Comparison and analysis of software based memory attestation schemes in wireless sensor nodes
Abstract
Memory attestation in sensor nodes is a recent but challenging issue. With the increased memory based attacks in sensor nodes owing to their use in critical applications like defense, having a robust memory attestation scheme becomes increasingly important. Due to the resource-constrained nature of the sensor networks, it becomes increasingly important to protect the memory using only software methods. The existing attestation schemes use slow cryptographic hashes or checksum, and/or are based on pseudo-random memory traversal. A brief literature review of the existing software based attestation schemes, like Software Based Attestation for embedded devices (Seshadri et al., 2004), block-based approaches (AbuHmed, T. et al., 2009), Secure Code Update By Attestation (Seshadri et al., 2006), reflects the strength of pseudo-random memory traversal methods due to the randomness in the verification routine. However, it affects the performance, as more memory traversals are required for the memory attestation, which is given by Coupon Collector problem (Mitzenmacher, M., et al., 2005). Also, since the data is verified remotely by a base station, the memory contents of a node need to be stored at the attester side, so that the response summary can be matched with the expected value. Keeping the trade-off between security and performance in mind, this thesis work, explores a new approach named 'On-the-fly memory integrity protection scheme' which has been existing for memory attestation in general processors, and extend it to the sensor node architecture. The extended approach accommodates the necessary steps like authentication, noise-filling technique, initialization, code update and memory attestation, which are an important . The extended scheme makes use of universal hash function (NH) and the Merkle tree for multiple hashing. The use of Merkle tree to store the final hash at the base station, along with the Toeplitz approach helps in achieving an improved hash-collision probability. Also, with the modified version using Krawczyk's approach, the need of multiple keys in hashing is fulfilled by a single key.
Degree
M.S.
Advisors
Mili, Purdue University.
Subject Area
Information Technology|Computer science
Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server.