Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors

Thomas Ulz, Thomas Wolfgang Pieber, Christian Steger, Sarah Haas, Rainer Matischek, Holger Bock

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

The necessity to (re-)configure Internet of Things devices such as smart sensors during their entire lifecycle is becoming more important due to recent attacks targeting these devices. Allowing configuration parameters to be changed in any phase of a smart sensor's lifecycle allows security updates or new key material to be applied. Also, the functionality of a smart sensor can be altered by changing its configuration. The challenges that need to be considered when enabling the configuration of arbitrary parameters are the security and usability of the configuration interface, the secured storage of confidential configuration data, and the attestation of successfully applied configuration updates. Therefore, we present an NFC-based configuration approach that relies on dedicated secured hardware to solve these challenges. In addition to a hardware extension for smart sensors, we also present a secured configuration protocol as well as a two-layer configuration attestation process to verify the correct utilization of all transmitted configuration parameters.
Spracheenglisch
TitelProceedings of the 2017 Euromicro Conference on Digital System Design (DSD)
Seiten229-236
Seitenumfang8
DOIs
StatusVeröffentlicht - 1 Okt 2017
VeranstaltungEuromicro Digital System Design - TU Vienna, Vienna, Österreich
Dauer: 30 Aug 20171 Sep 2017
http://dsd-seaa2017.ocg.at/

Konferenz

KonferenzEuromicro Digital System Design
KurztitelDSD
LandÖsterreich
OrtVienna
Zeitraum30/08/171/09/17
Internetadresse

Fingerprint

Smart sensors
Hardware
Network protocols

Dies zitieren

Ulz, T., Pieber, T. W., Steger, C., Haas, S., Matischek, R., & Bock, H. (2017). Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors. in Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD) (S. 229-236) https://doi.org/10.1109/DSD.2017.24

Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors. / Ulz, Thomas; Pieber, Thomas Wolfgang; Steger, Christian; Haas, Sarah; Matischek, Rainer; Bock, Holger.

Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD). 2017. S. 229-236.

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Ulz, T, Pieber, TW, Steger, C, Haas, S, Matischek, R & Bock, H 2017, Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors. in Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD). S. 229-236, Vienna, Österreich, 30/08/17. https://doi.org/10.1109/DSD.2017.24
Ulz T, Pieber TW, Steger C, Haas S, Matischek R, Bock H. Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors. in Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD). 2017. S. 229-236 https://doi.org/10.1109/DSD.2017.24
Ulz, Thomas ; Pieber, Thomas Wolfgang ; Steger, Christian ; Haas, Sarah ; Matischek, Rainer ; Bock, Holger. / Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors. Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD). 2017. S. 229-236
@inproceedings{4476cf46b1e14779b66ecb1cab8bc01b,
title = "Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors",
abstract = "The necessity to (re-)configure Internet of Things devices such as smart sensors during their entire lifecycle is becoming more important due to recent attacks targeting these devices. Allowing configuration parameters to be changed in any phase of a smart sensor's lifecycle allows security updates or new key material to be applied. Also, the functionality of a smart sensor can be altered by changing its configuration. The challenges that need to be considered when enabling the configuration of arbitrary parameters are the security and usability of the configuration interface, the secured storage of confidential configuration data, and the attestation of successfully applied configuration updates. Therefore, we present an NFC-based configuration approach that relies on dedicated secured hardware to solve these challenges. In addition to a hardware extension for smart sensors, we also present a secured configuration protocol as well as a two-layer configuration attestation process to verify the correct utilization of all transmitted configuration parameters.",
author = "Thomas Ulz and Pieber, {Thomas Wolfgang} and Christian Steger and Sarah Haas and Rainer Matischek and Holger Bock",
year = "2017",
month = "10",
day = "1",
doi = "10.1109/DSD.2017.24",
language = "English",
pages = "229--236",
booktitle = "Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD)",

}

TY - GEN

T1 - Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors

AU - Ulz, Thomas

AU - Pieber, Thomas Wolfgang

AU - Steger, Christian

AU - Haas, Sarah

AU - Matischek, Rainer

AU - Bock, Holger

PY - 2017/10/1

Y1 - 2017/10/1

N2 - The necessity to (re-)configure Internet of Things devices such as smart sensors during their entire lifecycle is becoming more important due to recent attacks targeting these devices. Allowing configuration parameters to be changed in any phase of a smart sensor's lifecycle allows security updates or new key material to be applied. Also, the functionality of a smart sensor can be altered by changing its configuration. The challenges that need to be considered when enabling the configuration of arbitrary parameters are the security and usability of the configuration interface, the secured storage of confidential configuration data, and the attestation of successfully applied configuration updates. Therefore, we present an NFC-based configuration approach that relies on dedicated secured hardware to solve these challenges. In addition to a hardware extension for smart sensors, we also present a secured configuration protocol as well as a two-layer configuration attestation process to verify the correct utilization of all transmitted configuration parameters.

AB - The necessity to (re-)configure Internet of Things devices such as smart sensors during their entire lifecycle is becoming more important due to recent attacks targeting these devices. Allowing configuration parameters to be changed in any phase of a smart sensor's lifecycle allows security updates or new key material to be applied. Also, the functionality of a smart sensor can be altered by changing its configuration. The challenges that need to be considered when enabling the configuration of arbitrary parameters are the security and usability of the configuration interface, the secured storage of confidential configuration data, and the attestation of successfully applied configuration updates. Therefore, we present an NFC-based configuration approach that relies on dedicated secured hardware to solve these challenges. In addition to a hardware extension for smart sensors, we also present a secured configuration protocol as well as a two-layer configuration attestation process to verify the correct utilization of all transmitted configuration parameters.

U2 - 10.1109/DSD.2017.24

DO - 10.1109/DSD.2017.24

M3 - Conference contribution

SP - 229

EP - 236

BT - Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD)

ER -