PURE: Using Verified Remote Attestation to Obtain Proofs of Update, Reset and Erasure in low-End Embedded Systems

Remote Attestation ($\mathcal{R}\mathrm{A}$) is a security service that enables a trusted verifier ($\mathcal{V}{\text{rf}}$) to measure current memory state of an untrusted remote prover ($\mathcal{P}{\text{rv}}$). If correctly implemented, $\mathcal{R}\mathrm{A}$ allows $\mathcal{V}{\text{rf}}$ to remotely detect if $\mathcal{P}{\text{rv}}$'s memory reflects a compromised state. However, $\mathcal{R}{\mathrm{A}}$ by itself offers no means of remedying the situation once $\mathcal{P}$ rv is determined to be compromised. In this work we show how a secure $\mathcal{R}\mathrm{A}$ architecture can be extended to enable important and useful security services for low-end embedded devices. In particular, we extend the formally verified $\mathcal{R}\mathrm{A}$ architecture, VRASED, to implement provably secure software update, erasure, and system-wide resets. When (serially) composed, these features guarantee to $\mathcal{V}{\text{rf}}$ that a remote $\mathcal{P}{\text{rv}}$ has been updated to a functional and malware-free state, and was properly initialized after such process. These services are provably secure against an adversary (represented by malware) that compromises $\mathcal{P}{\text{rv}}$ and exerts full control of its software state. Our results demonstrate that such services incur minimal additional overhead (0.4% extra hardware footprint, and 100-s milliseconds to generate combined proofs of update, erasure, and reset), making them practical even for the lowest-end embedded devices, e.g., those based on MSP430 or AVR ATMega micro-controller units (MCUs). All changes introduced by our new services to VRASED trusted components are also formally verified.