On the Difficulty of Software-Based Attestation of Embedded Devices
Aurélien Francillon (Eth Zurich)
Device attestation is an essential feature in many security protocols and applications. The lack of dedicated hardware and the impossibility to physically access devices to be attested, makes attestation of embedded devices (such as Wireless Sensor Networks) a prominent challenge. Several software-based attestation techniques have been proposed that either rely on tight time constraints or on the lack of free space to store malicious code. After some introductory discussion on malicious techniques for low-end embedded devices, we will describe the shortcomings of existing software-based attestation techniques. We first present two generic attacks, one based on a return-oriented rootkit and the other on code compression. We further describe specific attacks on two existing proposals, namely SWATT and ICE-based schemes, and argue about the difficulty of fixing them. All the presented attacks were implemented and validated on commodity sensors. Finally, we will briefly discuss some possible countermeasures.