Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors

Thomas Ulz; Thomas Wolfgang Pieber; Christian Steger; Sarah Haas; Rainer Matischek; Holger Bock

doi:10.1109/DSD.2017.24

Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors

Thomas Ulz, Thomas Wolfgang Pieber, Christian Steger, Sarah Haas, Rainer Matischek, Holger Bock

Institut für Technische Informatik (4480)

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Forschung › Begutachtung

Abstract

The necessity to (re-)configure Internet of Things devices such as smart sensors during their entire lifecycle is becoming more important due to recent attacks targeting these devices. Allowing configuration parameters to be changed in any phase of a smart sensor's lifecycle allows security updates or new key material to be applied. Also, the functionality of a smart sensor can be altered by changing its configuration. The challenges that need to be considered when enabling the configuration of arbitrary parameters are the security and usability of the configuration interface, the secured storage of confidential configuration data, and the attestation of successfully applied configuration updates. Therefore, we present an NFC-based configuration approach that relies on dedicated secured hardware to solve these challenges. In addition to a hardware extension for smart sensors, we also present a secured configuration protocol as well as a two-layer configuration attestation process to verify the correct utilization of all transmitted configuration parameters.

Originalsprache	englisch
Titel	Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD)
Seiten	229-236
Seitenumfang	8
DOIs	https://doi.org/10.1109/DSD.2017.24
Publikationsstatus	Veröffentlicht - 1 Okt 2017
Veranstaltung	Euromicro Digital System Design - TU Vienna, Vienna, Österreich Dauer: 30 Aug 2017 → 1 Sep 2017 http://dsd-seaa2017.ocg.at/

Konferenz

Konferenz	Euromicro Digital System Design
Kurztitel	DSD
Land	Österreich
Ort	Vienna
Zeitraum	30/08/17 → 1/09/17
Internetadresse	http://dsd-seaa2017.ocg.at/

Zugriff auf Dokument

10.1109/DSD.2017.24

AttestationEingereichtes Manuskript, 1 MBLizenz: CC BY-NC-SA

Fingerprint Untersuchen Sie die Forschungsthemen von „Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren

Ulz, T., Pieber, T. W., Steger, C., Haas, S., Matischek, R., & Bock, H. (2017). Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors. in Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD) (S. 229-236) https://doi.org/10.1109/DSD.2017.24

Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors. / Ulz, Thomas; Pieber, Thomas Wolfgang; Steger, Christian ; Haas, Sarah; Matischek, Rainer; Bock, Holger.

Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD). 2017. S. 229-236.

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Forschung › Begutachtung

@inproceedings{4476cf46b1e14779b66ecb1cab8bc01b,

title = "Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors",

abstract = "The necessity to (re-)configure Internet of Things devices such as smart sensors during their entire lifecycle is becoming more important due to recent attacks targeting these devices. Allowing configuration parameters to be changed in any phase of a smart sensor's lifecycle allows security updates or new key material to be applied. Also, the functionality of a smart sensor can be altered by changing its configuration. The challenges that need to be considered when enabling the configuration of arbitrary parameters are the security and usability of the configuration interface, the secured storage of confidential configuration data, and the attestation of successfully applied configuration updates. Therefore, we present an NFC-based configuration approach that relies on dedicated secured hardware to solve these challenges. In addition to a hardware extension for smart sensors, we also present a secured configuration protocol as well as a two-layer configuration attestation process to verify the correct utilization of all transmitted configuration parameters.",

author = "Thomas Ulz and Pieber, {Thomas Wolfgang} and Christian Steger and Sarah Haas and Rainer Matischek and Holger Bock",

year = "2017",

month = "10",

day = "1",

doi = "10.1109/DSD.2017.24",

language = "English",

pages = "229--236",

booktitle = "Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD)",

}

TY - GEN

T1 - Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors

AU - Ulz, Thomas

AU - Pieber, Thomas Wolfgang

AU - Steger, Christian

AU - Haas, Sarah

AU - Matischek, Rainer

AU - Bock, Holger

PY - 2017/10/1

Y1 - 2017/10/1

N2 - The necessity to (re-)configure Internet of Things devices such as smart sensors during their entire lifecycle is becoming more important due to recent attacks targeting these devices. Allowing configuration parameters to be changed in any phase of a smart sensor's lifecycle allows security updates or new key material to be applied. Also, the functionality of a smart sensor can be altered by changing its configuration. The challenges that need to be considered when enabling the configuration of arbitrary parameters are the security and usability of the configuration interface, the secured storage of confidential configuration data, and the attestation of successfully applied configuration updates. Therefore, we present an NFC-based configuration approach that relies on dedicated secured hardware to solve these challenges. In addition to a hardware extension for smart sensors, we also present a secured configuration protocol as well as a two-layer configuration attestation process to verify the correct utilization of all transmitted configuration parameters.

AB - The necessity to (re-)configure Internet of Things devices such as smart sensors during their entire lifecycle is becoming more important due to recent attacks targeting these devices. Allowing configuration parameters to be changed in any phase of a smart sensor's lifecycle allows security updates or new key material to be applied. Also, the functionality of a smart sensor can be altered by changing its configuration. The challenges that need to be considered when enabling the configuration of arbitrary parameters are the security and usability of the configuration interface, the secured storage of confidential configuration data, and the attestation of successfully applied configuration updates. Therefore, we present an NFC-based configuration approach that relies on dedicated secured hardware to solve these challenges. In addition to a hardware extension for smart sensors, we also present a secured configuration protocol as well as a two-layer configuration attestation process to verify the correct utilization of all transmitted configuration parameters.

U2 - 10.1109/DSD.2017.24

DO - 10.1109/DSD.2017.24

M3 - Conference contribution

SP - 229

EP - 236

BT - Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD)

ER -