Tiered attestation for Internet-of-Things (IoT) devices

Abstract

Remote attestation is the procedure in which a relying party verifies the environment in which a device is carrying out cryptographic operations. Relying parties can leverage attestation data as part of their authentication and authorization procedures. However many Internet-of-Things (IoT) devices either do not have direct connectivity to relying parties, or may simply not be able to provide reliable attestation data. This paper introduces the concept of tiered attestation, where edge routing entities (i.e. gateways) can augment attestation data for relying parties while still accounting for limitations in the actual IoT devices.