Strategic Remote Attestation: Testbed for Internet-of-Things Devices and Stackelberg Security Game for Optimal Strategies

Shanto Roy, Salah Uddin Kadir, Yevgeniy Vorobeychik, Aron Laszka

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

Internet of Things (IoT) devices and applications can have significant vulnerabilities, which may be exploited by adversaries to cause considerable harm. An important approach for mitigating this threat is remote attestation, which enables the defender to remotely verify the integrity of devices and their software. There are a number of approaches for remote attestation, and each has its unique advantages and disadvantages in terms of detection accuracy and computational cost. Further, an attestation method may be applied in multiple ways, such as various levels of software coverage. Therefore, to minimize both security risks and computational overhead, defenders need to decide strategically which attestation methods to apply and how to apply them, depending on the characteristic of the devices and the potential losses. To answer these questions, we first develop a testbed for remote attestation of IoT devices, which enables us to measure the detection accuracy and performance overhead of various attestation methods. Our testbed integrates two example IoT applications, memory-checksum based attestation, and a variety of software vulnerabilities that allow adversaries to inject arbitrary code into running applications. Second, we model the problem of finding an optimal strategy for applying remote attestation as a Stackelberg security game between a defender and an adversary. We characterize the defender’s optimal attestation strategy in a variety of special cases. Finally, building on experimental results from our testbed, we evaluate our model and show that optimal strategic attestation can lead to significantly lower losses than naïve baseline strategies.

Original languageEnglish (US)
Title of host publicationDecision and Game Theory for Security - 12th International Conference, GameSec 2021, Proceedings
EditorsBranislav Bošanský, Cleotilde Gonzalez, Stefan Rass, Stefan Rass, Arunesh Sinha
PublisherSpringer Science and Business Media Deutschland GmbH
Pages271-290
Number of pages20
ISBN (Print)9783030903695
DOIs
StatePublished - 2021
Event12th International Conference on Decision and Game Theory for Security, GameSec 2021 - Virtual, Online
Duration: Oct 25 2021Oct 27 2021

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13061 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference12th International Conference on Decision and Game Theory for Security, GameSec 2021
CityVirtual, Online
Period10/25/2110/27/21

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Strategic Remote Attestation: Testbed for Internet-of-Things Devices and Stackelberg Security Game for Optimal Strategies'. Together they form a unique fingerprint.

Cite this