Formally Verified Hardware/Software Co-Design for Remote Attestation
In this work, we take the first step towards formal verification of RA by designing and verifying an architecture called VRASED: Verifiable Remote Attestation for Simple Embedded Devices. VRASED instantiates a hybrid (hardware/software -- HW/SW) RA co-design aimed at low-end embedded systems, e.g., simple IoT devices. VRASED provides a level of security comparable to that in HW-based approaches, while relying on SW to minimize additional HW costs. Since security properties must be jointly guaranteed by HW and SW, verification of an architecture such as VRASED is a challenging task, which has never been attempted before in the context of RA. We believe that VRASED, as described in this paper, is the first formally verified RA scheme. To the best of our knowledge, our efforts also yield the first formal verification of a HW/SW implementation of any security service. To demonstrate VRASED's practicality, we instantiate and evaluate it on a commodity platform (Texas Instrument's MSP430) and make the implementation publicly available. We believe that this work represents an important advance in security of embedded systems and IoT devices by demonstrating maturity of hybrid RA and its near-readiness for practical adoption.
READ FULL TEXT