RADIS: Remote Attestation of Distributed IoT Services

TL;DR

RADIS is a protocol that verifies the trustworthiness of distributed IoT services by attesting only the involved services and detecting malicious interactions through control-flow attestation, enhancing security in interoperable IoT systems.

Contribution

It introduces a novel remote attestation protocol specifically designed for distributed IoT services, focusing on service-level integrity rather than entire device memory.

Findings

Effective detection of malicious service interactions

Validation of distributed IoT service integrity

Improved security in interoperable IoT environments

Abstract

Remote attestation is a security technique through which a remote trusted party (i.e., Verifier) checks the trustworthiness of a potentially untrusted device (i.e., Prover). In the Internet of Things (IoT) systems, the existing remote attestation protocols propose various approaches to detect the modified software and physical tampering attacks. However, in an interoperable IoT system, in which IoT devices interact autonomously among themselves, an additional problem arises: a compromised IoT service can influence the genuine operation of other invoked service, without changing the software of the latter. In this paper, we propose a protocol for Remote Attestation of Distributed IoT Services (RADIS), which verifies the trustworthiness of distributed IoT services. Instead of attesting the complete memory content of the entire interoperable IoT devices, RADIS attests only the services involved in performing a certain functionality. RADIS relies on a control-flow attestation technique to detect IoT services that perform an unexpected operation due to their interactions with a malicious remote service. Our experiments show the effectiveness of our protocol in validating the integrity status of a distributed IoT service.