Secure Remote Credential Management with Mutual Attestation for Constrained Sensing Platforms with TEEs

04/27/2018
by   Carlton Shepherd, et al.
0

Trusted Execution Environments (TEEs) are rapidly emerging as the go-to root of trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution -- surpassing related initiatives, such as Secure Elements, for constrained devices. TEEs are envisaged to provide sensitive IoT deployments with robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity via remote attestation. However, the challenge of remotely managing credentials between TEEs remains largely unaddressed in existing literature. Here, credentials must remain protected against untrusted system elements and transmitted over a secure channel with bi-directional trust assurances of their authenticity and operating states. In this paper, we present novel protocols for four key areas of remote TEE credential management using mutual attestation: backups, updates, migration, and revocation. The proposed protocols are agnostic to the TEE implementation and network architecture, developed in line with the requirements and threat model of IoT TEEs, and subjected to formal symbolic verification using Scyther, which found no attacks.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
02/17/2021

LIRA-V: Lightweight Remote Attestation for Constrained RISC-V Devices

This paper presents LIRA-V, a lightweight system for performing remote a...
research
12/11/2017

EmLog: Tamper-Resistant System Logging for Constrained Devices with TEEs

Remote mobile and embedded devices are used to deliver increasingly impa...
research
01/16/2021

SEDAT:Security Enhanced Device Attestation with TPM2.0

Remote attestation is one of the ways to verify the state of an untruste...
research
08/23/2023

PARseL: Towards a Verified Root-of-Trust over seL4

Widespread adoption and growing popularity of embedded/IoT/CPS devices m...
research
12/18/2020

An Infrastructure for Faithful Execution of Remote Attestation Protocols

Remote attestation is an emerging technology for establishing trust in a...
research
03/31/2020

Trust Management as a Service: Enabling Trusted Execution in the Face of Byzantine Stakeholders

Trust is arguably the most important challenge for critical services bot...
research
09/25/2020

Walnut: A low-trust trigger-action platform

Trigger-action platforms are a new type of system that connect IoT devic...

Please sign up or login with your details

Forgot password? Click here to reset