Loading Events

« All Events

  • This event has passed.

Demo webinar on Attestation Primitives

31/05/2023 @ 10:30 am 12:30 pm

ASSURED CyberSecurity and Insider Threats: Towards Practical Solutions for Efficient and Scalable Attestation Capabilities

Seeking to design successful supply chain service management and various IoT applications comprising millions of autonomous cyber-physical systems, one has to cater to the security, trust and privacy requirements of all involved actors (i.e., smart connected edge and cloud devices). One key challenge in such complex systems is how to establish and manage trust, starting from bi-lateral interactions between two single system components and continuing as such systems get connected to ever larger entities.

But how can we make sound statements on the security properties of single systems and transfer this to statements on the security properties of hierarchical compositions of systems (“Systems-of-Systems” (SoS))?

Towards this direction, there is a plethora of research initiatives exploring the integration of remote attestation mechanisms, as a central building block for the trusted exchange of data as well as for secure device management. In a nutshell, remote attestation mechanisms operate on a network that comprises thousands of low-end (collaborating) edge devices that work together to support a safety-critical decision process based on measurements received from many deployed actuators. In this context, the underlying protocols should not only be able to handle all the messages originating from these devices but also actuators need to verify that all platforms from which they receive data are uncompromised (integrity) while also having the minimum possible performance impact.

Especially for the latter, one of the core challenges that limit the adoption of attestation mechanisms in embedded systems, is the computational requirements needed for extracting the runtime configuration and executional behavior measurements of a system. While there has been a lot of work on memory introspection approaches enabling the real-time tracing of the control- and information-flow execution paths of a device’s codebase (needed for runtime attestation), these are still prone to criticism: Pure SW-based techniques, while efficient, offer dubious security guarantees. Most hardware-based techniques are too costly for low-end embedded devices.

Compounding these issues, ASSURED invites you to its second webinar focusing on the novel ideas and methodologies it has researched for overcoming the obstacles that prevent the use of remote attestation in practice. Participants will be introduced to the highly efficient attestation schemes designed targeting both the software and hardware layers of a devices and covering all phases of a device’s execution; from the trusted boot and integrity measurement of a CPS, enabling the generation of static, boot-time or load-time evidence of the system’s components correct configuration (Configuration Integrity Verification), to the runtime behavioral attestation of those safety-critical components of a system providing strong guarantees on the correctness of the control- and information-flow properties, thus, enhancing the performance and scalability when composing secure systems from potentially insecure components. Especially for the latter, ASSURED will present its break through leveraging AI capabilities for enhancing both the accuracy of control-flow attestation mechanisms but also their resilience profile against Return-Oriented and Data-Oriented Programming attacks, thus, providing enhanced operation assurance and bringing us closer to the overall goal of having a complete toolkit capable of deciding about the trustworthiness of remote platforms based on meaningful properties.  

The webinar will be held remotely on Wednesday, May 31st between 10:00 – 12:30 CEST with the help of Ubitech and the Computer Science department of TU Darmstadt.


Dimitris Karras, UBITECH

This talk will provide an overview on the core activities that have been performed in the context of ASSURED towards the creation of advanced operational assurance mechanisms for securing complex service graph chains. Particular focus will be given on the entire architecture listing the core pillars (remote attestation of properties, dynamic real-time risk assessment, and enforcement of self-learning adaptable policies) that have been investigated towards enabling and SoS to withstand an even prolonged siege by a pre-determined attacker with known or unknown capabilities. As the system can dynamically adapt to its security and safety state.

Slides available here.

Marco Chilese, Richard Mitev, Technical University of Darmstadt

This talk will provide the implementation details and underpinnings of ASSURED’s novel ML-assisted Control-Flow Attestation mechanism. Details will be presented on the type of classification techniques employed, the reasoning behind the design choices as well as results that showcase the efficiency and accuracy of such advanced schemes against both control and non-control attacks.

Slides available here.

Alexandros Sampanis, UBITECH

This talk will provide the implementation details of a novel attestation scheme that focuses on the verification of the correct configuration properties of a system. We will also present how to convert such schemes into privacy-friendly security tokens through the addition of zero-knowledge mechanisms.

Slides available here.

Stefanos Vasileiadis, UBITECH

In this talk, we will focus on the Direct Anonymous Attestation protocol and present its usage both as an enabler for ensuring privacy-preserving platform authentication but also for secure identity management. Especially for the latter, we will showcase how the use of DAA primitives can enhance the security of a user’s/device’s wallet in managing all credentials and certificates by leveraging HW-based trust anchors.

Slides available here.