Sage Journals: Discover world-class research

Abstract

Cluster-based wireless sensor networks have advantages of scalability and efficient communication. However, a major security risk to cluster heads is a malicious code injection attack through which an adversary can completely control a cluster network to deliver fake data and obtain private data. Memory attestation scheme is an effective mechanism for attesting the firmware integrity of an embedded device. Unfortunately, existing hardware-based remote attestation scheme relying on a trusted platform module incurs a considerable storage overhead to cluster heads. Therefore, this article proposes a lightweight hardware-based remote attestation scheme that comprises two remote attestation protocols. A lightweight hardware security module without executing any complicated cryptographic computation is employed and can substantially reduce the development cost and energy consumption compared with the trusted platform module. In the proposed scheme, a base station can attest each individual cluster head while all cluster nodes can simultaneously attest their cluster head in regular intervals. Performance analysis indicates that the storage requirement for cluster heads is independent of the number of attestation sessions. Furthermore, the computational cost of cluster nodes for the proposed scheme is comparable to that of the trusted platform module–based scheme. The proposed scheme is particularly suitable for long-term applications based on lightweight cluster heads.

Keywords

Cluster-based wireless sensor network embedded devices malicious code remote attestation trusted computing platform

Introduction

Wireless sensor networks (WSNs) have been extensively employed in many mission-critical information systems¹ such as battlefield surveillance systems, healthcare monitoring systems, and advanced metering infrastructure. A WSN comprises a few base stations (or sinks) and a high number of sensor nodes for collection of environmental and physical data of a specific geographical area. Sensor nodes are generally constructed on the basis of the embedded devices with limited resources in computational power, memory capacity, and energy. The base stations have more computational capability and memory capacity compared with sensor nodes and deliver the sensed data to a backend management center for additional purposes.

A WSN is organized into several clusters for providing an energy-efficient deployment.² A low number of heterogeneous nodes serves as cluster heads. A cluster head is assigned to each cluster and aggregates the sensed data periodically provided by cluster nodes deployed in the same cluster. Furthermore, a cluster-based WSN has advantages of scalability and efficient communication.³ In general, the cluster nodes are deployed in a human-unreachable geographical area, and the cluster head acts as a gateway to manage network packets in a cluster; however, the cluster head becomes an attractive target for an adversary intent on compromising a cluster. Injection of malicious codes^4–6 into a cluster head enables the adversary to completely control the compromised cluster head, which then delivers the forged data to the base station, consequently compromising the security of the cluster-based WSN.

Remote attestation scheme is an effective mechanism that enables a verifier to remotely verify the firmware integrity of a prover. The prover convinces the verifier of its trustworthiness by providing an expected checksum of the program memory content. Software-based remote attestation schemes^7–9 employ a software-only verification function used for generating the checksum and depend on exact elapsed time measurement. However, such schemes are suitable only for one-hop communication between the verifier and the prover. Hardware-based schemes^10–12 rely on a trusted platform module (TPM) complying with the ISO/IEC 11889 standard.¹³ TPM is a high-level hardware security module (HSM) consisting of several cryptographic components, such as asymmetric key cryptosystem, pseudorandom number generator, and one-way hash function. In a cluster-based WSN, each cluster head can be equipped with a TPM for the purpose of remote attestation. However, the TPM-based scheme¹⁰ incurs a considerable storage overhead to the cluster heads because several hash values must be reserved.

This study focused on verifying the firmware integrity of a cluster head and considered the malicious codes residing in the program memory of a cluster head. Injecting malicious codes into the data memory engenders an unstable system state and restricts the behavior of the malicious codes because the data memory has limited capacity, reserved variables, and function stacks.¹⁴ The security concerns addressed in this study were twofold:

Before delivering the sensed data, all cluster nodes must ensure the trustworthiness of their cluster head for preventing the sensed data from being captured. Therefore, a “bottom-up” remote attestation protocol is proposed for attesting the cluster heads in regular intervals (e.g. 10 min).

Assume that the cluster nodes detect the existence of a compromised cluster head; the abnormal event cannot be reported to the base stations through the compromised cluster head. Therefore, a “top-down” remote attestation protocol that enables the base station to attest each individual cluster head is presented.

This article proposes a lightweight hardware-based remote attestation scheme that comprises the aforementioned bottom-up and top-down remote attestation protocols. In the proposed scheme, each cluster head is equipped with a lightweight HSM acting as a remote agent appointed by the base station. Such a remote agent need not execute any complicated cryptographic computation and only depends on some storage of parameters as well as basic arithmetic and logic operations. The proposed remote agent can therefore reduce the development cost and energy consumption compared with the TPM-based one. The performance analysis indicates that the energy consumption by the cluster heads is very low while the storage requirement for the cluster heads is independent of the number of attestation sessions. Furthermore, the computational cost of the cluster nodes is comparable to that of the TPM-based scheme.¹⁰ The proposed scheme is particularly suitable for long-term applications based on lightweight cluster heads.

The remainder of this article is organized as follows. Section “Review of TPM-based remote attestation scheme” briefly reviews the basics of trusted computing on the basis of TPM and the scheme of Krau $β$ et al.¹⁰ The security assumptions and attack model are described in section “Security assumptions and attack model of the cluster-based WSN.” Section “The proposed lightweight hardware-based remote attestation scheme” introduces the proposed scheme and presents the security analysis. In section “Performance analysis,” we provide a performance analysis of the proposed scheme. Related work of remote attestation schemes is reviewed in section “Other related work of remote attestation schemes.” Finally, section “Conclusion” concludes this article.

Review of TPM-based remote attestation scheme

Basics of trusted computing

The TPM is a cryptographic chip that is embedded on the motherboard of a primary platform and provides several security functionalities. Transitive trust is an integrity measurement process performed by the TPM. While the primary platform boots, the integrity measurement process is executed to measure each component in an order of booting sequence (e.g. BIOS ⇒ bootloader ⇒ operating system ⇒ applications). The measurement result (i.e. a 160-bit cryptographic digest) is then stored in a set of specialized platform configuration registers (PCRs) within the TPM. The TPM updates the measurement result by extending the current value stored in the PCR, that is, new PCR-stored value = H(current value ∥ measured result), where H(·) is a cryptographic hash function. Each time the primary platform reboots, all measurement results are reset. Therefore, occurrence of expected measurement results implies the trustworthiness of the primary platform.

The TPM provides a sealed storage technique, which encrypts or decrypts accordingly certain sensitive data associated with specific platform configurations. A sealing command uses the indices of several PCRs as inputs and involves a nonmigratable asymmetric key pair (e.g. RSA key pair) permanently stored in the TPM for encrypting or decrypting the sensitive data. Consider the following executed sealing command^13,15

Seal ((1, 3, 5), K_{S}, SD)

\to (C_{S}, MAC ((1, PC R_{1}), (3, PC R_{3}), (5, PC R_{5}), C_{S}))

where $SD$ , $K_{S}$ , $C_{S}$ , and $PC R_{i}$ denote the sensitive data, the nonmigratable asymmetric encryption key, the related ciphertext, and a measurement result stored in the ith PCR, respectively. When the sealing command is completed, the TPM outputs the $C_{S}$ and an integrity-protected PCR list. The PCR list records the measurement results, indices of the designated PCRs, and the related MAC. (The keyed-hash message authentication code algorithm suggested in the TPM standard is specified in the RFC 2104.¹⁶) Both the $C_{S}$ and PCR list are then stored in the memory of the primary platform. The sealed data are decrypted (unsealed) if all the expected measurement results stored in the designated ith PCRs are present. An unsealing command is therefore executed as follows ^13,15

Unseal (K_{S}^{- 1}, C_{S}, MAC ((1, PC R_{1}), (3, PC R_{3}),

(5, PC R_{5}), C_{S})) \to SD

where $K_{S}^{- 1}$ denotes the nonmigratable asymmetric decryption key. When the unsealing command is executed, the TPM verifies whether the integrity of the PCR list and $C_{S}$ holds and subsequently compares the present stored measurement results with those in the PCR list to determine whether they match. If the verifications are successful, the primary platform consequently receives the $SD$ from the TPM; otherwise, the TPM returns an error.

Review of the scheme of Krau $β$ et al

Krau $β$ et al.¹⁰ proposed a TPM-based remote attestation scheme that comprises the Periodic Broadcast Attestation Protocol (PBAP) and Individual Attestation Protocol (IAP). The PBAP enables all cluster nodes to periodically attest their cluster head, and the IAP enables a base station or a single cluster node to attest a single cluster head.

PBAP

In the PBAP, each cluster head is equipped with a TPM, and all cluster nodes simultaneously attest their cluster head at each time point. The PBAP employs the one-way hash chain and sealed storage techniques. The one-way hash chain technique involves repeatedly executing a one-way hash function over a secret seed S. For example, if a one-way hash function (e.g. SHA-1) is iteratively applied n times to S, each hash value in the one-way hash chain is denoted by $H^{t} (S)$ ( $1 \leq t \leq n$ ), as follows

H^{n} (S) \Leftarrow H^{n - 1} (S) \Leftarrow \dots \Leftarrow H^{n - t} (S) \Leftarrow \dots \Leftarrow H^{1} (S) \Leftarrow S

Before the deployment of the cluster heads, each cluster head preloads a one-way hash chain, and all related hash values are encrypted through the sealed storage technique. When a cluster is deployed, each cluster node keeps the hash value $H^{n} (S)$ of its related cluster head. At every period t, the cluster head unseals the hash value $H^{n - t} (S)$ after being successfully attested and then sends all cluster nodes the value $H^{n - t} (S)$ and an interval identifier $I_{t}$ . Every cluster node compares its local interval identifier $I'_{t}$ with the received one. If both identifiers match, the cluster nodes compute $H (H^{n - t} (S))$ to verify whether the result is equal to $H^{n - t + 1} (S)$ and retain $H^{n - t} (S)$ . Each hash value is a one-time token that implies the integrity of platform configurations of the cluster head. If an expected hash value can be sent to all cluster nodes, the cluster head convinces the cluster nodes of its trustworthiness.

IAP

The IAP enables a base station (or a cluster node) to attest a cluster head and is designed on the basis of the challenge-response technique. Before the deployment of the cluster heads, the base station and each cluster head establish a unique symmetric key $K_{BS, CH}^{I}$ , and $K_{BS, CH}^{I}$ stored in the cluster head is encrypted through the sealed storage technique. When the IAP is executed, the base station first encrypts a nonce $N_{BS}^{I}$ and unique identifier BID using $K_{BS, CH}^{I}$ and, subsequently, sends an attested cluster head the resulting ciphertext and BID as a challenge. The attested cluster head executes the unsealing command to retrieve $K_{BS, CH}^{I}$ used for decrypting the challenge, that is, $N_{BS}^{I'} ∥ BID' = D_{K_{BS, CH}^{I}} (E_{K_{BS, CH}^{I}} (N_{BS}^{I} ∥ BID))$ . The attested cluster head then re-encrypts $N_{BS}^{I'}$ and its unique identifier CID using $K_{BS, CH}^{I}$ and sends the base station the resulting ciphertext and CID as a response. The base station decrypts the response message to retrieve a nonce $N_{BS}^{I ″}$ , which is compared with $N_{BS}^{I}$ to determine whether they match. If the response is positive, the attested cluster head is trustworthy.

Security assumptions and attack model of the cluster-based WSN

In a cluster-based WSN, the base station is assumed to be free from an adversary and communicates with the cluster heads through a multihop communication, whereas the cluster nodes communicate with their cluster head through a one-hop communication. Therefore, the communication between the cluster head and the cluster nodes is reliable. Each cluster is assumed to be deployed through a secure initialization phase within a reasonably short period. In the initialization phase, the cluster head and all cluster nodes establish a common symmetric key $K_{CH, CN}$ , while the base station shares a unique symmetric key $K_{BS, CH}$ with each cluster head. However, the details of a key establishment scheme are not within the scope of this article. In a cluster, all cluster nodes send the sensed data to the cluster head at regular intervals (e.g. 10 min). Moreover, we assumed that the firmware on the cluster heads is optimally implemented on the basis of program execution time. Furthermore, it is assumed that the clocks of the cluster nodes and their cluster head are well synchronized.

A cluster head comprises two independent computing platforms: a primary platform and a lightweight HSM acting as a remote agent. The primary platform performs regular operations (e.g. data aggregation and command distribution) and can execute a one-way hash function and symmetric key cryptography (e.g. advanced encryption standard, AES). The remote agent is tamper-resistant and executes attestation-related operations. An external storage out of the primary platform can be used to store the sensed data. The access time of the external storage is practically longer than that of the memory inside the primary platform.

The adversary can remotely inject malicious codes into a fraction of cluster heads, and the compromised cluster heads can collude with each other as well as the adversary to eavesdrop, replay, and modify transmitted messages through wireless communication. The adversary is assumed to be aware of the exact program memory content of the cluster heads and completely controls the compromised cluster heads. Same as described in prior elapsed-time-measurement-oriented attestation schemes,^7,17 the adversary cannot deploy any powerful computing device in the WSN because introducing such computing devices increases the possibility of being detected. However, a few fake cluster heads with comparable computing power as those genuine cluster heads can be deployed in the WSN. Physical attacks on cluster heads such as speeding up the clock rate, enlarging the memory capacity, or adding hardware components will substantially consume the energy of these cluster heads. So, the lifetime of these cluster heads will be reduced and accordingly the attacks might become less powerful. Therefore, based on the same assumption made in most recent literature of remote attestation,^18,19 this study did not consider the physical attacks. Furthermore, a countermeasure to prevent the cluster nodes from being compromised did not be considered in this study because a potential attack can be achieved through a compromised cluster head (i.e. propagation of malicious codes through a compromised cluster head). A trusted cluster head can serve as a firewall to protect the cluster nodes against malicious code infection or as a verifier to attest each cluster node by employing existing software-based remote attestation schemes^7,8 that are particularly suitable for one-hop communication in a cluster.

The proposed lightweight hardware-based remote attestation scheme

The proposed scheme depends on a lightweight HSM, which acts as a remote agent appointed by the base station. This section defines three security requirements of the remote agent used for providing a reliable integrity validation. In this study, we also propose a hierarchical key management mechanism to reduce the storage requirement of the remote agent. Table 1 lists the notations used in the remainder of this article.

Table 1.

Notations.

Notations	Description
BS	Base station
CH	Cluster head
CN	Cluster node
CN*	All cluster nodes in a cluster
MK	Master secret key
$T_{Elp}$	Elapsed time of checksum computation
$T_{Thres}$	Threshold of valid elapsed time
CRP	Challenge-response pair
$C = E_{K} (M)$	Encryption using K as secret key
$M = D_{K} (C)$	Decryption using K as secret key

Integrity validation using the remote agent

Security requirements of the remote agent

The remote agent is tamper-resistant and is equipped with a processor and internal memory used for storing the firmware, temporary parameters, and critical sensitive parameters (CSPs). The security requirements of the remote agent are described as follows:

Access control. To prevent unauthorized access, any data stored in the remote agent cannot be read or modified without permission. In general, the access control mechanism can be implemented on the basis of an authentication scheme. Each remote agent preloads a unique authentication key ATK shared with the base station and then authenticates the requester depending on ATK when accessing stored data. Therefore, an entity with ATK is authorized to access the data stored inside the remote agent.

Built-in independent system clock. The remote agent has a built-in independent system clock, which is resistant to external tamper. When the integrity validation process is executed, the built-in independent system clock is used for measuring $T_{Elp}$ , which is one of the integrity evidences used to justify the trustworthiness of an attested primary platform.

CSPs. Before the deployment of the WSN, each remote agent preloads three CSPs for integrity validation purpose: (1) a unique CRP, (2) a unique MK, and (3) $T_{Thres}$ . In this article, the CRP denotes a pair of preloaded challenge and the corresponding checksum of the program memory content of the primary platform.

The proposed integrity validation scheme

In this study, the trustworthiness of a CH can be justified by a correct checksum generated within a predefined $T_{Thres}$ . In contrast to the existing schemes,^7,8 in this study, the built-in independent system clock inside the remote agent is employed to locally measure $T_{Elp}$ , which is independent of the wireless transmission delay. Both schemes^11,20 have demonstrated the effectiveness of local elapsed time measurement and therefore a remote attestation scheme employing such a technique is particularly suitable for a multihop communication between the verifier and the prover. Furthermore, an expected $T_{Elp}$ ensures that the checksum computation is executed under an uninterrupted environment. The preloaded CRP and $T_{Thres}$ prevent a remote agent from executing any cryptographic computation and thus substantially reduces the development cost and energy consumption for a CH. The details of the proposed integrity validation scheme are described as follows.

Before the deployment of the CH, the unused program memory space of the primary platform must be padded with random values to prevent a malicious code hiding attack.²¹ A checksum is then computed based on one-way hash function as follows

{\begin{matrix} h_{j} = H (h_{j - 1} \oplus M [j]), & for 2 \leq j \leq n \\ h_{1} = H (Chall \oplus M [1]), \end{matrix}

where Chall, M[j], $h_{j}$ , and $h_{n}$ denote a preloaded challenge, the jth block of the program memory, an intermediate digest, and the checksum, respectively. The aforementioned non-parallelizable checksum generation algorithm can prevent a collusion attack⁸ by which two (or several) compromised CHs can cooperatively compute the checksum within $T_{Thres}$ .

When attesting a CH, the primary platform requests the remote agent, which issues the preloaded challenge and marks a start time. A checksum associated with the program memory content and issued challenge is computed by the primary platform and is sent to the remote agent. Upon the receipt of the computed checksum, the remote agent marks an end time and computes $T_{Elp} = end time - start time$ . If the measured $T_{Elp}$ does not exceed $T_{Thres}$ , the computed checksum is compared with the preloaded one to determine whether they match. The primary platform is considered trustworthy if the checksum is correctly computed within $T_{Thres}$ . In particular, the issued challenge and the computed checksum must be removed from the memory after verifications. If the computed checksum or $T_{Elp}$ is unacceptable, the remote agent enters a lock state and no longer performs integrity validation process.

Hierarchy of the working keys

Two symmetric keys, namely $K_{BS, CH}$ and $K_{CH, CN}$ , are employed in the proposed scheme. If both keys are stored in the primary platform, a malicious code infection will result in a key disclosure vulnerability. Alternatively, $K_{BS, CH}$ and $K_{CH, CN}$ can be stored inside the remote agent to prevent unauthorized access. Because of the limited storage capacity of the remote agent, the storage size of “working keys” must be limited to a sufficiently small scale and therefore a hierarchical key management is required to reduce the storage requirement.

In the initialization phase, $K_{BS, CH}$ and $K_{CH, CN}$ are encrypted using MK, and both ciphertexts $C_{K_{BS, CH}} = E_{MK} (K_{BS, CH})$ and $C_{K_{CH, CN}} = E_{MK} (K_{CH, CN})$ are stored in the memory of the primary platform. Therefore, the remote agent only stores one MK, whereas the other working keys (i.e. $K_{BS, CH}$ and $K_{CH, CN}$ ) are stored in the memory of the primary platform in ciphertext. If the primary platform succeeds in the aforementioned integrity validation scheme, the MK used for decrypting the encrypted working keys can be released from the remote agent. Therefore, the proposed hierarchical key management mechanism guarantees that the working keys are being free from key disclosure vulnerability.

The proposed bottom-up remote attestation protocol

The bottom-up remote attestation protocol enables all CNs to simultaneously attest their CH for each period t before delivering sensed data. A counter-based one-time token is employed to justify the trustworthiness of the attested CH. In the initialization phase, the CH stores an initial value CTR that increments by 1 every time. The CTR is then sent to CN* after deployment of the cluster. An expected one-time token will be generated if the attested CH succeeds in the aforementioned integrity validation scheme. In contrast to the PBAP,¹⁰ in the proposed protocol, the CH stores only one CTR instead of a huge number of hash values. Therefore, the proposed bottom-up remote attestation protocol is particularly suitable for long-term applications based on lightweight CHs. Details of the proposed protocol are described as follows:

Step 1. When a certain period is reached, the CH requests the remote agent to execute the integrity validation scheme. If the attested primary platform is trustworthy, the primary platform obtains MK from the remote agent and retrieves $K_{CH, CN} = D_{MK} (C_{K_{CH, CN}})$ .

Step 2. An integrity proof $IPF = E_{K_{CH, CN}} (CTR + 1)$ is computed and sent to CN*. The primary platform then re-encrypts $K_{CH, CN}$ and replaces the old CTR with CTR+1. Finally, the MK, preloaded challenge, and computed checksum are removed from the memory of the primary platform.

Step 3. Every CN decrypts the received IPF using $K_{CH, CN}$ and verifies whether the plaintext is $CTR + 1$ . If the result matches, the CN replaces the old CTR with $CTR + 1$ ; otherwise, the attested CH is concluded to be a compromised one and will not receive sensed data from the CN.

The proposed top-down remote attestation protocol

In general, the BS communicates with CNs through the assistance of CHs, which serve as routers. It is unreasonable to expect a compromised CH itself to report an abnormal event after a failed bottom-up remote attestation protocol. Therefore, this article proposes a top-down remote attestation protocol through which the BS can attest each CH. The proposed protocol is designed on the basis of challenge-response technique, in which an expected response will be generated if the trustworthiness of the attested CH is ensured. In the proposed protocol, the packet sizes of the challenge and response messages are shorter than those in the works of Krau $β$ et al.¹⁰ Moreover, the attested CH does not execute an encryption computation for the response message. Therefore, the proposed protocol is more efficient than the IAP in terms of CH computation and network bandwidth, as shown subsequently:

Step 1. The BS encrypts a nonce $N_{BS}$ using $K_{BS, CH}$ and sends an attested CH the ciphertext $E_{K_{BS, CH}} (N_{BS})$ as an attestation challenge.

Step 2. The attested CH requests the remote agent to execute the integrity validation process. The MK is released from the remote agent if the primary platform is trustworthy. The primary platform retrieves $K_{BS, CH} = D_{MK} (C_{K_{BS, CH}})$ used for decrypting the attestation challenge and then sends the decrypted nonce $N'_{BS}$ to the BS. Finally, the primary platform re-encrypts $K_{BS, CH}$ and removes the MK, preloaded challenge, and computed checksum from the memory.

Step 3. The BS compares $N'_{BS}$ with $N_{BS}$ to determine whether they match. If these two nonces match, the attested CH convinces the BS of its trustworthiness; otherwise, it is concluded as a compromised one.

Security analysis

The security of the proposed scheme highly depends on the integrity validation process. If an infected CH fails in the integrity validation, the MK cannot be accessed to decrypt the ciphertexts $C_{K_{BS, CH}}$ and $C_{K_{CH, CN}}$ , and the expected IPF and $N'_{BS}$ cannot be generated without the keys $K_{BS, CH}$ and $K_{CH, CN}$ . Therefore, the trustworthiness of the CH is implicitly verified. Even if the resident malicious codes by some means obtain the preloaded challenge and the CTR stored in the memory of the primary platform, the corrupted program memory state leads to an incorrect checksum and a failed integrity validation; consequently, the remote agent will enter the lock state and no longer perform integrity validation process. Once CN* detect the existence of the infected CH, they will not deliver the sensed data for this period. This gives a guarantee that the sensed data are protected against being abused.

In a precomputation attack,⁸ the adversary can precompute an expected checksum before compromising a target CH. Then, the adversary stores the precomputed checksum in the infected CH. When attesting the compromised CH, it replies the precomputed checksum and consequently succeeds in the remote attestation. In the proposed integrity validation process, the challenge-response technique is employed between the primary platform and the remote agent. Once the remote attestation is completed, the preloaded challenge is removed from the memory of the primary platform. The adversary without the preloaded challenge cannot precompute the expected checksum.

The collusion attack⁸ enables two (or several) compromised CHs to cooperatively compute the checksum and the attested victim can gain the advantage of a correct $T_{Elp}$ . In the proposed scheme, the checksum generation is a non-parallelizable computation. (The $h_{j}$ highly depends on $h_{j - 1}$ .) Therefore, the collusion attack can be prevented.

In a code compression attack,²¹ the adversary can compress the original firmware codes installed within a compromised CH for obtaining available program memory space where the malicious codes can reside. During memory attestation process, the malicious codes decompress the compressed firmware codes to generate a correct checksum. Alternatively, the data substitution attack⁸ is to change the memory location storing the firmware codes. For example, the external storage is exploited to store the firmware codes while the malicious codes reside in the original program memory space. The malicious codes then read the firmware codes from the external storage for generating the correct checksum. Both the aforementioned attacks will incur a considerable overhead of $T_{Elp}$ , and the remote agent can only accept the correct checksum in a timely manner.

The random paddings deployed in the unused program memory space can protect the proposed integrity validation process from a malicious code hiding attack. In the demonstration of Castelluccia et al.,²¹ the malicious codes can be hidden by exploiting return-oriented programming technique. The malicious codes can store its copy in the external storage and remove itself from the unused program memory space. However, once the malicious codes reside in that memory space, the random paddings are overwritten and cannot be recovered. Such a corrupted memory state leads to an incorrect checksum.

In an on-off attack,²² a compromised CH behaves normally and maliciously alternately that gives the victim an opportunity to succeed in the remote attestation. In the proposed scheme, once the compromised CH is detected, the remote agent enters the lock state. The compromised CH may always update its memory content to keep a normal memory state permanently, but, however, this approach involves the assistance of the adversary and colluding CHs. The compromised CH will considerably consume the energy and become unavailable for the adversary.

The infected CH can compromise a CN to obtain the key $K_{CH, CN}$ and then succeeds in the bottom-up remote attestation protocol. However, the proposed top-down remote attestation protocol can enable the BS to attest each CH depending on the key $K_{BS, CH}$ . Once the compromised CH is detected, the BS can patch the victim. Such a patched CH then performs the existing remote attestation schemes^8,20 to attest each CN. Overall, the proposed remote attestation scheme can substantially reduce the burden of the BS to maintain the whole system integrity of a cluster-based WSN.

Replay attack by capturing transmitted messages can be prevented in the proposed scheme because the one-time tokens (i.e. IPF and $N'_{BS}$ ) are used in each attestation. Alternatively, the adversary may deploy a fake CH, which impersonates the genuine CH to communicate with CN* and BS. However, the unique MK stored in the remote agent cannot be duplicated and is used to authenticate the CH. Therefore, such an impersonation attack fails.

In contrast to the IAP,¹⁰ in the proposed top-down remote attestation protocol, the encrypted identifiers $BID$ and $CID$ are not included in the challenge and response messages. The authors of IAP¹⁰ claimed that inclusion of encrypted $BID$ could detect an adversary who modified the challenge message; however, if the adversary modified the response message, a verifier was difficult to distinguish whether either an attestation was failed or this message was modified by the adversary. Therefore, this study argues that prevention of a spoofing attack is still an open problem despite the inclusion of encrypted BID, particularly in a challenge-response model.

Performance analysis

In this section, we first estimate the energy consumption by a CH that determines the lifetime of the cluster-based WSN. We then analyze the required storage size of a CH because the CH needs to respond to periodical attestations requested by the CN*. So, the required storage size should not be dependent on the number of the attestation sessions for a lightweight CH. Third, an analysis of the computational cost of a CN is also provided because of its limited computational capability and limited energy capacity.

Analysis of energy consumption by cluster head

In this analysis, we have the following assumptions. Each CH performs the bottom-up remote attestation protocol every 10 min, while the top-down remote attestation protocol is invoked every 60 min. Each CH is equipped with 128 KB of program memory as well as two 1.5V AA batteries. A total capacity of the AA batteries is 2750 mAh that results in 29,700 J. With optimal implementation for low-cost embedded devices,²³ the energy consumptions of AES and HMAC based on SHA-1 incur 0.22 and 0.19 nJ/bit, respectively. We assume that the computational complexity of SHA-1 is comparable to that of the HMAC. Finally, the lifetime of the cluster-based WSN is 10 years.

The analysis of power consumption focuses on the primary cryptographic computations executed on the CH. The CH in either proposed remote attestation protocol requires three AES (128-bit) computations and one hash computation over 128 KB of program memory. The proposed scheme incurs approximately 33.48 mJ every day. Therefore, the energy consumption by one CH in 10 years incurs approximately 122.2 J. As a result, the ratio of energy consumption in the proposed scheme is about 0.4 % of the total power capacity.

Cluster head storage analysis

The notations of the parameters used in the PBAP and IAP are defined as follows. $L_{S}$ and $L_{C}$ denote the bit length of the nonmigratable asymmetric key pair ( $K_{S}$ and $K_{S}^{- 1}$ ) and a PCR-stored measurement result $PC R_{i}$ , respectively. The storage requirement of a TPM is $L_{S} + (r \cdot L_{C})$ , where r is the total number of PCRs designated for attestation purpose. $L_{H}, L_{Mac},$ and $L_{BH}$ denote the bit length of a sealed hash value, MAC value, and symmetric key $K_{BS, CH}^{I}$ , respectively. The storage requirement of a primary platform is $n \cdot (L_{H} + L_{Mac}) + L_{BH}$ , where n is the total number of required hash values. Therefore, the total storage requirement of the TPM-based scheme is $n \cdot (L_{H} + L_{Mac}) + L_{BH} + L_{S} + (r \cdot L_{C})$ .

In the proposed scheme, the bit length of ATK, MK, $K_{BS, CH}$ , $K_{CH, CN}$ , $T_{Thres}$ , CTR, and CRP are denoted by $L_{ATK}$ , $L_{MK}$ , $L_{SH}$ , $L_{HN}$ , $L_{T}$ , $L_{ctr}$ , and $L_{crp}$ , respectively. The storage requirement of a remote agent is $L_{ATK} + L_{MK} + L_{T} + L_{crp}$ ; therefore, the total storage requirement of a CH is $L_{ATK} + L_{MK} + L_{T} + L_{crp} + L_{SH} + L_{HN} + L_{ctr}$ . The results show that the storage requirement in the proposed scheme is independent of the number of attestation sessions. Therefore, the proposed bottom-up remote attestation protocol is particularly suitable for long-term applications based on lightweight CHs.

Cluster node computation analysis

In the proposed bottom-up attestation protocol, a CN requires one receipt for receiving the IPF, one decryption for decrypting the IPF, and one addition and one comparison (using the XOR logic operation) for verifying the IPF; each respective operation is denoted by $O_{Re}$ , $O_{De}$ $O_{Add}$ , and $O_{Cmp}$ . Therefore, the total computation of a CN is $O_{Re} + O_{De} + O_{Add} + O_{Cmp}$ .

In the PBAP, a CN uses one receipt for receiving an unsealed hash value and interval identifier $I_{t}$ in addition to one cryptographic hash computation, one addition, and two comparisons (using the XOR logic operation) for verifying the received hash value and $I_{t}$ . (The CN computes $I'_{t + 1}$ to determine whether the result is equal to the received $I_{t}$ .) Each respective operation is denoted by $O_{re}$ , $O_{hash}$ , $O_{add}$ , and $O_{cmp}$ . Hence, the total computation of a CN is $O_{re} + O_{hash} + O_{add} + 2 \cdot O_{cmp}$ . Therefore, in the proposed bottom-up remote attestation protocol, the computational cost of the cluster nodes is comparable to that of the PBAP. Table 2 shows a comparison between the proposed scheme and the TPM-based scheme from the storage requirement and computational cost perspectives.

Table 2.

Comparison between the proposed scheme and the TPM-based scheme.

	Proposed scheme	TPM-based scheme
Storage requirement of cluster head	$L_{ATK} + L_{MK} + L_{T} + L_{crp}$ + $L_{SH} + L_{HN} + L_{ctr}$	$n \cdot (L_{H} + L_{Mac}) + L_{BH}$ + $L_{S} + (r \cdot L_{C})$
Computational cost of cluster node	$O_{Re}$ + $O_{De}$ + $O_{Add}$ + $O_{Cmp}$	$O_{re}$ + $O_{hash}$ + $O_{add}$ + $2 \cdot O_{cmp}$
Cryptographic computation of remote agent or TPM	None	En(de)cryption of sealed storage and HMAC

TPM: trusted platform module.

Other related work of remote attestation schemes

Most existing remote attestation schemes focus on a distributed WSN and involve a verifier (a base station) and a prover (a sensor node). The proposed scheme particularly combines the advantages of these schemes. Table 3 presents a summary of the existing remote attestation schemes and proposed scheme in terms of design properties.

Table 3.

Summary of the existing schemes and the proposed scheme.

	Proposed scheme	Seshadri et al.;⁸Song et al.;⁹Yang et al.²⁴	Karame and Li;¹⁹Perito and Tsudik;²⁵Zhang and Liu²⁶	Yang et al.;¹⁴Kiyomoto and Miyake;¹⁸AbuHmed et al.²⁷	Tan et al.;¹²Defrawy et al.²⁸	Seshadri et al.;⁷Shaneck et al.²⁹	Park et al.³⁰	Schellekens et al.¹¹
Measurement of exact elapsed time	O	O	X	X	X	O	X	O
Random memory traversal approach	X	O	X	O	X	O	O	O
Deployment of random paddings	O	X	O	O	X	O	X	X
Additional hardware support	O	X	X	X	O	X	X	O

In the time-measurement-oriented software-based schemes,^7,8,29 a correct checksum must reach the verifier in a timely manner. However, the measurement of exact elapsed time is susceptible to unpredictable transmission delay, particularly in multihop communication. While an improved time-measurement-oriented scheme has been proposed,²⁴ but unfortunately this scheme involves all nodes along the forward and the backward paths of attestation and incurs a high system complexity. Song et al.⁹ proposed a one-way memory attestation scheme for addressing two man-in-the-middle attacks; however, such a scheme is vulnerable to an impersonation attack.

To protect the program memory and data memory from being corrupted, a segment of random paddings can be deployed in these memory spaces.^19,25,26 The prover must provide an associated guarantee of completing the random padding process; otherwise, the prover will be concluded as a compromised one. A memory replication attack can be prevented by a copy-proof memory section.³⁰ The accessed memory outputs valid data only if the prover receives an indicator (i.e. flag = 1) from the verifier; otherwise, it outputs random data.

Yang et al.¹⁴ employed the threshold secret sharing technique to design a distributed attestation scheme, in which the prover is attested through a collaboration of its neighbors. AbuHmed et al.²⁷ improved the block-based pseudorandom memory traversal approach¹⁴ and proposed two remote attestation schemes without depending on the measurement of exact elapsed time. Kiyomoto and Miyake¹⁸ proposed a lightweight distributed attestation scheme. In such a scheme, a compromised prover terminates itself to prevent the propagation of malicious codes after being detected.

Hardware-based remote attestation schemes usually employ a dedicated HSM (e.g. a TPM), which can be a tamper-resistant storage or an isolated environment. Both TPM-based schemes^11,12 have been proposed for attesting the system integrity of a primary platform. Defrawy et al.²⁸ proposed SMART relying on a dedicated circuit used for providing access control to a secret key. Such a scheme attests a fraction of the program memory content determined by the verifier and employs a read-only memory-resident verification function used for checksum generation.

Conclusion

Ensuring the trustworthiness of the cluster heads provides reliable data aggregation for the cluster-based WSN, and the trusted cluster heads can act as a firewall to protect the cluster nodes from malicious code injection attacks. This article presents a bottom-up and a top-down remote attestation protocols relying on a lightweight HSM. The cluster head can be attested periodically by the underlying cluster nodes and by the base station as well. The performance analysis indicates that the required storage size of the cluster heads is independent of the number of attestation sessions. Furthermore, the energy consumption by cluster heads is very low. The proposed scheme is particularly suitable for long-term applications based on lightweight cluster heads.

Footnotes

Acknowledgements

The authors would like to thank Mr. Chia-Wei Shih for his valuable discussion on our preliminary work of the proposed scheme.

Academic Editor: Vicente Traver

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This research was supported, in part, by the Ministry of Science and Technology of the Republic of China under contract MOST 104-2221-E-008-057-MY2.

References

Prasanna

Rao

. An overview of wireless sensor networks applications and security. Int J Soft Comput Eng 2012; 2: 538–540.

Heinzelman

Chandrakasan

Balakrishnan

. Energy-efficient communication protocol for wireless microsensor networks. In: Proceedings of the 33rd Hawaii international conference on system science, Maui, HI, 4–7 January 2000, pp.1–10. Washington, DC, USA: IEEE Computer Society.

Kumar

Aseri

Patel

. EEHC: energy efficient heterogeneous clustered scheme for wireless sensor networks. Comput Commun 2009; 32: 662–667.

Francillon

Castelluccia

. Code injection attacks on Harvard-architecture devices. In: Proceedings of the 15th ACM conference on computer and communications security, Alexandria, VI, 27–31 October 2008, pp.15–26. New York, NY, USA: ACM.

Noorani

. Towards self-propagate mal-packets in sensor networks. In: Proceedings of the 1st ACM conference on wireless network security, Alexandria, VI, 31 March–2 April 2008, pp.172–182. New York, NY, USA: ACM.

Giannetsos

Dimitriou

Krontiris

. Arbitrary code injection through self-propagating worms in Von Neumann architecture devices. Comput J 2010; 53: 1576–1593.

Seshadri

Perrig

Van Doorn

. SWATT: software-based attestation for embedded devices. In: Proceedings of the 25th IEEE symposium on security and privacy, Berkeley, CA, 9–12 May 2004, pp.272–282. New York: IEEE.

Seshadri

Luk

Perrig

. SCUBA: secure code update by attestation in sensor network. In: Proceedings of the 5th ACM workshop on wireless security, Los Angeles, CA, 29 September 2006, pp.85–94. New York: ACM.

Song

Seo

Park

. OMAP: one-way memory attestation protocol for smart meters. In: Proceedings of the 9th IEEE international symposium on parallel and distributed processing with applications, Busan, Korea, 26–28 May 2011, pp.111–118. New York: IEEE.

10.

Krauβ

Stumpf

Eckert

. Detecting node compromise in hybrid wireless sensor networks using attestation techniques. In: Proceedings of the 4th European conference on security and privacy in ad-hoc and sensor networks, Cambridge, 2–3 July 2007, pp.203–217. Berlin: Springer.

11.

Schellekens

Wyseur

Preneel

. Remote attestation on legacy operating systems with trusted platform modules. Sci Comput Program 2008; 74: 13–22.

12.

Tan

Jha

. A TPM-enabled remote attestation protocol (TRAP) in wireless sensor networks. In: Proceedings of the 6th ACM workshop on performance monitoring and measurement of heterogeneous wireless and wired networks, Miami, HI, 31 October–4 November 2011, pp.9–16. New York: ACM.

13.

ISO/IEC 11889:2009. Information technology-trusted platform module. Geneva: ISO, 2009.

14.

Yang

Wang

Zhu

. Distributed software-based attestation for node compromise detection in sensor networks. In: Proceedings of the 26th IEEE international symposium on reliable distributed systems, Beijing, China, 10–12 October 2007, pp.219–230. New York: IEEE.

15.

Parno

. The trusted platform module (TPM) and sealed storage. Report, June 2007, https://pdfs.semanticscholar.org/aef2/302f95342538bba6e180f5c65979d49412d5.pdf

16.

Krawczyk

Bellare

Canetti

. HMAC: keyed-hashing for message authentication. The Internet Engineering Task Force (IETF), RFC 2104, https://www.rfc-editor.org/pdfrfc/rfc2104.txt.pdf (1997, accessed 18 January 2017).

17.

Seshadri

Luk

Perrig

. SAKE: software attestation for key establishment in sensor networks. Ad Hoc Netw 2011; 9: 1059–1067.

18.

Kiyomoto

Miyake

. Lightweight attestation scheme for wireless sensor network. Int J Security Application 2014; 8: 25–40.

19.

Karame

. Secure erasure and code update in legacy sensors. In: Proceedings of the 8th international conference on trust and trustworthy computing, Heraklion, 24–26 August 2015, pp.283–299. Berlin: Springer.

20.

Yang

Yen

. Memory attestation of wireless sensor nodes by local trusted agents. In: Proceedings of the 14th IEEE international conference on trust, security, and privacy, Helsinki, 20–22 August 2015, pp.82–89. New York: IEEE.

21.

Castelluccia

Francillon

Perito

. On the difficulty of software-based attestation of embedded devices. In: Proceedings of the 16th ACM conference on computer and communications security, Chicago, IL, 9–13 November 2009, pp.400–409. New York: ACM.

22.

Chae

DiPippo

Sun

. Trust management for defending on-off attacks. IEEE T Parall Distrib Syst 2015; 26: 1178–1191.

23.

Kaps

Sunar

. Energy comparison of AES and SHA-1 for ubiquitous computing. In: Proceedings of the emerging directions in embedded and ubiquitous computing, Seoul, Korea, 1–4 August 2006, pp.372–381. Berlin: Springer.

24.

Yang

. Towards a low-cost remote memory attestation for the smart grid. Sensors 2015; 15: 20799–20824.

25.

Perito

Tsudik

. Secure code update for embedded devices via proofs of secure erasure. In: Proceedings of the 15th European symposium on research in computer security, Athens, 20–22 September 2010, pp.643–662. Berlin: Springer.

26.

Zhang

Liu

. DataGuard: dynamic data attestation in wireless sensor networks. In: Proceedings of the 40th annual IEEE/IFIP international conference on dependable systems and networks, Chicago, IL, 28 June–1 July 2010, pp.261–270. New York: IEEE.

27.

AbuHmed

Nyamaa

Nyang

. Software-based remote code attestation in wireless sensor network. In: Proceedings of the 28th IEEE global telecommunications conference, Honolulu, HI, 30 November–4 December 2009, pp.4680–4687. New York: IEEE.

28.

Defrawy

Francillon

Perito

. SMART: secure and minimal architecture for (establishing dynamic) root of trust. In: Proceedings of the 19th annual network and distributed system security symposium, San Diego, CA, 5–8 February 2012.

29.

Shaneck

Mahadevan

Kher

. Remote software-based attestation for wireless sensors. In: Proceedings of the 2nd European workshop on security and privacy in ad-hoc and sensor networks, Visegrad, 13–14 July 2005, pp.27–41. Berlin: Springer.

30.

Park

Seo

Lee

. SMATT: smart meter attestation using multiple target selection and copy-proof memory. In: Proceedings of the 4th FTRA international conference on computer science and its applicationsJeju, Korea, 22–25 November 2012, pp.875–887. Dordrecht: Springer.

SARA: Sandwiched attestation through remote agents for cluster-based wireless sensor networks

Abstract

Keywords

Introduction

Review of TPM-based remote attestation scheme

Basics of trusted computing

Review of the scheme of Krau β et al

PBAP

IAP

Security assumptions and attack model of the cluster-based WSN

The proposed lightweight hardware-based remote attestation scheme

Integrity validation using the remote agent

Security requirements of the remote agent

The proposed integrity validation scheme

Hierarchy of the working keys

The proposed bottom-up remote attestation protocol

The proposed top-down remote attestation protocol

Security analysis

Performance analysis

Analysis of energy consumption by cluster head

Cluster head storage analysis

Cluster node computation analysis

Other related work of remote attestation schemes

Conclusion

Footnotes

Acknowledgements

Declaration of conflicting interests

Funding

References

Review of the scheme of Krau $β$ et al