Remote Attestation for Embedded Systems

Markku Kylänpää; Aarne Rantala

doi:10.1007/978-3-319-40385-4_6

Remote Attestation for Embedded Systems

Markku Kylänpää^*
, Aarne Rantala

^*Corresponding author for this work

VTT (former employee or external)

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

5 Citations (Scopus)

Abstract

Large distributed systems, like Industrial Control Systems, should be able to verify that devices that are connected to trusted entities are real authorized network nodes running unmodified firmware. Remote attestation is a mechanism that can provide limited confidence of device identity and integrity. Remote attestation allows a remote verifier, e.g. a service provider, to verify integrity of the connecting system before providing a service. The current standard practice in remote attestation, defined by the Trusted Computing Group (TCG), is based on integrity measurements whose results are stored into an isolated trusted component called Trusted Platform Module (TPM) inside the system to be attested. The proof-of-concept scenario implementing similar functionality using an ARM processor secure environment is discussed. The implementation is done using ARM processor emulator which includes emulation for ARM TrustZone Trusted Execution Environment (TEE) providing isolated trusted component functionality. Challenges and security issues of the chosen approach are discussed.

Original language	English
Title of host publication	Security of Industrial Control Systems and Cyber Physical Systems
Subtitle of host publication	CyberICS 2015, WOS-CPS 2015
Publisher	Springer
Number of pages	15
ISBN (Electronic)	978-3-319-40385-4
ISBN (Print)	978-3-319-40384-7
DOIs	https://doi.org/10.1007/978-3-319-40385-4_6
Publication status	Published - 2015
MoE publication type	A4 Article in a conference publication
Event	Conference on Cybersecurity of Industrial Control Systems, Workshop on the Security of Cyper Physical Systems, CyberICS 2015, WOS-CPS 2015 - Vienna, Austria Duration: 21 Sept 2015 → 22 Sept 2015

Publication series

Series	Lecture Notes in Computer Science
Volume	9588

Conference

Conference	Conference on Cybersecurity of Industrial Control Systems, Workshop on the Security of Cyper Physical Systems, CyberICS 2015, WOS-CPS 2015
Abbreviated title	CyberICS 2015, WOS-CPS 2015
Country/Territory	Austria
City	Vienna
Period	21/09/15 → 22/09/15

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 9 Industry, Innovation, and Infrastructure

Keywords

embedded systems
industrial control systems
internet of things
cyber-physical systems
security
attestation
trusted execution environment

Access to Document

10.1007/978-3-319-40385-4_6

Cite this

@inproceedings{9a707626213b4dad99bdde5a4db8fe87,

title = "Remote Attestation for Embedded Systems",

abstract = "Large distributed systems, like Industrial Control Systems, should be able to verify that devices that are connected to trusted entities are real authorized network nodes running unmodified firmware. Remote attestation is a mechanism that can provide limited confidence of device identity and integrity. Remote attestation allows a remote verifier, e.g. a service provider, to verify integrity of the connecting system before providing a service. The current standard practice in remote attestation, defined by the Trusted Computing Group (TCG), is based on integrity measurements whose results are stored into an isolated trusted component called Trusted Platform Module (TPM) inside the system to be attested. The proof-of-concept scenario implementing similar functionality using an ARM processor secure environment is discussed. The implementation is done using ARM processor emulator which includes emulation for ARM TrustZone Trusted Execution Environment (TEE) providing isolated trusted component functionality. Challenges and security issues of the chosen approach are discussed.",

keywords = "embedded systems, industrial control systems, internet of things, cyber-physical systems, security, attestation, trusted execution environment",

author = "Markku Kyl{\"a}np{\"a}{\"a} and Aarne Rantala",

note = "Project code: 100664 ; Conference on Cybersecurity of Industrial Control Systems, Workshop on the Security of Cyper Physical Systems, CyberICS 2015, WOS-CPS 2015, CyberICS 2015, WOS-CPS 2015 ; Conference date: 21-09-2015 Through 22-09-2015",

year = "2015",

doi = "10.1007/978-3-319-40385-4\_6",

language = "English",

isbn = "978-3-319-40384-7",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

booktitle = "Security of Industrial Control Systems and Cyber Physical Systems",

address = "Germany",

}

Kylänpää, M & Rantala, A 2015, Remote Attestation for Embedded Systems. in Security of Industrial Control Systems and Cyber Physical Systems : CyberICS 2015, WOS-CPS 2015. Springer, Lecture Notes in Computer Science, vol. 9588, Conference on Cybersecurity of Industrial Control Systems, Workshop on the Security of Cyper Physical Systems, CyberICS 2015, WOS-CPS 2015, Vienna, Austria, 21/09/15. https://doi.org/10.1007/978-3-319-40385-4_6

Remote Attestation for Embedded Systems. / Kylänpää, Markku; Rantala, Aarne.
Security of Industrial Control Systems and Cyber Physical Systems : CyberICS 2015, WOS-CPS 2015. Springer, 2015. (Lecture Notes in Computer Science, Vol. 9588).

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Remote Attestation for Embedded Systems

AU - Kylänpää, Markku

AU - Rantala, Aarne

N1 - Project code: 100664

PY - 2015

Y1 - 2015

N2 - Large distributed systems, like Industrial Control Systems, should be able to verify that devices that are connected to trusted entities are real authorized network nodes running unmodified firmware. Remote attestation is a mechanism that can provide limited confidence of device identity and integrity. Remote attestation allows a remote verifier, e.g. a service provider, to verify integrity of the connecting system before providing a service. The current standard practice in remote attestation, defined by the Trusted Computing Group (TCG), is based on integrity measurements whose results are stored into an isolated trusted component called Trusted Platform Module (TPM) inside the system to be attested. The proof-of-concept scenario implementing similar functionality using an ARM processor secure environment is discussed. The implementation is done using ARM processor emulator which includes emulation for ARM TrustZone Trusted Execution Environment (TEE) providing isolated trusted component functionality. Challenges and security issues of the chosen approach are discussed.

AB - Large distributed systems, like Industrial Control Systems, should be able to verify that devices that are connected to trusted entities are real authorized network nodes running unmodified firmware. Remote attestation is a mechanism that can provide limited confidence of device identity and integrity. Remote attestation allows a remote verifier, e.g. a service provider, to verify integrity of the connecting system before providing a service. The current standard practice in remote attestation, defined by the Trusted Computing Group (TCG), is based on integrity measurements whose results are stored into an isolated trusted component called Trusted Platform Module (TPM) inside the system to be attested. The proof-of-concept scenario implementing similar functionality using an ARM processor secure environment is discussed. The implementation is done using ARM processor emulator which includes emulation for ARM TrustZone Trusted Execution Environment (TEE) providing isolated trusted component functionality. Challenges and security issues of the chosen approach are discussed.

KW - embedded systems

KW - industrial control systems

KW - internet of things

KW - cyber-physical systems

KW - security

KW - attestation

KW - trusted execution environment

U2 - 10.1007/978-3-319-40385-4_6

DO - 10.1007/978-3-319-40385-4_6

M3 - Conference article in proceedings

SN - 978-3-319-40384-7

T3 - Lecture Notes in Computer Science

BT - Security of Industrial Control Systems and Cyber Physical Systems

PB - Springer

T2 - Conference on Cybersecurity of Industrial Control Systems, Workshop on the Security of Cyper Physical Systems, CyberICS 2015, WOS-CPS 2015

Y2 - 21 September 2015 through 22 September 2015

ER -

Remote Attestation for Embedded Systems

Abstract

Publication series

Conference

UN SDGs

Keywords

Access to Document

Fingerprint

Cite this