ENOLA: Efficient Control-Flow Attestation for Embedded Systems

TL;DR

ENOLA is a hardware-assisted, efficient control-flow attestation method for embedded systems that reduces data transmission and enhances security against memory attacks.

Contribution

ENOLA introduces a novel authenticator with linear space complexity and leverages hardware features for efficient measurement in low-end microcontrollers.

Findings

Reduces data transmission significantly.

Achieves lower or comparable performance to existing solutions.

Provides enhanced security with memory corruption attack resistance.

Abstract

Microcontroller-based embedded systems are vital in daily life, but are especially vulnerable to control-flow hijacking attacks due to hardware and software constraints. Control-Flow Attestation (CFA) aims to precisely attest the execution path of a program to a remote verifier. However, existing CFA solutions face challenges with large measurement and/or trace data, limiting these solutions to small programs. In addition, slow software-based measurement calculations limit their feasibility for microcontroller systems. In this paper, we present ENOLA, an efficient control-flow attestation solution for low-end embedded systems. ENOLA introduces a novel authenticator that achieves linear space complexity. Moreover, ENOLA capitalizes on the latest hardware-assisted message authentication code computation capabilities found in commercially-available devices for measurement computation. ENOLA employs a trusted execution environment, and allocates general-purpose registers to thwart memory corruption attacks. We have developed the ENOLA compiler through LLVM passes and attestation engine on the ARMv8.1-M architecture. Our evaluations demonstrate ENOLA's effectiveness in minimizing data transmission, while achieving lower or comparable performance to the existing works.