SAFE^d: Self-Attestation For Networks of Heterogeneous Embedded Devices

The Internet of Things (IoT) is an emerging paradigm that allows to set large networks of small and independent devices. To ensure their integrity, practitioners employ so-called Remote Attestation (RA) schemes. Classic RA schemes require a central and powerful entity, called Verifier, that has mainly two duties: (i) it manages the entire process of attestation, and (ii) it contains all the proofs for validating the devices' integrity. However, having a central Verifier makes the network dependent upon an external entity and introduces a single point of failure for security. In this work, we propose SAFE^d: the first RA schema that allows a pair of IoT devices to validate their integrity without relying on an external Verifier. Our approach overcomes previous limitations by spreading the proofs among multiple IoT devices and using novel cryptographic mechanisms to ensure secure communications. Moreover, the entire IoT network can collaboratively isolate tampered devices and recover missing proofs in case of anomalies. We evaluate our schema through an implementation for Raspberry Pi platform and a network simulation. The results show that SAFE^d can detect infected devices and recover up to 99.9% of proofs in case of faults or attacks. Moreover, we managed to protect up to 10K devices with a logarithmic overhead on the network and on the devices' memory.
Comment: 12 pages, 7 figures