SCAtt-man:用户理解的嵌入式设备基于侧信道的远程认证

Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy Pub Date : 2023-04-24 DOI:10.1145/3577923.3583652

Sebastian Surminski, Christian Niesler, Sebastian Linsner, Lucas Davi, Christian A. Reuter

{"title":"SCAtt-man:用户理解的嵌入式设备基于侧信道的远程认证","authors":"Sebastian Surminski, Christian Niesler, Sebastian Linsner, Lucas Davi, Christian A. Reuter","doi":"10.1145/3577923.3583652","DOIUrl":null,"url":null,"abstract":"From the perspective of end-users, IoT devices behave like a black box: As long as they work as intended, users will not detect any compromise. Users have minimal control over the software. Hence, it is very likely that the user misses that illegal recordings and transmissions occur if a security camera or a smart speaker is hacked. In this paper, we present SCAtt-man, the first remote attestation scheme that is specifically designed with the user in mind. SCAtt-man deploys software-based attestation to check the integrity of remote devices, allowing users to verify the integrity of IoT devices with their smartphones. The key novelty of SCAtt-man resides in the utilization of user-observable side-channels such as light or sound in the attestation protocol. Our proof-of-concept implementation targets a smart speaker and an attestation protocol that is based on a data-over-sound protocol. Our evaluation demonstrates the effectiveness of \\toolname against a variety of attacks and its usability based on a user study with 20 participants.","PeriodicalId":387479,"journal":{"name":"Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy","volume":"104 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"SCAtt-man: Side-Channel-Based Remote Attestation for Embedded Devices that Users Understand\",\"authors\":\"Sebastian Surminski, Christian Niesler, Sebastian Linsner, Lucas Davi, Christian A. Reuter\",\"doi\":\"10.1145/3577923.3583652\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"From the perspective of end-users, IoT devices behave like a black box: As long as they work as intended, users will not detect any compromise. Users have minimal control over the software. Hence, it is very likely that the user misses that illegal recordings and transmissions occur if a security camera or a smart speaker is hacked. In this paper, we present SCAtt-man, the first remote attestation scheme that is specifically designed with the user in mind. SCAtt-man deploys software-based attestation to check the integrity of remote devices, allowing users to verify the integrity of IoT devices with their smartphones. The key novelty of SCAtt-man resides in the utilization of user-observable side-channels such as light or sound in the attestation protocol. Our proof-of-concept implementation targets a smart speaker and an attestation protocol that is based on a data-over-sound protocol. Our evaluation demonstrates the effectiveness of \\\\toolname against a variety of attacks and its usability based on a user study with 20 participants.\",\"PeriodicalId\":387479,\"journal\":{\"name\":\"Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy\",\"volume\":\"104 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-04-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3577923.3583652\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3577923.3583652","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

从最终用户的角度来看，物联网设备的行为就像一个黑匣子:只要它们按预期工作，用户就不会发现任何危害。用户对软件的控制最小。因此，如果监控摄像头或智能音箱被黑客入侵，用户很可能会忽略非法录音和传输。在本文中，我们提出了SCAtt-man，这是第一个专门为用户设计的远程认证方案。SCAtt-man部署基于软件的认证来检查远程设备的完整性，允许用户通过智能手机验证物联网设备的完整性。SCAtt-man的关键新颖之处在于在认证协议中利用了用户可观察的侧信道，如光或声音。我们的概念验证实现针对智能扬声器和基于数据-声音协议的认证协议。我们的评估证明了\toolname对各种攻击的有效性及其基于20名参与者的用户研究的可用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

SCAtt-man: Side-Channel-Based Remote Attestation for Embedded Devices that Users Understand

From the perspective of end-users, IoT devices behave like a black box: As long as they work as intended, users will not detect any compromise. Users have minimal control over the software. Hence, it is very likely that the user misses that illegal recordings and transmissions occur if a security camera or a smart speaker is hacked. In this paper, we present SCAtt-man, the first remote attestation scheme that is specifically designed with the user in mind. SCAtt-man deploys software-based attestation to check the integrity of remote devices, allowing users to verify the integrity of IoT devices with their smartphones. The key novelty of SCAtt-man resides in the utilization of user-observable side-channels such as light or sound in the attestation protocol. Our proof-of-concept implementation targets a smart speaker and an attestation protocol that is based on a data-over-sound protocol. Our evaluation demonstrates the effectiveness of \toolname against a variety of attacks and its usability based on a user study with 20 participants.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy

自引率

0.00%

发文量