SIMPLE: A Remote Attestation Approach for Resource-constrained IoT devices
Abstract – Remote Attestation (RA) is a security service that helps in detecting malware-infected IoT devices through remotely verifying their software integrity by a trusted party. There are three main types of RA: software (SW)-, hardware (HW)-, and hybrid (SW/HW)-based. Hybrid techniques obtain secure RA via minimal hardware requirements imposed on the architectures of existing microcontrollers (MCUs). In recent years, considerable attention has been devoted to hybrid techniques since prior software-based ones lack concrete security guarantees, while hardware-based approaches are too costly for low-end MCUs. A key problem is that a significant number of deployed IoT devices neither offer minimal hardware requirements nor support hardware modifications needed for hybrid RA. This paper bridges the gap between software-based and hybrid approaches by proposing a novel RA scheme based on software virtualization. In particular, we meet the minimal hardware requirements needed for secure RA via reliable software. The proposed scheme, called SIMPLE, depends on a software-based memory isolation technique. A high level of reliability is achieved by formally verifying certain safety and correctness properties of the entire software architecture of SIMPLE. Furthermore, we use SIMPLE to construct SIMPLE+, an efficient swarm attestation scheme for static and dynamic heterogeneous IoT device networks. We implement and evaluate SIMPLE and SIMPLE+ on AVR architecture, a common MCU platform.