Remote Attestation: A Literature Review

TL;DR

This literature review comprehensively examines the current state of remote attestation techniques for IoT devices, including hardware/software paradigms, extensions, and emerging swarm attestation methods.

Contribution

It provides a detailed analysis of existing remote attestation protocols, highlighting recent advances in formal verification, swarm attestation, and control-flow attestation.

Findings

Survey of software, hardware, and hybrid attestation methods

Evaluation of formal verification approaches for RA protocols

Overview of swarm and control-flow attestation techniques

Abstract

With the rising number of IoT devices, the security of such devices becomes increasingly important. Remote attestation (RA) is a distinct security service that allows a remote verifer to reason about the state of an untrusted remote prover (device). Paradigms of remote attestation span from exclusively software, in software-based attestation, to exclusively hardware-based. In between the extremes are hybrid attestation that utilize the enhanced security of secure hardware components in combination with the lower cost of purely software-based implementations. Traditional remote attestation protocols are concerned with reasoning about the state of a prover. However, extensions to remote attestation also exist, such as code updates, device resets, erasure and attestation of the device's run-time state. Furthermore, as interconnected IoT devices are becoming increasingly more popular, so is the need for attestation of device swarms. We will describe and evaluate the state-of-the-art for remote attestation, which covers singular attestation of devices as well as newer research in the area of formally verified RA protocols, swarm attestation and control-flow attestation.