DABLS: Device Attestation with Bounded Leakage of Secrets (CMU-CyLab-13-010)
Use of commodity platforms for embedded systems makes it difficult to authenticate remote devices in the presence of malware and to obtain confirmation of malware-free device states in a verifiable manner. We propose a scheme for achieving these properties by installing and maintaining a pool of secrets in device memory that cannot be leaked by malware in its entirety via a bandwidth-limited (e.g., wireless) channel during a specified time epoch. Correct device operation limits malware leakage of pool content by updating the pool with fresh secrets. It is computationally infeasible for the adversary to compute the new pool given the limited information he was able to leak about the old pool within the specified time epoch. Verifier detection of a device’s failure to update the pool in a timely manner indicates the presence of active device malware and triggers remedial action (e.g., automated pool-content update, or manual device cleanup). Verified timely pool updates provide device authenticity, since all devices are initialized with independent pool secrets (i.e., pseudorandom values), and enable bringing the remote device to a malware-free state by removing malware from device memory. In this paper, we elaborate on these ideas and illustrate how our system complements the goals of cryptographic schemes that are resilient to continual but bounded secret-key leakage via side channels.