physical Systems",
address = "Germany",

}

Kylänpää, M & Rantala, A 2015, Remote Attestation for Embedded Systems. in Security of Industrial Control Systems and Cyber Physical Systems : CyberICS 2015, WOS-CPS 2015. Springer, Lecture Notes in Computer Science, vol. 9588, Conference on Cybersecurity of Industrial Control Systems, Workshop on the Security of Cyper Physical Systems, CyberICS 2015, WOS-CPS 2015, Vienna, Austria, 21/09/15. https://doi.org/10.1007/978-3-319-40385-4_6

Remote Attestation for Embedded Systems. / Kylänpää, Markku (Corresponding author); Rantala, Aarne.

Security of Industrial Control Systems and Cyber Physical Systems : CyberICS 2015, WOS-CPS 2015. Springer, 2015. (Lecture Notes in Computer Science, Vol. 9588).

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Remote Attestation for Embedded Systems

AU - Kylänpää, Markku

AU - Rantala, Aarne

N1 - Project code: 100664

PY - 2015

Y1 - 2015

N2 - Large distributed systems, like Industrial Control Systems, should be able to verify that devices that are connected to trusted entities are real authorized network nodes running unmodified firmware. Remote attestation is a mechanism that can provide limited confidence of device identity and integrity. Remote attestation allows a remote verifier, e.g. a service provider, to verify integrity of the connecting system before providing a service. The current standard practice in remote attestation, defined by the Trusted Computing Group (TCG), is based on integrity measurements whose results are stored into an isolated trusted component called Trusted Platform Module (TPM) inside the system to be attested. The proof-of-concept scenario implementing similar functionality using an ARM processor secure environment is discussed. The implementation is done using ARM processor emulator which includes emulation for ARM TrustZone Trusted Execution Environment (TEE) providing isolated trusted component functionality. Challenges and security issues of the chosen approach are discussed.

AB - Large distributed systems, like Industrial Control Systems, should be able to verify that devices that are connected to trusted entities are real authorized network nodes running unmodified firmware. Remote attestation is a mechanism that can provide limited confidence of device identity and integrity. Remote attestation allows a remote verifier, e.g. a service provider, to verify integrity of the connecting system before providing a service. The current standard practice in remote attestation, defined by the Trusted Computing Group (TCG), is based on integrity measurements whose results are stored into an isolated trusted component called Trusted Platform Module (TPM) inside the system to be attested. The proof-of-concept scenario implementing similar functionality using an ARM processor secure environment is discussed. The implementation is done using ARM processor emulator which includes emulation for ARM TrustZone Trusted Execution Environment (TEE) providing isolated trusted component functionality. Challenges and security issues of the chosen approach are discussed.

KW - embedded systems

KW - industrial control systems

KW - internet of things

KW - cyber-physical systems

KW - security

KW - attestation

KW - trusted execution environment

U2 - 10.1007/978-3-319-40385-4_6

DO - 10.1007/978-3-319-40385-4_6

M3 - Conference article in proceedings

SN - 978-3-319-40384-7

T3 - Lecture Notes in Computer Science

BT - Security of Industrial Control Systems and Cyber Physical Systems

PB - Springer

ER -

Kylänpää M, Rantala A. Remote Attestation for Embedded Systems. In Security of Industrial Control Systems and Cyber Physical Systems : CyberICS 2015, WOS-CPS 2015. Springer. 2015. (Lecture Notes in Computer Science, Vol. 9588). https://doi.org/10.1007/978-3-319-40385-4_6