测试 SPDM 的极限:间歇性连接设备的身份验证

IF 4.8 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
Renan C.A. Alves, Otávio F. Freitas, Bruno C. Albertini, Marcos A. Simplicio Jr.
{"title":"测试 SPDM 的极限:间歇性连接设备的身份验证","authors":"Renan C.A. Alves,&nbsp;Otávio F. Freitas,&nbsp;Bruno C. Albertini,&nbsp;Marcos A. Simplicio Jr.","doi":"10.1016/j.cose.2024.104142","DOIUrl":null,"url":null,"abstract":"<div><div>The Security Protocol and Data Model (SPDM) is an open standard for authentication, attestation, and key exchange among hardware units, such as CPUs and peripheral components. In principle, SPDM was designed to operate over a somewhat stable communication channel, meaning that connection losses usually require the re-execution of the entire protocol. This puts into question SPDM’s suitability for battery-powered devices, which may keep only intermittent communications aiming to save energy. To address this question, we evaluate different authentication approaches that build upon and extend SPDM’s native key bootstrapping capabilities to handle intermittent authentication. In particular, we show that the combination of SPDM and a Time-based One-Time Password (TOTP) protocol is a promising solution for this scenario. We analyze the performance of the proposed authentication schemes using a proof-of-concept virtual device. The TOTP-based scheme was shown to be the fastest, the reconnection step being at least twice and up to <span><math><mrow><mn>900</mn><mo>×</mo></mrow></math></span> faster than possible straightforward applications of SPDM. Also, our scheme requires less memory to operate. Finally, we discuss the possibility of integrating intermittent authentication capabilities into the SPDM standard itself.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104142"},"PeriodicalIF":4.8000,"publicationDate":"2024-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Testing the limits of SPDM: Authentication of intermittently connected devices\",\"authors\":\"Renan C.A. Alves,&nbsp;Otávio F. Freitas,&nbsp;Bruno C. Albertini,&nbsp;Marcos A. Simplicio Jr.\",\"doi\":\"10.1016/j.cose.2024.104142\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The Security Protocol and Data Model (SPDM) is an open standard for authentication, attestation, and key exchange among hardware units, such as CPUs and peripheral components. In principle, SPDM was designed to operate over a somewhat stable communication channel, meaning that connection losses usually require the re-execution of the entire protocol. This puts into question SPDM’s suitability for battery-powered devices, which may keep only intermittent communications aiming to save energy. To address this question, we evaluate different authentication approaches that build upon and extend SPDM’s native key bootstrapping capabilities to handle intermittent authentication. In particular, we show that the combination of SPDM and a Time-based One-Time Password (TOTP) protocol is a promising solution for this scenario. We analyze the performance of the proposed authentication schemes using a proof-of-concept virtual device. The TOTP-based scheme was shown to be the fastest, the reconnection step being at least twice and up to <span><math><mrow><mn>900</mn><mo>×</mo></mrow></math></span> faster than possible straightforward applications of SPDM. Also, our scheme requires less memory to operate. Finally, we discuss the possibility of integrating intermittent authentication capabilities into the SPDM standard itself.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"148 \",\"pages\":\"Article 104142\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2024-10-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404824004474\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824004474","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

安全协议和数据模型(SPDM)是一种开放式标准,用于 CPU 和外围设备等硬件单元之间的身份验证、证明和密钥交换。从原理上讲,SPDM 是为在一定程度上稳定的通信信道上运行而设计的,这意味着连接中断通常需要重新执行整个协议。这就对 SPDM 是否适用于电池供电设备提出了质疑,因为电池供电设备可能只保持间歇性通信,以节省能源。为了解决这个问题,我们评估了不同的验证方法,这些方法基于并扩展了 SPDM 的本地密钥引导功能,以处理间歇性验证。我们特别指出,SPDM 和基于时间的一次性密码 (TOTP) 协议的结合是解决这种情况的一个很有前景的方案。我们使用概念验证虚拟设备分析了所建议的验证方案的性能。结果表明,基于 TOTP 的方案速度最快,其重新连接步骤比直接应用 SPDM 至少快两倍,最多可快 900 倍。此外,我们的方案运行所需的内存更少。最后,我们讨论了将间歇验证功能集成到 SPDM 标准本身的可能性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Testing the limits of SPDM: Authentication of intermittently connected devices
The Security Protocol and Data Model (SPDM) is an open standard for authentication, attestation, and key exchange among hardware units, such as CPUs and peripheral components. In principle, SPDM was designed to operate over a somewhat stable communication channel, meaning that connection losses usually require the re-execution of the entire protocol. This puts into question SPDM’s suitability for battery-powered devices, which may keep only intermittent communications aiming to save energy. To address this question, we evaluate different authentication approaches that build upon and extend SPDM’s native key bootstrapping capabilities to handle intermittent authentication. In particular, we show that the combination of SPDM and a Time-based One-Time Password (TOTP) protocol is a promising solution for this scenario. We analyze the performance of the proposed authentication schemes using a proof-of-concept virtual device. The TOTP-based scheme was shown to be the fastest, the reconnection step being at least twice and up to 900× faster than possible straightforward applications of SPDM. Also, our scheme requires less memory to operate. Finally, we discuss the possibility of integrating intermittent authentication capabilities into the SPDM standard itself.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Computers & Security
Computers & Security 工程技术-计算机:信息系统
CiteScore
12.40
自引率
7.10%
发文量
365
审稿时长
10.7 months
期刊介绍: Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信