LICAPA: Lightweight collective attestation for physical attacks detection in highly dynamic networks

IF 3 3区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Pervasive and Mobile Computing Pub Date : 2024-02-21 DOI:10.1016/j.pmcj.2024.101903

Ziyu Wang , Cong Sun

{"title":"LICAPA: Lightweight collective attestation for physical attacks detection in highly dynamic networks","authors":"Ziyu Wang , Cong Sun","doi":"10.1016/j.pmcj.2024.101903","DOIUrl":null,"url":null,"abstract":"<div><p>UAVs or vehicular networks have been extensively used in different domains. Such a system network consists of various heterogeneous and mobile devices operating autonomously and cooperatively to provide flexible services. However, ensuring devices’ runtime integrity has always been critical to such highly dynamic and disruptive networks. Collective attestation is a popular technique in ensuring service integrity on remote devices. However, the physical attacks pose significant threats to the enforcement of the runtime integrity, and the existing detection approaches raise a considerable number of false positives, which impede the robustness of the network. We propose LICAPA, a collective attestation framework for detecting physical attacks with high accuracy. LICAPA can detect a device under physical attack with the timestamps signed by other recently-attested devices. Such a proof-from-others mechanism provides more knowledge about the compromised device for physical attack detection. It reduces the potential false positives compared with the state-of-the-art approaches. LICAPA provides a physical-adversary-tolerant runtime device joining mechanism and a new attestation report aggregation scheme to reduce the storage and communication cost of the device. On the prototype implementation of the trust anchor, we evaluate LICAPA’s computational costs. The simulation results demonstrate LICAPA’s low communication cost and long resistance time against false detection on physical attack. LICAPA reduces the overall swarm attestation cost by over 20% compared with SALAD (<em>Secure and Lightweight Attestation of Highly Dynamic and Disruptive Networks</em>) and PASTA (<em>Practical Attestation Protocol for Autonomous Embedded Systems</em>).</p></div>","PeriodicalId":49005,"journal":{"name":"Pervasive and Mobile Computing","volume":null,"pages":null},"PeriodicalIF":3.0000,"publicationDate":"2024-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1574119224000294/pdfft?md5=16eb6fb6c8f2a44387364de5b0970a87&pid=1-s2.0-S1574119224000294-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Pervasive and Mobile Computing","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1574119224000294","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

UAVs or vehicular networks have been extensively used in different domains. Such a system network consists of various heterogeneous and mobile devices operating autonomously and cooperatively to provide flexible services. However, ensuring devices’ runtime integrity has always been critical to such highly dynamic and disruptive networks. Collective attestation is a popular technique in ensuring service integrity on remote devices. However, the physical attacks pose significant threats to the enforcement of the runtime integrity, and the existing detection approaches raise a considerable number of false positives, which impede the robustness of the network. We propose LICAPA, a collective attestation framework for detecting physical attacks with high accuracy. LICAPA can detect a device under physical attack with the timestamps signed by other recently-attested devices. Such a proof-from-others mechanism provides more knowledge about the compromised device for physical attack detection. It reduces the potential false positives compared with the state-of-the-art approaches. LICAPA provides a physical-adversary-tolerant runtime device joining mechanism and a new attestation report aggregation scheme to reduce the storage and communication cost of the device. On the prototype implementation of the trust anchor, we evaluate LICAPA’s computational costs. The simulation results demonstrate LICAPA’s low communication cost and long resistance time against false detection on physical attack. LICAPA reduces the overall swarm attestation cost by over 20% compared with SALAD (Secure and Lightweight Attestation of Highly Dynamic and Disruptive Networks) and PASTA (Practical Attestation Protocol for Autonomous Embedded Systems).

查看原文本刊更多论文

LICAPA：在高动态网络中检测物理攻击的轻量级集体认证

无人机或车载网络已广泛应用于不同领域。这种系统网络由各种异构的移动设备组成，这些设备自主运行并相互配合，以提供灵活的服务。然而，确保设备运行时的完整性一直是此类高度动态和破坏性网络的关键。集体验证是确保远程设备服务完整性的一种流行技术。然而，物理攻击对运行时完整性的执行构成了重大威胁，而现有的检测方法会产生大量误报，从而阻碍网络的稳健性。我们提出了 LICAPA，这是一种用于高精度检测物理攻击的集体认证框架。LICAPA 可以利用其他最近通过验证的设备签署的时间戳来检测受到物理攻击的设备。这种 "他人证明 "机制为物理攻击检测提供了更多关于受攻击设备的知识。与最先进的方法相比，它能减少潜在的误报。LICAPA 提供了一种物理对抗容忍运行时设备加入机制和一种新的证明报告聚合方案，以降低设备的存储和通信成本。在信任锚的原型实现上，我们评估了 LICAPA 的计算成本。仿真结果表明，LICAPA 的通信成本低、抗物理攻击误检测时间长。与 SALAD（高动态和破坏性网络的安全和轻量级认证）和 PASTA（自主嵌入式系统的实用认证协议）相比，LICAPA 可将整个蜂群认证成本降低 20% 以上。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Pervasive and Mobile Computing COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS

CiteScore

7.70

自引率

2.30%

发文量

审稿时长

68 days

期刊介绍： As envisioned by Mark Weiser as early as 1991, pervasive computing systems and services have truly become integral parts of our daily lives. Tremendous developments in a multitude of technologies ranging from personalized and embedded smart devices (e.g., smartphones, sensors, wearables, IoTs, etc.) to ubiquitous connectivity, via a variety of wireless mobile communications and cognitive networking infrastructures, to advanced computing techniques (including edge, fog and cloud) and user-friendly middleware services and platforms have significantly contributed to the unprecedented advances in pervasive and mobile computing. Cutting-edge applications and paradigms have evolved, such as cyber-physical systems and smart environments (e.g., smart city, smart energy, smart transportation, smart healthcare, etc.) that also involve human in the loop through social interactions and participatory and/or mobile crowd sensing, for example. The goal of pervasive computing systems is to improve human experience and quality of life, without explicit awareness of the underlying communications and computing technologies. The Pervasive and Mobile Computing Journal (PMC) is a high-impact, peer-reviewed technical journal that publishes high-quality scientific articles spanning theory and practice, and covering all aspects of pervasive and mobile computing and systems.