Publication: DIAT: Data Integrity Attestation for Resilient Collaboration of Autonomous Systems (NDSS 2019)

Joint work with
Tigist Abera∗, Raad Bahmani∗, Ferdinand Brasser∗, Ahmad Ibrahim∗, Ahmad-Reza Sadeghi (Technische Universität Darmstadt, GermanyA

Networks of autonomous collaborative embedded
systems are emerging in many application domains such as vehicular ad-hoc networks, robotic factory workers, search/rescue
robots, delivery and search drones. To perform their collaborative
tasks the involved devices exchange various types of information
such as sensor data, status information, and commands. For the
correct operation of these complex systems each device must be
able to verify that the data coming from other devices is correct
and has not been maliciously altered.
In this paper, we present DIAT – a novel approach that
allows to verify the correctness of data by attesting the correct
generation as well as processing of data using control-flow
attestation. DIAT enables devices in autonomous collaborative
networks to securely and efficiently interact, relying on a minimal
TCB. It ensures that the data sent from one device to another
device is not maliciously changed, neither during transport nor
during generation or processing on the originating device. Data
exchanged between devices in the network is therefore authenticated along with a proof of integrity of all software involved
in its generation and processing. To enable this, the embedded
devices’ software is decomposed into simple interacting modules
reducing the amount and complexity of software that needs to
be attested, i.e., only those modules that process the data are
relevant. As a proof of concept we implemented and evaluated
our scheme DIAT on a state-of-the-art flight controller for
drones. Furthermore, we evaluated our scheme in a simulation
environment to demonstrate its scalability for large-scale systems.