Vol.67, No.1, 2021, pp.23-49, doi:10.32604/cmc.2021.014523
OPEN ACCESS
ARTICLE
SAPEM: Secure Attestation of Program Execution and Program Memory for IoT Applications
  • Nafisa Ahmed1, Manar Abu Talib2,*, Qassim Nasir3
1 Research Institute of Science and Engineering, University of Sharjah, Sharjah, UAE
2 Department of Computer Science, University of Sharjah, Sharjah, UAE
3 Department of Electrical Engineering, University of Sharjah, Sharjah, UAE
* Corresponding Author: Manar Abu Talib. Email:
(This article belongs to this Special Issue: Security Issues in Industrial Internet of Things)
Received 26 September 2020; Accepted 26 October 2020; Issue published 12 January 2021
Abstract
Security is one of the major challenges that devices connected to the Internet of Things (IoT) face today. Remote attestation is used to measure these devices’ trustworthiness on the network by measuring the device platform’s integrity. Several software-based attestation mechanisms have been proposed, but none of them can detect runtime attacks. Although some researchers have attempted to tackle these attacks, the proposed techniques require additional secured hardware parts to be integrated with the attested devices to achieve their aim. These solutions are expensive and not suitable in many cases. This paper proposes a dual attestation process, SAPEM, with two phases: static and dynamic. The static attestation phase examines the program memory of the attested device. The dynamic program flow attestation examines the execution correctness of the application code. It can detect code injection and runtime attacks that hijack the control-flow, including data attacks that affect the program control-flow. The main aim is to minimize attestation overhead while maintaining our ability to detect the specified attacks. We validated SAPEM by implementing it on Raspberry Pi using its TrustZone extension. We attested it against the specified attacks and compared its performance with the related work in the literature. The results show that SAPEM significantly minimizes performance overhead while reliably detecting runtime attacks at the binary level.
Keywords
IoT; remote attestation; runtime attacks; trust; TrustZone; security
Cite This Article
N. Ahmed, M. A. Talib and Q. Nasir, "Sapem: secure attestation of program execution and program memory for iot applications," Computers, Materials & Continua, vol. 67, no.1, pp. 23–49, 2021.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.