ERAMO: Effective Remote Attestation through Memory Offloading

Abstract

Remote Attestation (RA) has gained a broad attention over recent years as an essential security mechanism that enables integrity verification of remote IoT devices. Typically, existing RA protocols aim at detecting malware presence in program memory. Recent RA schemes work towards attesting also data memory and focus mainly on detecting runtime attacks that manipulate stack pointers to hijack the execution flow of a running program. Despite different RA approaches, some data memory attacks still remain undetected. This paper proposes ERAMO, a novel RA protocol that investigates memory offloading technique in attesting broad memory regions of IoT devices. Instead of running a complex RA protocol on a resource-constrained IoT device, ERAMO leverages the emerging paradigm of Fog Computing to securely offload memory contents of IoT devices to nearby powerful devices. This approach aims at increasing the effectiveness of RA protocols by attesting larger data memory regions and allowing powerful devices to perform complex analysis of IoT devices’ state. We validate and evaluate ERAMO with a hardware proof-of-concept implementation using an ARM Cortex-M33 based microcontroller that provides ARM TrustZone to support secure isolation of the RA procedure. The conducted experiments confirm the feasibility of ERAMO and demonstrate that offloading technique increases the RA effectiveness in attesting dynamic memory regions.