A survey of remote attestation in Internet of Things: Attacks, countermeasures, and prospects

Kuang, B; Fu, A; Susilo, W; Yu, S; Gao, Y

A survey of remote attestation in Internet of Things: Attacks, countermeasures, and prospects

Kuang, B Fu, A Susilo, W Yu, S

Gao, Y

Permalink

Publisher:: ELSEVIER ADVANCED TECHNOLOGY
Publication Type:: Journal Article
Citation:: Computers and Security, 2022, 112
Issue Date:: 2022-01-01

Closed Access

	Filename	Description	Size
	A survey of remote attestation in Internet of Things.pdf	Published version	2.53 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Kuang, B
dc.contributor.author	Fu, A
dc.contributor.author	Susilo, W
dc.contributor.author	Yu, S https://orcid.org/0000-0003-4485-6743
dc.contributor.author	Gao, Y
dc.date.accessioned	2023-03-19T23:27:30Z
dc.date.available	2023-03-19T23:27:30Z
dc.date.issued	2022-01-01
dc.identifier.citation	Computers and Security, 2022, 112
dc.identifier.issn	0167-4048
dc.identifier.issn	1872-6208
dc.identifier.uri	http://hdl.handle.net/10453/167617
dc.description.abstract	The explosive growth of the Internet of Things (IoT) devices is an inevitable trend, especially considering the fact that 5G technology facilitates numerous services building on IoT devices. IoT devices deliver great convenience to our daily lives; nevertheless, they are becoming attractive attacking targets. Compromised IoT devices can result in the exposure of user privacy, damage to network security, or even threats to personal safety. In a rush for convenience and marketability, the security of these devices is usually less considered during production and even ignored. Under these circumstances, Remote Attestation (RA) becomes a valuable security service. It outsources the computation and verification burden to a resource-rich party, e.g., server, to ease its on-device implementation, making it suitable for protocol extensions. In this paper, we investigate the state-of-the-art RA schemes from different perspectives, aiming to offer a comprehensive understanding of this security service. Specifically, we summarize the basis of RA. We set up an elaborate adversarial model by systematizing existing RA schemes. Then we put forward the evaluation criteria from protection capability, performance, network adaptability, and attestation quality. According to the adversarial model, we classify existing RA schemes into five categories to show the various characteristics. A comparison of representative proposals enables readers to adopt and design suitable protocols in different application scenarios. Finally, we discuss some open challenges and provision prospects for future research.
dc.language	English
dc.publisher	ELSEVIER ADVANCED TECHNOLOGY
dc.relation	http://purl.org/au-research/grants/arc/DP200101374
dc.relation.ispartof	Computers and Security
dc.relation.isbasedon	10.1016/j.cose.2021.102498
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject	08 Information and Computing Sciences
dc.subject.classification	Strategic, Defence & Security Studies
dc.title	A survey of remote attestation in Internet of Things: Attacks, countermeasures, and prospects
dc.type	Journal Article
utslib.citation.volume	112
utslib.for	08 Information and Computing Sciences
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
utslib.copyright.status	closed_access	*
dc.date.updated	2023-03-19T23:27:29Z
pubs.publication-status	Published
pubs.volume	112

Abstract:

The explosive growth of the Internet of Things (IoT) devices is an inevitable trend, especially considering the fact that 5G technology facilitates numerous services building on IoT devices. IoT devices deliver great convenience to our daily lives; nevertheless, they are becoming attractive attacking targets. Compromised IoT devices can result in the exposure of user privacy, damage to network security, or even threats to personal safety. In a rush for convenience and marketability, the security of these devices is usually less considered during production and even ignored. Under these circumstances, Remote Attestation (RA) becomes a valuable security service. It outsources the computation and verification burden to a resource-rich party, e.g., server, to ease its on-device implementation, making it suitable for protocol extensions. In this paper, we investigate the state-of-the-art RA schemes from different perspectives, aiming to offer a comprehensive understanding of this security service. Specifically, we summarize the basis of RA. We set up an elaborate adversarial model by systematizing existing RA schemes. Then we put forward the evaluation criteria from protection capability, performance, network adaptability, and attestation quality. According to the adversarial model, we classify existing RA schemes into five categories to show the various characteristics. A comparison of representative proposals enables readers to adopt and design suitable protocols in different application scenarios. Finally, we discuss some open challenges and provision prospects for future research.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/167617