Has My IoT Device Been Hacked? Establishing Trust with Remote Attestation
IoT devices are becoming more prevalent in our daily lives, with applications ranging from smart homes to industrial automation systems. These devices are often connected to sensitive information and resources and are vulnerable to a wide range of security threats. For example, an adversary can use IoT devices to disrupt their operation, steal sensitive information, or gain unauthorized access to resources, and the consequence could be fatal.
Aimed at providing integrity guarantees, Remote Attestation (RA) has been proposed as a security technique that allows a remote entity to verify the trustworthiness of a potentially compromised device. RA checks the software integrity and detects unexpected modifications in device configuration. In particular, RA allows an untrusted device to generate reliable evidence about the current state and convince a remote Verifier that the device is running legitimate software. RA can be used to respond to security threats to minimize the impact of security breaches and ensure that devices are operating securely.
The RA protocols proposed in the literature make different assumptions regarding device architectures, attack scenarios, and security requirements. This talk first gives a brief introduction to IoT security and Remote Attestation. Then, it presents the most significant RA schemes in the IoT domain, including a three-fold discussion, (1) reviewing the working mechanisms of the state-of-the-art RA techniques in the IoT domain, (2) discussing the attestation mechanisms for IoT swarms, (3) presenting future challenges and promising research directions.