Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors

Thomas Ulz, Thomas Wolfgang Pieber, Christian Steger, Sarah Haas, Rainer Matischek, Holger Bock

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

The necessity to (re-)configure Internet of Things devices such as smart sensors during their entire lifecycle is becoming more important due to recent attacks targeting these devices. Allowing configuration parameters to be changed in any phase of a smart sensor's lifecycle allows security updates or new key material to be applied. Also, the functionality of a smart sensor can be altered by changing its configuration. The challenges that need to be considered when enabling the configuration of arbitrary parameters are the security and usability of the configuration interface, the secured storage of confidential configuration data, and the attestation of successfully applied configuration updates. Therefore, we present an NFC-based configuration approach that relies on dedicated secured hardware to solve these challenges. In addition to a hardware extension for smart sensors, we also present a secured configuration protocol as well as a two-layer configuration attestation process to verify the correct utilization of all transmitted configuration parameters.
LanguageEnglish
Title of host publicationProceedings of the 2017 Euromicro Conference on Digital System Design (DSD)
Pages229-236
Number of pages8
DOIs
StatusPublished - 1 Oct 2017
EventEuromicro Digital System Design - TU Vienna, Vienna, Austria
Duration: 30 Aug 20171 Sep 2017
http://dsd-seaa2017.ocg.at/

Conference

ConferenceEuromicro Digital System Design
Abbreviated titleDSD
CountryAustria
CityVienna
Period30/08/171/09/17
Internet address

Fingerprint

Smart sensors
Hardware
Network protocols

Cite this

Ulz, T., Pieber, T. W., Steger, C., Haas, S., Matischek, R., & Bock, H. (2017). Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors. In Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD) (pp. 229-236). DOI: 10.1109/DSD.2017.24

Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors. / Ulz, Thomas; Pieber, Thomas Wolfgang; Steger, Christian; Haas, Sarah; Matischek, Rainer; Bock, Holger.

Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD). 2017. p. 229-236.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Ulz, T, Pieber, TW, Steger, C, Haas, S, Matischek, R & Bock, H 2017, Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors. in Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD). pp. 229-236, Euromicro Digital System Design, Vienna, Austria, 30/08/17. DOI: 10.1109/DSD.2017.24
Ulz T, Pieber TW, Steger C, Haas S, Matischek R, Bock H. Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors. In Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD). 2017. p. 229-236. Available from, DOI: 10.1109/DSD.2017.24
Ulz, Thomas ; Pieber, Thomas Wolfgang ; Steger, Christian ; Haas, Sarah ; Matischek, Rainer ; Bock, Holger. / Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors. Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD). 2017. pp. 229-236
@inproceedings{4476cf46b1e14779b66ecb1cab8bc01b,
title = "Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors",
abstract = "The necessity to (re-)configure Internet of Things devices such as smart sensors during their entire lifecycle is becoming more important due to recent attacks targeting these devices. Allowing configuration parameters to be changed in any phase of a smart sensor's lifecycle allows security updates or new key material to be applied. Also, the functionality of a smart sensor can be altered by changing its configuration. The challenges that need to be considered when enabling the configuration of arbitrary parameters are the security and usability of the configuration interface, the secured storage of confidential configuration data, and the attestation of successfully applied configuration updates. Therefore, we present an NFC-based configuration approach that relies on dedicated secured hardware to solve these challenges. In addition to a hardware extension for smart sensors, we also present a secured configuration protocol as well as a two-layer configuration attestation process to verify the correct utilization of all transmitted configuration parameters.",
author = "Thomas Ulz and Pieber, {Thomas Wolfgang} and Christian Steger and Sarah Haas and Rainer Matischek and Holger Bock",
year = "2017",
month = "10",
day = "1",
doi = "10.1109/DSD.2017.24",
language = "English",
pages = "229--236",
booktitle = "Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD)",

}

TY - GEN

T1 - Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors

AU - Ulz,Thomas

AU - Pieber,Thomas Wolfgang

AU - Steger,Christian

AU - Haas,Sarah

AU - Matischek,Rainer

AU - Bock,Holger

PY - 2017/10/1

Y1 - 2017/10/1

N2 - The necessity to (re-)configure Internet of Things devices such as smart sensors during their entire lifecycle is becoming more important due to recent attacks targeting these devices. Allowing configuration parameters to be changed in any phase of a smart sensor's lifecycle allows security updates or new key material to be applied. Also, the functionality of a smart sensor can be altered by changing its configuration. The challenges that need to be considered when enabling the configuration of arbitrary parameters are the security and usability of the configuration interface, the secured storage of confidential configuration data, and the attestation of successfully applied configuration updates. Therefore, we present an NFC-based configuration approach that relies on dedicated secured hardware to solve these challenges. In addition to a hardware extension for smart sensors, we also present a secured configuration protocol as well as a two-layer configuration attestation process to verify the correct utilization of all transmitted configuration parameters.

AB - The necessity to (re-)configure Internet of Things devices such as smart sensors during their entire lifecycle is becoming more important due to recent attacks targeting these devices. Allowing configuration parameters to be changed in any phase of a smart sensor's lifecycle allows security updates or new key material to be applied. Also, the functionality of a smart sensor can be altered by changing its configuration. The challenges that need to be considered when enabling the configuration of arbitrary parameters are the security and usability of the configuration interface, the secured storage of confidential configuration data, and the attestation of successfully applied configuration updates. Therefore, we present an NFC-based configuration approach that relies on dedicated secured hardware to solve these challenges. In addition to a hardware extension for smart sensors, we also present a secured configuration protocol as well as a two-layer configuration attestation process to verify the correct utilization of all transmitted configuration parameters.

U2 - 10.1109/DSD.2017.24

DO - 10.1109/DSD.2017.24

M3 - Conference contribution

SP - 229

EP - 236

BT - Proceedings of the 2017 Euromicro Conference on Digital System Design (DSD)

ER -