Remote Attestation (RA) is a security mechanism to remotely detect adversarial presence on untrusted devices in order to guarantee their trustworthiness. RA runs as a two-party security protocol in which a trusted party (i.e., verifier) assures the integrity of the untrusted remote device (i.e., prover). Software-based RA approaches aim at verifying device integrity without relying on specialized hardware components. Despite their limited security guarantees, software-based RA approaches bring opportunities in attesting legacy and resource-constrained Internet of Things (IoT) devices, in which the presence of a hardware root-of-trust is not always a realistic assumption.
With the Internet of Things (IoT) revolution, IoT devices are experiencing an exponential growth, becoming pervasive in infrastructure and industrial systems (e.g., digital transportation, smart cities, automated factories), and emerging as an integral part of our everyday life (e.g., smart home, wearable devices). According to Statista (https://www.statista.com/statistics/976313/global-iot-market-size/ (accessed on 31 December 2020)), the global IoT market is expected to reach around 1.6 trillion dollars in market revenue by 2025. However, the enormous expansion of interconnected IoT devices that perform safety-critical operations and contain sensitive information, combined with their limited capabilities to implement advanced security techniques, makes IoT devices a prominent target of a broad range of malicious exploitations .
Aimed at securing IoT devices, Remote Attestation (RA) has been proposed as a valuable security technique that allows a trusted party (i.e., verifier) to assure the integrity of the untrusted IoT device (i.e., prover). During the attestation, the prover sends proofs about its current state of the memory (typically a hash of the memory) to the verifier, whereas the verifier matches the received evidence with the expected legitimate state (known in advance) of the prover, and according to that it validates whether the prover is trustworthy or not.
Based on their architectural design, RA schemes can broadly be classified into three main categories: (1) Software-based RA (e.g., Seshadri et al. ) which provides security guarantees based on strict running time constraints of the verification procedure; (2) Hardware-based RA (e.g., Sailer et al. , Tan et al. ) which uses a tamper-resistant hardware module as a secure execution environment; and (3) Hybrid RA (e.g., Eldefrawy et al. , Brasser et al. ) which rely on a minimal read-only hardware-protected memory. Due to the lack of requirements for a specialized tampered-resistance hardware, software-based RA schemes are low-cost solutions in comparison with hardware-based RA. However, using a secure execution environment such as Trusted Platform Module (TPM) , ARM TrustZone , and Intel Software Guard Extensions (SGX) (https://software.intel.com/en-us/sgx (accessed on 31 December 2020)), hardware-based RA provides high-security guarantees, that protects RA protocol execution from compromised software. Nevertheless, classic low-cost IoT devices do not support the requirements of hardware-based schemes for costly specialized hardware-protected modules. To ensure uninterrupted, safe and secure code execution of the RA protocol, hybrid RA schemes depend on the existence of a minimal read-only hardware-protected memory. However, the assumption made by hardware-based RA and hybrid RA of a specialized hardware is not a trivial requirement for many IoT devices with limited computational power which do not support any specialized hardware, such as battery-free, energy harvesting IoT devices .
Considering that there is a great number of legacy IoT devices already deployed without a specialized hardware support, it is difficult (if not impractical) to customize the hardware and redeploy these devices. Due to the cost, it is also not a viable option to replace them all with new devices relying on specialized hardware. In addition, many IoT devices are designed to be small, cheap, and battery-free, thus, introducing new and specialized hardware could potentially not only increase the cost and size of the devices but also deviate from the energy harvesting feature of their design. Nevertheless, it is crucial to provide security protections on such low-cost devices. In this context, software-based RA can be considered a very promising approach. However, to the best of our knowledge, a comprehensive analysis of existing software-based RA schemes in order to investigate their advantages and disadvantages along with the opportunities that they offer for attesting legacy and/or resource-constrained IoT systems is still missing in the literature.
Software-based RA protocols have been abandoned in the most recent RA proposals as they are considered deprived of necessary security guarantees. However, the lightweight design of such protocols could be of great value for various already-deployed IoT solutions or new commercial IoT products. In the following, we discuss some opportunities that software-based RA approaches bring in enabling attestation on different categories of very lightweight IoT devices.
With the large number of IoT devices deployed over the past years, many IoT devices currently in use are legacy devices. Most legacy IoT devices were designed to operate unconnected, standalone, and the adoption of novel security solutions are often impractical for such devices. Considering the unique characteristics of legacy IoT devices that typically lack complete and accurate documentation, it becomes crucial to bring RA’s benefits to such legacy devices without disrupting their existing operations. In this context, the adoption of hardware or hybrid RA schemes requiring specialized hardware support or customized hardware configuration is impractical for legacy IoT devices. In contrast, the software-based RA approaches are suitable for legacy devices as they rely only on software. Even though software-based RA protocols are vulnerable to sophisticated attacks, software-based RA protocol could still provide some degree of integrity guarantees in these devices. Under certain assumptions such as legacy devices deployed in a private and relatively-small network, the software-based approaches such as SWATT , Pioneer  and LRMA  are a promising solution for the missing security mechanisms present on resource-constrained legacy IoT devices.
Europe has recently entered into the green transition, which aims at lowering global energy footprint towards achieving the ultimate goal of being climate-neutral by 2050. As a result, the deployment of battery-free IoT devices  is expected to be increased in the upcoming years. In this context, the RA protocols that rely on customized hardware not cause an increased cost and size of any resource constraint IoT devices and deviate from the initial core objective of the original energy-harvesting design of battery-free IoT devices. While typically the IoT networks of such tiny devices adopt correlated information to detect compromised devices, such battery-free devices could benefit from software-based RA schemes as an integrity check mechanism. However, the software-based RA protocols that perform expensive computational operations and rely on strict time constraints could be heavy for such devices. The most suitable protocols for energy harvesting devices could be the software-based RA protocols that rely on loosely time constraints listed in Table 2 such as .
Due to strict time constraints, software-based RA schemes have been considered limited to a one-hop network setting and unsuitable for attestation of large networks with multi-hop distance between the verifier and provers. However, with the emerging paradigm of Fog computing (https://www.openfogconsortium.org/ (accessed on 31 December 2020)), there comes the opportunity to introduce single-hop attestation schemes between these devices and a connected Fog node, that can act as a verifier. The software-based RA schemes have been considered impractical due to the strong assumptions of the required verifier’s knowledge to validate the legitimate state of IoT devices, for instance knowing the exact hardware configuration. Table 1 presents an overview of the required knowledge by the verifier. In a Fog computing infrastructure, each Fog node serves as a distributed verifier, the assumption that each Fog node has all the required knowledge of the devices connected to the Fog node seems realistic. Thus, each Fog node may attest its device by performing a software-based RA scheme. However, software-based RA schemes are challenging in mobile networks in which devices frequently join and leave different Fog nodes.
|Scheme||Mem. Cont.||Exact HW Config.||Network Delay||Used Mem.||Checksum|
|Reflection , Dataguard ||✓||✗||✗||✗||✗|
|SWATT , Pioneer , LRMA ||✓||✓||✓||✗||✗|
|Self-Modifying Code ||✗||✓||✗||✗||✗|
|Proactive , Distributed 1 , USAS ||✗||✗||✗||✓||✗|
|Memory Filling ||✗||✓||✗||✓||✗|
Software-based RA schemes serve as building blocks for other crucial software-based security mechanisms such as key establishment , security software update , recovery  and secure erasure . With the IoT devices playing a remarkable role in many domains such as healthcare, vehicles and transportation systems, industrial appliances, and smart homes, the cutting edge of security is continually being pushed. Recent works in the literature have integrated RA with Blockchain to provide stronger security guarantees (e.g., decentralization, traceability, anonymity and non-repudiation) for critical real-time infrastructures such as Vehicle-to-Vehicle communications . Other promising applications include the trustworthy collaboration among Automated Guided Vehicles in the mobile and collaborative Smart Factory context .