• Title/Summary/Keyword: Code Attestation

Search Result 5, Processing Time 0.018 seconds

Software Code Attestation for IoT Devices by Bluetooth Low Energy (저전력 블루투스를 통한 사물 인터넷 장치의 소프트웨어적인 코드 검증)

  • Kim, GeunYoung;Kang, Jeonil;Nyang, DaeHun;Lee, KyungHee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.5
    • /
    • pp.1211-1221
    • /
    • 2016
  • In IoT environment, making sure of trust of IoT devices is the most important one than others. The security threats of nowadays almost stay at exposure or tampering of information. However, if human life is strongly connected to the Internet by IoT devices, the security threats will probably target human directly. In case of devices, authentication is verified using the device-known private key. However, if attacker can modify the device physically, knowing the private key cannot be the evidence of trust any more. Thus, we need stronger verification method like code attestation. In this paper, we use software-based code attestation for efficiency. We also suggest secure code attestation method against copy of original code and implement it on embedded device and analyze its performance.

Mutual Attestation Protocol using Software-based Attestation Scheme in Sensor Network Environments (SWATT 기법을 이용한 센서 노드 간 상호 검증 프로토콜)

  • Heo, Kyung-Soo;Choi, Hyun-Woo;Jang, Hyun-Su;Eom, Young-Ik
    • The KIPS Transactions:PartC
    • /
    • v.15C no.1
    • /
    • pp.9-18
    • /
    • 2008
  • Prevention of attacks being made through program modification in sensor nodes is one of the important security issues. The software-based attestation technology that verifies the running code by checking whether it is modified or not in sensor nodes is being used to solve the attack problem. However, the current software-based attestation techniques are not appropriate in sensor networks because not only they are targeting static networks that member nodes does not move, but also they lacks consideration on the environment that the trusted verifier may not exist. This paper proposes a mutual attestation protocol that is suitable for sensor networks by using SWATT(Software-based ATTestation) technique. In the proposed protocol, sensor nodes periodically notify its membership to neighbor nodes and carry out mutual attestation procedure with neighbor nodes by using SWATT technique. With the proposed protocol, verification device detects the sensor nodes compromised by malicious attacks in the sensor network environments without trusted verifier and the sensor networks can be composed of only the verified nodes.

A lightweight detection mechanism of control flow modification for IoT devices (IoT 기기를 위한 경량의 소프트웨어 제어 변조 탐지 기법)

  • Pak, Dohyun;Lee, JongHyup
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.6
    • /
    • pp.1449-1453
    • /
    • 2015
  • Constrained IoT devices cannot achieve full coverage of software attestation even though the integrity of software is critical. The limited modification attacks on control flow of software aim at the shadow area uncovered in software attestation processes. In this paper, we propose a light-weight protection system that detects modification by injecting markers to program code.

Proactive Code Verification Protocol Using Empty Memory Deletion in Wireless Sensor Network (무선 센서 네트워크에서의 메모리 공간 삭제를 이용한 선행 코드-검증 기법)

  • Choi, Young-Geun;Kang, Jeon-Il;Lee, Kyung-Hee;Nyang, Dae-Hun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.4
    • /
    • pp.37-46
    • /
    • 2007
  • The authentication in WSN(Wireless Sensor Network) usually means the entity authentication, but owing to the data centric nature of sensor network, much more importance must be put on the authentication(or attestation) for code of sensor nodes. The naive approach to the attestation is for the verifier to compare the previously known memory contents of the target node with the actual memory contents in the target node, but it has a significant drawback. In this paper, we show what the drawback is and propose a countermeasure. This scheme can verify the whole memory space of the target node and provides extremely low probability of malicious code's concealment without depending on accurate timing information unlike SWATT. We provide two modes of this verification method: BS-to-node and node-to-node. The performance estimation in various environments is shown.

Secret Information Protection Scheme for Device in Home Network (홈 네트워크에서 디바이스를 위한 비밀 정보 보호 기법)

  • Maeng, Young-Jae;Kang, Jeon-Il;Mohaisen, Abedelaziz;Lee, Kyung-Hee;Nyang, Dae-Hun
    • The KIPS Transactions:PartC
    • /
    • v.14C no.4
    • /
    • pp.341-348
    • /
    • 2007
  • Even though the secret information stored in home device in home network must be handled very safely and carefully, we have no measure for protecting the secret information without additional hardware support. Since already many home devices without consideration of the security have been used, the security protection method for those devices have to be required. In this paper, we suggest two schemes that protect the security information using networking function without additional hardware support, and those hybrid method to supplement the defects of each scheme. We also consider the our proposals in the aspects of security and cost.