Ricerc@Sapienza

In recent years, the booming of Internet of Things (IoT) has populated the world with billions of smart devices that implement novel services and applications. The potential for cyberattacks on IoT systems have called for new solutions from the research community. Remote attestation is a widely used technique that allows a verifier to identify software compromise on a remote platform (called prover). Traditional challenge-response remote attestation protocols between the verifier and a single prover face a severe scalability challenge when they are applied to large scale IoT systems.

Remote attestation is a two-party security protocol that aims to detect the presence of malware in a remote untrusted IoT device. In order to perform the attestation, an IoT device typically has to stop the regular operation and perform expensive computations that will consume the battery life of the device. In this paper, we use cloud/fog computing to attest an IoT device in an efficient way. We propose Remote Attestation as a Service (RAaS) which allows even a low-end IoT device to securely offload the attestation process to the cloud.

Remote attestation is a security technique through which a remote trusted party (i.e., Verifier) checks the trust-worthiness of a potentially untrusted device (i.e., Prover). In the Internet of Things (IoT) systems, the existing remote attestation protocols propose various approaches to detect the modified software and physical tampering attacks.

Remote attestation has emerged as a valuable security mechanism which aims to verify remotely whether or not a potentially untrusted device has been compromised. The protocols of Remote attestation are particularly important for securing Internet of Things (IoT) systems which, due to the large number of interconnected devices and limited security protections, are susceptible to a wide variety of cyber attacks.