Research On Software-based Remote Attestation Mechanism For Class-1 IoT Devices

With the rapid development of intelligent applications,a large number of IoT devices are deployed in transportation,logistics,medical care,agriculture,animal husbandry,security and other fields,undertaking important tasks such as online monitoring,positioning traceability,alarm linkage,command and scheduling,so it is particularly important to ensure the safety of these devices and ensure their normal work.Remote attestation is an important method of protecting these devices.It ensures the software integrity of these devices and detects whether they are attacked.There are a large number of Class-1 IoT devices in the Internet of Things,which lack security hardware and do not support additional hardware extensions,so that many security measures cannot be implemented in such devices.How to design a remote attestation scheme for these devices is a key problem.Existing remote attestation schemes suffer from various security and performance issues and are not suitable for Class-1 IoT devices.First,since Class-1 IoT devices do not have secure hardware,both hardware-based remote attestation schemes and hybrid remote attestation schemes cannot be applied.Second,there are random network delays in the wireless network environment,so strictly time-based remote attestation schemes cannot be applied in this environment.Third,the existing software-based remote attestation schemes are basically incapable of resisting proxy attacks in the wireless network environment.Fourth,some scholars put forward that the existing software-based remote attestation schemes only prove the flash memory(FLASH)space used to store the code,which is not enough.Attackers can still use return-oriented programming to hide malicious code,so all memories(RAM,ROM,EEPROM)must go through attestation.Finally,the remote attestation scheme can only verify the software integrity of the device,and how to confirm the identity of the attested Class-1 IoT device is also a key issue.In order to solve the above problems,this paper proposes an efficient and secure remote attestation scheme for Class-1 IoT devices.The main contributions of this paper are as follows.(1)This paper proposes a new software-based remote attestation scheme.The innovations of the proposed scheme are as follows: First,the proxy attack problem is solved by performing multiple rounds of checksum challenges and limiting the memory size of each round of proofs for different nodes.Second,the delayed observation mechanism is proposed to alleviate the limitation that traditional software-based remote attestation schemes cannot be applied to wireless network environments.Third,a filling memory at attestation-time mechanism is proposed,which fills and proves all memory in the process of remote attestation,and solves the attack problem of using return-oriented programming to hide malicious code without affecting the normal operation of the device.Fourth,the strict time control and reputation mechanism is proposed to ensure the security of the protocol,and the checksum function is designed based on the principle of allowing higher-performance verification node to undertake more work,which greatly reduces the time overhead of the scheme.Finally,the simulation implementation is carried out on the UNO-R3 IoT development board,which proves the effectiveness of the scheme.(2)Aiming at the problem that the software-based remote attestation scheme proposed in this paper can prove the software integrity of Class-1 IoT devices,but cannot prove the identity of the device,this paper adopts an improved clock skew based device fingerprint technology,and proposes a proactive clock skew based device fingerprinting scheme where the timestamp collection interval is chosen by the verification node.The proposed scheme combines the remote attestation scheme proposed in this paper,and takes the device information,checksum response and other contents as attribute-based device fingerprints,and comprehensively proposes an identity authentication scheme based on device fingerprint.The security analysis is carried out by the formal simulation tool Tamarin,and the results show that the proposed scheme can achieve mutual authentication and resist multiple protocol attacks.By establishing a cluster consisting of eight identical IoT devices,and simulating the solution,the usability and effectiveness of the solution are proved.