Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors

Thomas Ulz; Thomas Wolfgang Pieber; Christian Steger; Sarah Haas; Rainer Matischek; Holger Bock

doi:10.1109/DSD.2017.24

Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors

Thomas Ulz, Thomas Wolfgang Pieber, Christian Steger, Sarah Haas, Rainer Matischek, Holger Bock

Institute of Technical Informatics (4480)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

The necessity to (re-)configure Internet of Things devices such as smart sensors during their entire lifecycle is becoming more important due to recent attacks targeting these devices. Allowing configuration parameters to be changed in any phase of a smart sensor's lifecycle allows security updates or new key material to be applied. Also, the functionality of a smart sensor can be altered by changing its configuration. The challenges that need to be considered when enabling the configuration of arbitrary parameters are the security and usability of the configuration interface, the secured storage of confidential configuration data, and the attestation of successfully applied configuration updates. Therefore, we present an NFC-based configuration approach that relies on dedicated secured hardware to solve these challenges. In addition to a hardware extension for smart sensors, we also present a secured configuration protocol as well as a two-layer configuration attestation process to verify the correct utilization of all transmitted configuration parameters.

Original language	English
Title of host publication	Proceedings - 20th Euromicro Conference on Digital System Design, DSD 2017
Publisher	Institute of Electrical and Electronics Engineers
Pages	229-236
Number of pages	8
ISBN (Electronic)	978-153862145-5
DOIs	https://doi.org/10.1109/DSD.2017.24
Publication status	Published - 1 Oct 2017
Event	20th Euromicro Conference on Digital System Design: DSD 2017 - TU Vienna, Vienna, Austria Duration: 30 Aug 2017 → 1 Sep 2017 http://dsd-seaa2017.ocg.at/

Conference

Conference	20th Euromicro Conference on Digital System Design
Abbreviated title	DSD
Country/Territory	Austria
City	Vienna
Period	30/08/17 → 1/09/17
Internet address	http://dsd-seaa2017.ocg.at/

Access to Document

10.1109/DSD.2017.24

AttestationSubmitted manuscript, 1.3 MBLicence: CC BY-NC-SA 4.0

1 Finished
1 Active

Hardware/Software-Codesign
Steger, C., Seifert, C., Stelzer, P., Feldbacher, M., Fiala, G. & Basic, F.
1/01/95 → …
Project: Research area
IoSense - Flexible FE/BE Sensor Pilot Line for the Internet of Everything
Steger, C., Ulz, T. & Pieber, T. W.
1/05/16 → 30/04/19
Project: Research project

Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors
Thomas Ulz (Speaker)
2017
Activity: Talk or presentation › Talk at conference or symposium › Science to public

Cite this

Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors. / Ulz, Thomas; Pieber, Thomas Wolfgang; Steger, Christian et al.

Proceedings - 20th Euromicro Conference on Digital System Design, DSD 2017. Institute of Electrical and Electronics Engineers, 2017. p. 229-236.

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Ulz, T, Pieber, TW, Steger, C, Haas, S, Matischek, R & Bock, H 2017, Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors. in Proceedings - 20th Euromicro Conference on Digital System Design, DSD 2017. Institute of Electrical and Electronics Engineers, pp. 229-236, 20th Euromicro Conference on Digital System Design, Vienna, Austria, 30/08/17. https://doi.org/10.1109/DSD.2017.24

@inproceedings{4476cf46b1e14779b66ecb1cab8bc01b,

title = "Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors",

abstract = "The necessity to (re-)configure Internet of Things devices such as smart sensors during their entire lifecycle is becoming more important due to recent attacks targeting these devices. Allowing configuration parameters to be changed in any phase of a smart sensor's lifecycle allows security updates or new key material to be applied. Also, the functionality of a smart sensor can be altered by changing its configuration. The challenges that need to be considered when enabling the configuration of arbitrary parameters are the security and usability of the configuration interface, the secured storage of confidential configuration data, and the attestation of successfully applied configuration updates. Therefore, we present an NFC-based configuration approach that relies on dedicated secured hardware to solve these challenges. In addition to a hardware extension for smart sensors, we also present a secured configuration protocol as well as a two-layer configuration attestation process to verify the correct utilization of all transmitted configuration parameters.",

author = "Thomas Ulz and Pieber, {Thomas Wolfgang} and Christian Steger and Sarah Haas and Rainer Matischek and Holger Bock",

year = "2017",

month = oct,

day = "1",

doi = "10.1109/DSD.2017.24",

language = "English",

pages = "229--236",

booktitle = "Proceedings - 20th Euromicro Conference on Digital System Design, DSD 2017",

publisher = "Institute of Electrical and Electronics Engineers",

address = "United States",

note = "20th Euromicro Conference on Digital System Design : DSD 2017, DSD ; Conference date: 30-08-2017 Through 01-09-2017",

url = "http://dsd-seaa2017.ocg.at/",

}

TY - GEN

T1 - Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors

AU - Ulz, Thomas

AU - Pieber, Thomas Wolfgang

AU - Steger, Christian

AU - Haas, Sarah

AU - Matischek, Rainer

AU - Bock, Holger

PY - 2017/10/1

Y1 - 2017/10/1

N2 - The necessity to (re-)configure Internet of Things devices such as smart sensors during their entire lifecycle is becoming more important due to recent attacks targeting these devices. Allowing configuration parameters to be changed in any phase of a smart sensor's lifecycle allows security updates or new key material to be applied. Also, the functionality of a smart sensor can be altered by changing its configuration. The challenges that need to be considered when enabling the configuration of arbitrary parameters are the security and usability of the configuration interface, the secured storage of confidential configuration data, and the attestation of successfully applied configuration updates. Therefore, we present an NFC-based configuration approach that relies on dedicated secured hardware to solve these challenges. In addition to a hardware extension for smart sensors, we also present a secured configuration protocol as well as a two-layer configuration attestation process to verify the correct utilization of all transmitted configuration parameters.

AB - The necessity to (re-)configure Internet of Things devices such as smart sensors during their entire lifecycle is becoming more important due to recent attacks targeting these devices. Allowing configuration parameters to be changed in any phase of a smart sensor's lifecycle allows security updates or new key material to be applied. Also, the functionality of a smart sensor can be altered by changing its configuration. The challenges that need to be considered when enabling the configuration of arbitrary parameters are the security and usability of the configuration interface, the secured storage of confidential configuration data, and the attestation of successfully applied configuration updates. Therefore, we present an NFC-based configuration approach that relies on dedicated secured hardware to solve these challenges. In addition to a hardware extension for smart sensors, we also present a secured configuration protocol as well as a two-layer configuration attestation process to verify the correct utilization of all transmitted configuration parameters.

U2 - 10.1109/DSD.2017.24

DO - 10.1109/DSD.2017.24

M3 - Conference paper

SP - 229

EP - 236

BT - Proceedings - 20th Euromicro Conference on Digital System Design, DSD 2017

PB - Institute of Electrical and Electronics Engineers

T2 - 20th Euromicro Conference on Digital System Design

Y2 - 30 August 2017 through 1 September 2017

ER -

Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors

Abstract

Conference

Access to Document

Fingerprint

Projects

Hardware/Software-Codesign

IoSense - Flexible FE/BE Sensor Pilot Line for the Internet of Everything

Activities

Hardware-Secured Configuration and Two-Layer Attestation Architecture for Smart Sensors

Cite this