flashtest：基于Flash设备的低端物联网自我认证

IF 8 1区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

IEEE Transactions on Information Forensics and Security Pub Date : 2025-09-08 DOI:10.1109/TIFS.2025.3607245

Zheng Zhang;Jingfeng Xue;Weizhi Meng;Xu Qiao;Yuanzhang Li;Yu-an Tan

{"title":"flashtest：基于Flash设备的低端物联网自我认证","authors":"Zheng Zhang;Jingfeng Xue;Weizhi Meng;Xu Qiao;Yuanzhang Li;Yu-an Tan","doi":"10.1109/TIFS.2025.3607245","DOIUrl":null,"url":null,"abstract":"Remote Attestation (RA) is an effective security service that allows a trusted party (verifier) to initiate the attestation routine on a potentially untrusted remote device (prover) to verify its correct state. Despite their usefulness, traditional challenge-response remote attestation protocols suffer from certain limitations, such as challenges in scaling attestation collection and the forced suspension of normal operation during attestation. Self-attestation tackles these issues by enabling the prover to measure its own state asynchronously with the verifier’s attestation request. Existing self-attestation methods rely on hybrid architectures to provide the required security properties, which may not be compatible with low-end Internet of Things (IoT) devices due to hardware limitations. In addition, these protocols currently lack formal verification of design correctness. In this paper, we present FlashAttest, a formally verified self-attestation protocol for low-end IoT devices. FlashAttest leverages the flash device to fulfill the security properties required by self-attestation, eliminating the requirement for hardware modifications. In particular, FlashAttest allows the prover to initiate the attestation routine and guarantee the trustworthiness of the results based on the verified software-based security architecture. By collaborating with the flash device during attestation to generate timestamped reports, FlashAttest enables the verifier to collect and verify the legitimacy of the attestation results. More importantly, FlashAttest achieves strong security guarantees supported by a formally verified design using the Tamarin prover. We implement and evaluate FlashAttest on MSP430 architecture, showing a reasonable overhead in terms of memory footprint, communication overhead, runtime and power consumption. Compared with state-of-the-art self-attestation schemes, our approach achieves similar runtime overhead, low energy consumption, and reasonable memory overhead while eliminating the need for hardware modifications. The results confirm the suitability of FlashAttest for low-end devices.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"9685-9699"},"PeriodicalIF":8.0000,"publicationDate":"2025-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"FlashAttest: Self-Attestation for Low-End Internet of Things via Flash Devices\",\"authors\":\"Zheng Zhang;Jingfeng Xue;Weizhi Meng;Xu Qiao;Yuanzhang Li;Yu-an Tan\",\"doi\":\"10.1109/TIFS.2025.3607245\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Remote Attestation (RA) is an effective security service that allows a trusted party (verifier) to initiate the attestation routine on a potentially untrusted remote device (prover) to verify its correct state. Despite their usefulness, traditional challenge-response remote attestation protocols suffer from certain limitations, such as challenges in scaling attestation collection and the forced suspension of normal operation during attestation. Self-attestation tackles these issues by enabling the prover to measure its own state asynchronously with the verifier’s attestation request. Existing self-attestation methods rely on hybrid architectures to provide the required security properties, which may not be compatible with low-end Internet of Things (IoT) devices due to hardware limitations. In addition, these protocols currently lack formal verification of design correctness. In this paper, we present FlashAttest, a formally verified self-attestation protocol for low-end IoT devices. FlashAttest leverages the flash device to fulfill the security properties required by self-attestation, eliminating the requirement for hardware modifications. In particular, FlashAttest allows the prover to initiate the attestation routine and guarantee the trustworthiness of the results based on the verified software-based security architecture. By collaborating with the flash device during attestation to generate timestamped reports, FlashAttest enables the verifier to collect and verify the legitimacy of the attestation results. More importantly, FlashAttest achieves strong security guarantees supported by a formally verified design using the Tamarin prover. We implement and evaluate FlashAttest on MSP430 architecture, showing a reasonable overhead in terms of memory footprint, communication overhead, runtime and power consumption. Compared with state-of-the-art self-attestation schemes, our approach achieves similar runtime overhead, low energy consumption, and reasonable memory overhead while eliminating the need for hardware modifications. The results confirm the suitability of FlashAttest for low-end devices.\",\"PeriodicalId\":13492,\"journal\":{\"name\":\"IEEE Transactions on Information Forensics and Security\",\"volume\":\"20 \",\"pages\":\"9685-9699\"},\"PeriodicalIF\":8.0000,\"publicationDate\":\"2025-09-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Information Forensics and Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/11153507/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Forensics and Security","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11153507/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

摘要

远程认证（RA）是一种有效的安全服务，它允许受信任的一方（验证者）在可能不受信任的远程设备（证明者）上启动认证例程，以验证其正确状态。尽管它们很有用，但传统的挑战-响应远程认证协议存在一定的局限性，例如在扩展认证收集方面存在挑战，以及在认证期间强制暂停正常操作。自我认证通过使证明者能够使用验证者的认证请求异步地度量自己的状态来解决这些问题。现有的自我认证方法依赖于混合架构来提供所需的安全属性，由于硬件限制，这可能与低端物联网（IoT）设备不兼容。此外，这些协议目前缺乏对设计正确性的正式验证。在本文中，我们提出了flashtester，这是一种针对低端物联网设备的正式验证的自我认证协议。flashtester利用flash设备来实现自我认证所需的安全属性，从而消除了对硬件修改的要求。特别是，flashtest允许证明者启动证明例程，并根据经过验证的基于软件的安全架构保证结果的可信度。通过在认证过程中与flash设备协作生成带有时间戳的报告，flashtest使验证者能够收集和验证认证结果的合法性。更重要的是，flashtest通过使用Tamarin证明器的正式验证设计实现了强大的安全保证。我们在MSP430架构上实现和评估flashtest，在内存占用、通信开销、运行时间和功耗方面显示出合理的开销。与最先进的自我认证方案相比，我们的方法实现了类似的运行时开销、低能耗和合理的内存开销，同时消除了对硬件修改的需要。结果证实了flashtest在低端设备上的适用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

FlashAttest: Self-Attestation for Low-End Internet of Things via Flash Devices

Remote Attestation (RA) is an effective security service that allows a trusted party (verifier) to initiate the attestation routine on a potentially untrusted remote device (prover) to verify its correct state. Despite their usefulness, traditional challenge-response remote attestation protocols suffer from certain limitations, such as challenges in scaling attestation collection and the forced suspension of normal operation during attestation. Self-attestation tackles these issues by enabling the prover to measure its own state asynchronously with the verifier’s attestation request. Existing self-attestation methods rely on hybrid architectures to provide the required security properties, which may not be compatible with low-end Internet of Things (IoT) devices due to hardware limitations. In addition, these protocols currently lack formal verification of design correctness. In this paper, we present FlashAttest, a formally verified self-attestation protocol for low-end IoT devices. FlashAttest leverages the flash device to fulfill the security properties required by self-attestation, eliminating the requirement for hardware modifications. In particular, FlashAttest allows the prover to initiate the attestation routine and guarantee the trustworthiness of the results based on the verified software-based security architecture. By collaborating with the flash device during attestation to generate timestamped reports, FlashAttest enables the verifier to collect and verify the legitimacy of the attestation results. More importantly, FlashAttest achieves strong security guarantees supported by a formally verified design using the Tamarin prover. We implement and evaluate FlashAttest on MSP430 architecture, showing a reasonable overhead in terms of memory footprint, communication overhead, runtime and power consumption. Compared with state-of-the-art self-attestation schemes, our approach achieves similar runtime overhead, low energy consumption, and reasonable memory overhead while eliminating the need for hardware modifications. The results confirm the suitability of FlashAttest for low-end devices.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Information Forensics and Security 工程技术-工程：电子与电气

CiteScore

14.40

自引率

7.40%

发文量

234

审稿时长

6.5 months

期刊介绍： The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features