TOCTOU Resilient Attestation for IoT Networks (Full Version)

TL;DR

This paper introduces TRAIN, a novel network attestation method for IoT devices that reduces TOCTOU vulnerabilities, operates efficiently with constant-time checks, and remains resilient against multiple compromised devices.

Contribution

The paper presents TRAIN, a new attestation scheme that minimizes TOCTOU windows, ensures constant-time verification, and enhances resilience in IoT networks.

Findings

TRAIN significantly reduces TOCTOU vulnerability windows.

The scheme maintains constant-time per-device attestation.

Prototype evaluation shows practical viability and efficiency.

Abstract

Internet-of-Things (IoT) devices are increasingly common in both consumer and industrial settings, often performing safety-critical functions. Although securing these devices is vital, manufacturers typically neglect security issues or address them as an afterthought. This is of particular importance in IoT networks, e.g., in the industrial automation settings. To this end, network attestation -- verifying the software state of all devices in a network -- is a promising mitigation approach. However, current network attestation schemes have certain shortcomings: (1) lengthy TOCTOU (Time-Of-Check-Time-Of-Use) vulnerability windows, (2) high latency and resource overhead, and (3) susceptibility to interference from compromised devices. To address these limitations, we construct TRAIN (TOCTOU-Resilient Attestation for IoT Networks), an efficient technique that minimizes TOCTOU windows, ensures constant-time per-device attestation, and maintains resilience even with multiple compromised devices. We demonstrate TRAIN's viability and evaluate its performance via a fully functional and publicly available prototype.