SeCA: Software Behavior-Enforced Collective Attestation for Highly Dynamic Device Networks

The Internet of Things and collaborative embedded device networks, such as vehicular networks, robots, and unmanned aerial vehicle swarms, are increasingly used in the real world. Such devices confront severe physical attacks and software compromises beyond the network threats. Collective attestation is a popular approach for verifying the security and integrity of remote devices. However, existing collective attestation approaches mitigating physical attacks focus only on attesting the devices’ static code integrity. They cannot resist the runtime compromises that hijack the control flow of the task programs. We propose SeCA, an efficient collective attestation framework that uses the trusted execution environment based self-attestation to withstand the runtime control-flow hijacking on the task programs of the networked devices. SeCA’s collective attestation protocol achieves efficient attestation evidence aggregation and uses a heartbeat mechanism to mitigate the physical attacks in highly dynamic networks. We implement SeCA on the Raspberry Pi 3b board. Compared to the state-of-the-art control-flow attestation approach, SeCA’s program instrumentation reduces the code size and runtime attestation overhead. Additionally, SeCA’s attestation report aggregation scheme reduces the per-device computational, storage, and communication overhead. Overall, SeCA is the first collective attestation that can resist both physical attacks and runtime control-flow hijacking, with competitive attestation performance compared to other collective attestation methods.