|
|
<!doctype html>
|
|
|
<html lang="en">
|
|
|
<head>
|
|
|
<title>Review of Petzi et al. 2022</title>
|
|
|
<link rel="stylesheet" href="node_modules/reveal.js/dist/reveal.css">
|
|
|
<link rel="stylesheet" href="node_modules/reveal.js/dist/theme/night.css">
|
|
|
<link rel="stylesheet" href="node_modules/reveal.js/plugin/highlight/zenburn.css">
|
|
|
<link rel="stylesheet" href="node_modules/reveal.js-drawer/dist/drawer.css">
|
|
|
<link rel="stylesheet" href="lib/attribution/plugin.css">
|
|
|
</head>
|
|
|
<body>
|
|
|
<div class="reveal">
|
|
|
<div class="slides">
|
|
|
<section style="text-align: left">
|
|
|
<b>SCRAPS</b>:<br><b>S</b>calable <b>C</b>ollective <b>R</b>emote <b>A</b>ttestation for <b>P</b>ub-<b>S</b>ub IoT Networks with Untrusted Proxy Verifier
|
|
|
<br><br>
|
|
|
<small><i>Petzi et al.</i> 2022 (31st USENIX Security Symposium, pp. 3484-3501)</small>
|
|
|
<br><small>Summary: Garrett Mills <glm@ku.edu><br>
|
|
|
<i style="color: #888">https://garrettmills.dev/go/scraps</i></small>
|
|
|
</section>
|
|
|
<section>
|
|
|
<b>Attestation</b> <i>(noun)</i> - the activity of making a claim to an appraiser about the properties of a target by supplying evidence which
|
|
|
supports that claim. <small><i>[1]</i></small>
|
|
|
</section>
|
|
|
<section>
|
|
|
<b>Smart Contracts</b> <i>(noun)</i> - scripts stored on the blockchain. The contracts have their own state, and are triggered by messages/transactions
|
|
|
sent to their respective addresses. <small><i>[2]</i></small>
|
|
|
</section>
|
|
|
<section>
|
|
|
<b>Challenges adapting RA to IoT:</b><br><br>
|
|
|
|
|
|
<ol>
|
|
|
<li>IoT relies on asynchronous channels</li>
|
|
|
<li>IoT devices may go offline to save power</li>
|
|
|
<li>IoT networks use untrusted brokers</li>
|
|
|
</ol>
|
|
|
</section>
|
|
|
<section>
|
|
|
<b>SCRAPS</b><br><br>
|
|
|
<ul>
|
|
|
<li>Manufacturer's SC (config)</li>
|
|
|
<li>ProxyVerifier SC (appraiser)</li>
|
|
|
<li>Prover (target)</li>
|
|
|
<li>Verifier (requester)</li>
|
|
|
</ul>
|
|
|
</section>
|
|
|
<section data-transition="none" style="text-align: left">
|
|
|
<ol style="font-size: 0.75em;">
|
|
|
<li><b>Prover registers with Broker</b></li>
|
|
|
<li>Prover computes measurement using chain hash</li>
|
|
|
<li>ProxyVerifier appraises evidence using config & freshness</li>
|
|
|
<li>Verifier requests appraisal from ProxyVerifier</li>
|
|
|
</ol>
|
|
|
</section>
|
|
|
<section data-transition="none" style="text-align: left">
|
|
|
<ol style="font-size: 0.75em;">
|
|
|
<li>Prover registers with Broker</li>
|
|
|
<li><b>Prover computes measurement using chain hash</b></li>
|
|
|
<li>ProxyVerifier appraises evidence using config & freshness</li>
|
|
|
<li>Verifier requests appraisal from ProxyVerifier</li>
|
|
|
</ol>
|
|
|
</section>
|
|
|
<section data-transition="none" style="text-align: left">
|
|
|
<ol style="font-size: 0.75em;">
|
|
|
<li>Prover registers with Broker</li>
|
|
|
<li>Prover computes measurement using chain hash</li>
|
|
|
<li><b>ProxyVerifier appraises evidence using config & freshness</b></li>
|
|
|
<li>Verifier requests appraisal from ProxyVerifier</li>
|
|
|
</ol>
|
|
|
</section>
|
|
|
<section data-transition="none" style="text-align: left">
|
|
|
<ol style="font-size: 0.75em;">
|
|
|
<li>Prover registers with Broker</li>
|
|
|
<li>Prover computes measurement using chain hash</li>
|
|
|
<li>ProxyVerifier appraises evidence using config & freshness</li>
|
|
|
<li><b>Verifier requests appraisal from ProxyVerifier</b></li>
|
|
|
</ol>
|
|
|
</section>
|
|
|
<section>
|
|
|
<img src="img/fig-6.png" alt="Figure 6" style="filter: invert(100%);">
|
|
|
</section>
|
|
|
<section>
|
|
|
<img src="img/fig-8.png" alt="Figure 8" style="filter: invert(100%);">
|
|
|
</section>
|
|
|
|
|
|
<section data-background-image="img/live-laugh-learn.jpg">
|
|
|
<div style="background: rgba(0, 0, 0, 0.4)">
|
|
|
<h3>Smart Contracts</h3>
|
|
|
</div>
|
|
|
</section>
|
|
|
|
|
|
<section>
|
|
|
<b>Stength:</b> Problem/architecture formulation
|
|
|
</section>
|
|
|
|
|
|
<section>
|
|
|
<b>Strength:</b> Performance
|
|
|
</section>
|
|
|
|
|
|
<section>
|
|
|
<b>Strength:</b> Appraiser is as secure as the chain
|
|
|
</section>
|
|
|
|
|
|
<section style="font-size: 0.9em">
|
|
|
<b>Strength:</b> Use of blockchain eliminates some attacks
|
|
|
</section>
|
|
|
|
|
|
<section style="font-size: 0.9em">
|
|
|
<b>Weakness:</b> Interaction between freshness and sleep
|
|
|
</section>
|
|
|
|
|
|
<section style="font-size: 0.9em">
|
|
|
<b>Weakness:</b> Limited appraisal & trust flexibility
|
|
|
</section>
|
|
|
|
|
|
<section style="font-size: 0.9em">
|
|
|
<b>Weakness:</b> Determination of $T_{min}$ and $T_{exp}$
|
|
|
</section>
|
|
|
|
|
|
<section style="font-size: 0.9em">
|
|
|
<b>Weakness:</b> Depends on manufacturer's pub-key to verify
|
|
|
</section>
|
|
|
|
|
|
<section style="font-size: 0.9em">
|
|
|
<b>Weakness:</b> Evidence & appraisal privacy
|
|
|
</section>
|
|
|
|
|
|
<section style="font-size: 0.9em">
|
|
|
<b>Future work:</b> Formal verification of ProxyVerifier
|
|
|
</section>
|
|
|
|
|
|
<section style="font-size: 0.9em">
|
|
|
<b>Future work:</b> SC-based flexible mechanisms
|
|
|
</section>
|
|
|
|
|
|
<section style="font-size: 0.9em">
|
|
|
<b>Future work:</b> SC-based flexible mechanisms <i>(reprise)</i>
|
|
|
</section>
|
|
|
|
|
|
<section>
|
|
|
<b>References</b>
|
|
|
<br>
|
|
|
<br>
|
|
|
<div style="text-align: left; font-size: 0.5em;">
|
|
|
<p>[0] Petzi, Lukas, Ala Eddine Ben Yahya, Alexandra Dmitrienko, Gene Tsudik, Thomas Prantl, and Samuel Kounev. “SCRAPS: Scalable Collective Remote Attestation for Pub-Sub IoT Networks with Untrusted Proxy Verifier,” 2022, 18.</p>
|
|
|
<p>[1] Coker, George, Joshua Guttman, Peter Loscocco, Amy Herzog, Jonathan Millen, Brian O’Hanlon, John Ramsdell, Ariel Segall, Justin Sheehy, and Brian Sniffen. “Principles of Remote Attestation.” International Journal of Information Security 10, no. 2 (June 2011): 63–81. https://doi.org/10.1007/s10207-011-0124-7.</p>
|
|
|
<p>[2] Christidis, Konstantinos, and Michael Devetsikiotis. “Blockchains and Smart Contracts for the Internet of Things.” IEEE Access 4 (2016): 2292–2303. https://doi.org/10.1109/ACCESS.2016.2566339.</p>
|
|
|
<p>[3] Helble, Sarah C., Ian D. Kretz, Peter A. Loscocco, John D. Ramsdell, Paul D. Rowe, and Perry Alexander. “Flexible Mechanisms for Remote Attestation.” ACM Transactions on Privacy and Security 24, no. 4 (September 30, 2021): 29:1-29:23. https://doi.org/10.1145/3470535.</p>
|
|
|
</div>
|
|
|
</section>
|
|
|
<!--<section>Hello, World!</section>
|
|
|
<section>
|
|
|
Slide 2!
|
|
|
|
|
|
<span class="attribution">
|
|
|
Template courtesy of <a target="_blank" href="https://code.garrettmills.dev/garrettmills/slides">my template</a>.
|
|
|
</span>
|
|
|
</section>
|
|
|
<section data-markdown>
|
|
|
<textarea data-template>
|
|
|
## Slide 3
|
|
|
This is a markdown slide!
|
|
|
|
|
|
- note1
|
|
|
- note2
|
|
|
- note3
|
|
|
|
|
|
```js
|
|
|
const a = `Hello, ${name}!`
|
|
|
```
|
|
|
---
|
|
|
## Slide 4
|
|
|
This contains some katex.
|
|
|
`$$\cfrac{(v, c) \Downarrow v'}{(v, c) \rightarrow v'}$$`
|
|
|
</textarea>
|
|
|
</section>-->
|
|
|
</div>
|
|
|
</div>
|
|
|
<script src="node_modules/reveal.js/dist/reveal.js"></script>
|
|
|
<script src="node_modules/reveal.js/plugin/markdown/markdown.js"></script>
|
|
|
<script src="node_modules/reveal.js/plugin/highlight/highlight.js"></script>
|
|
|
<script src="node_modules/reveal.js/plugin/math/math.js"></script>
|
|
|
<script src="node_modules/reveal.js/plugin/notes/notes.js"></script>
|
|
|
<script src="node_modules/reveal.js/plugin/search/search.js"></script>
|
|
|
<script src="node_modules/reveal.js-drawer/dist/drawer.js"></script>
|
|
|
<script src="lib/attribution/plugin.js"></script>
|
|
|
<script>
|
|
|
Reveal.initialize({
|
|
|
plugins: [
|
|
|
RevealMarkdown,
|
|
|
RevealHighlight,
|
|
|
RevealMath.KaTeX,
|
|
|
RevealNotes,
|
|
|
RevealSearch,
|
|
|
RevealDrawer,
|
|
|
RevealAttribution,
|
|
|
],
|
|
|
progress: false,
|
|
|
hash: true,
|
|
|
hideCursorTime: 2000,
|
|
|
});
|
|
|
</script>
|
|
|
</body>
|
|
|
</html>
|