Publication: SANA: Secure and Scalable Aggregate Network Attestation accepted at ACM CCS 2016

“Moreno Ambrosin, Mauro Conti, Ahmad Ibrahim, Gregory Neven, Ahmad-Reza Sadeghi, and Matthias Schunter: SANA: Secure and Scalable Aggregate Network Attestation, ACM Conference on Computer and Communications Security, ACM Press 2016.”

 

 

 

 

 

Abstract:
Large numbers of smart connected devices, also named as the Internet
of Things (IoT), are permeating our environments (homes,
factories, cars, and also our body—with wearable devices) to collect
data and act on the insight derived. Ensuring software integrity (including
OS, apps, and configurations) on such smart devices is then
essential to guarantee both privacy and safety. A key mechanism to
protect the software integrity of these devices is remote attestation:
A process that allows a remote verifier to validate the integrity of
the software of a device. This process usually makes use of a signed
hash value of the actual device’s software, generated by dedicated
hardware. While individual device attestation is a well-established
technique, to date integrity verification of a very large number of
devices remains an open problem, due to scalability issues.
In this paper, we present SANA, the first secure and scalable protocol
for efficient attestation of large sets of devices that works under
realistic assumptions. SANA relies on a novel signature scheme to
allow anyone to publicly verify a collective attestation in constant
time and space, for virtually an unlimited number of devices. We
substantially improve existing swarm attestation schemes [5] by supporting
a realistic trust model where: (1) only the targeted devices
are required to implement attestation; (2) compromising any device
does not harm others; and (3) all aggregators can be untrusted. We
implemented SANA and demonstrated its efficiency on tiny sensor
devices. Furthermore, we simulated SANA at large scale, to assess
its scalability. Our results show that SANA can provide efficient
attestation of networks of 1; 000; 000 devices, in only 2:5 seconds.

 

Download (PDF, 708KB)