DARPA: Device Attestation Resilient to Physical Attacks

Ahmad Ibrahim, Ahmad-Reza Sadeghi, Gene Tsudik, Shaza Zeitouni

As embedded devices (under the guise of ”smart-whatever”) rapidly proliferate into many domains, they become attractive targets for malware. Protecting them from software and physical attacks becomes both important and challenging. Remote attestation is a basic tool for mitigating such attacks. It allows a trusted party (verifier) to remotely assess software integrity of a remote, untrusted, and possibly compromised, embedded device (prover).

Prior remote attestation methods focus on software (malware) attacks in a one-verifier/one-prover setting. Physical attacks on provers are generally ruled out as being either unrealistic or impossible to mitigate. In this paper, we argue that physical attacks must be considered, particularly, in the context of many provers, e.g., a network, of devices. Assuming that physical attacks require capture and subsequent temporary disablement of the victim device(s), we propose DARPA, a light-weight protocol that takes advantage of absence detection to identify suspected devices. DARPA is resilient against a very strong adversary and imposes minimal additional hardware requirements. We justify and identify DARPA’s design goals and evaluate its security and costs.

The proliferation of embedded devices is a double-edged sword: it enables a multitude of applications but, at the same, it provides ‘opportunities’ for compromising such unattended (and resource-limited) devices. The remedy has been to leverage “remote attestation” techniques: a so-call “verifier” (the trusted entity) executes a protocol with a “prover” (the potentially compromised device), to assess the integrity of the software running on the prover. The challenge is how to execute such remote attestation protocols efficiently for a large system (network) of possibly heterogeneous devices; simply put, with overall cost lower than running a series of individual remote attestations. The paper considers most notably the case of physical compromise of the embedded devices. The intuition of the related defence proposed here lies in that any physical compromise will result in a sizeable, perceptible disconnection of the device. Then, software and software-physical compromise (“hybrid”) attacks are also considered. The review process appreciated the simplicity and the extent of the problem treatment offered by the paper, while, at the same time, it identified the limits of the proposed schemes. All in all, the feeling was that this was a contribution that can generate interest within the WiSec community.