Poster: Enhancing Remote Healthiness Attestation for Constrained IoT Devices

The Internet of Things (IoT), which has been rapidly implemented in the smart home, city, and industry, keeps shaping the way we live. However, the constrained resource of IoT leads to a constant vulnerability for its’ resident network and the whole Internet. To mitigate potential threats, a complementary method – Device Identifier Composition Engine (DICE) – is introduced to enable remote healthiness attestation for IoT devices. Although DICE narrows the gap between security necessity and the constrained resource of IoT, a replay attack is still possible to circumvent the method. In this paper, an enhanced DICE+ is proposed to address the weakness. Compared to the original DICE, DICE+ improves DICE with dynamic attestation evidence (other than static evidence in standard DICE), and thus alleviates the replay attack. Based on the evaluation, DICE+ enhances the standard DICE in three aspects simultaneously: (i) Replay attack resilience; (ii) Extreme lightweight overhead; (iii) Fine-grained firmware attestation. According to the chip specification from our product line, a ca. 60% size reduction of the chip security-related area is expectable if such the method applied along with a pure symmetric-cryptography tech-set.