One of the main challenges in IoT security is to assure the integrity of the firmware running on a constrained low-cost device. A solution to this challenge could be provided by a security service called “remote attestation”, where the device generates an evidence about its deployed firmware for attestation by a remote verifier in the backend. This enables to discover malware on enrolled devices, to protect the ecosystem from these compromised devices and to take proper counteraction to restore the infected devices.
How an attestation evidence can be generated at boot time on a tiny microcontroller was investigated in earlier work and also specified by the TCG’s DICE specification. It is, however, challenging to generate such attestation evidence during runtime, where the device usually is prone to powerful attacks.
Previous approaches have attempted to solve this challenge by using custom hardware extensions of the CPU architecture. We developed a method based on DICE to securely generate attestation evidence at runtime using only standard CPU features like the MPU, privileged/unprivileged levels of execution in combination with the boot ROM and lock mechanism required by DICE. In particular, we use the MPU and privilege levels to effectively isolate the attestation logic and secrets from the possibly compromised firmware.
As a result, our method can immediately be applied to a broad range of popular microcontrollers.
At Fraunhofer AISEC, we developed a prototype for the frequently used Cortex-M4-based STM32L476 microcontroller.