Reducing Trust Assumptions with OSCORE, RISC-V, and Layer 2 One-Time Passwords
2023 (English)In: Lecture Notes in Computer Science Volume 13877 Pages 389 - 405 2023, Springer Science and Business Media Deutschland GmbH , 2023, p. 389-405Conference paper, Published paper (Refereed)
Abstract [en]
In the Internet of things (IoT), traffic often goes via middleboxes, such as brokers or virtual private network (VPN) gateways, thereby increasing the trusted computing base (TCB) of IoT applications considerably. A remedy is offered by the application layer security protocol Object Security for Constrained RESTful Environments (OSCORE). It allows for basic middlebox functions without breaking end-to-end security. With OSCORE, however, traffic is routed to IoT devices largely unfiltered. This opens up avenues for remote denial-of-sleep attacks where a remote attacker injects OSCORE messages so as to cause IoT devices to consume more energy. The state-of-the-art defense is to let a trusted middlebox perform authenticity, freshness, and per-client rate limitation checks before forwarding OSCORE messages to IoT devices, but this solution inflates the TCB and hence negates the idea behind OSCORE. In this paper, we suggest filtering OSCORE messages in a RISC-V-based trusted execution environment (TEE) running on a middlebox that remains widely untrusted. To realize this approach, we also put forward the tiny remote attestation protocol (TRAP), as well as a Layer 2 integration that prevents attackers from bypassing our TEE. Experimental results show our remote denial-of-sleep defense to be lightweight enough for low-end IoT devices and to keep the TCB small. © 2023, The Author(s)
Place, publisher, year, edition, pages
Springer Science and Business Media Deutschland GmbH , 2023. p. 389-405
Keywords [en]
Authentication, Network security, Virtual private networks, Application layer securities, Breakings, End-to-end security, Energy, Layer 2, Middleboxes, Security protocols, Trust assumptions, Trusted computing base, Trusted execution environments, Internet of things
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:ri:diva-64399DOI: 10.1007/978-3-031-30122-3_24Scopus ID: 2-s2.0-85152544169ISBN: 9783031301216 (print)OAI: oai:DiVA.org:ri-64399DiVA, id: diva2:1755538
Conference
15th International Symposium on Foundations and Practice of Security, FPS 2022. Ottawa 12 December 2022 through 14 December 2022.
Note
Funding details: Stiftelsen för Strategisk Forskning, SSF, 2017-045989; Funding text 1: Acknowledgment. This work was carried out within the LifeSec project, which is funded by the Swedish Foundation for Strategic Research (grant 2017-045989).
2023-05-082023-05-082023-06-08Bibliographically approved