Code Attestation with Compressed Instruction Code
Benjamin Vetter, Dirk Westhoff
TL;DR
This paper proposes a software-based code attestation protocol that uses compressed instruction code and microcontroller architectures to enhance security against compression attacks, offering a potentially cost-effective alternative to hardware solutions.
Contribution
It introduces a novel approach combining compressed instruction code with microcontroller architectures for secure code attestation, addressing limitations of existing software-only methods.
Findings
The protocol is robust against compression attacks.
Using microcontroller architectures enables secure reading of compressed code.
Cost/benefit analysis favors the proposed method over hardware solutions.
Abstract
Available purely software based code attestation protocols have recently been shown to be cheatable. In this work we propose to upload compressed instruction code to make the code attestation protocol robust against a so called compresssion attack. The described secure code attestation protocol makes use of recently proposed microcontroller architectures for reading out compressed instruction code. We point out that the proposed concept only makes sense if the provided cost/benefit ratio for the aforementioned microcontroller is higher than an alternative hardware based solution requiring a tamperresistant hardware module.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Cryptographic Implementations and Security · Advanced Malware Detection Techniques