FeSA: Automatic federated swarm attestation on dynamic large-scale IoT devices

Publication Type

Journal Article

Publication Date

7-2023

Abstract

Swarm attestation, as an important branch of Remote Attestation (RA), enables a trusted party (verifier) to verify the security states of multiple devices (provers) in a large network (swarm) simultaneously via a challenge-response mechanism. However, swarm attestation suffers from significant redundancy overhead since all devices in the swarm need to be attested in each attestation round. Besides, it faces challenges such as verifier-impersonation Denial of Service (DoS) attacks, highly dynamic networks, transient & self-relocating malware, and Time-Of-Check-Time-Of-Use (TOCTOU) attacks. In this paper, considering not only the detection accuracy but also the privacy of swarm owners in real Internet of Things (IoT) scenarios, we propose an Automatic Federated Swarm Attestation scheme (FeSA). Under this scheme, we design a federated-learning-based automatic swarm attestation protocol that enables the verifiers to identify the suspicious devices by a neural network model and then attest them. To the best of our knowledge, this is the first scheme to apply a federated learning method to RA, ruling out the redundancy attestation rounds while preserving data privacy. The FeSA redesigns the interaction model of RA by a challenge-query mechanism to reduce the overhead of an individual device to a constant. In order to evaluate our scheme, we first set up a smart office environment with 12 types of smart IoT devices for real-world data collection up to 21 days. Based on the real dataset, we demonstrate that FeSA can indeed identify the compromised IoT devices while reducing redundancy. We further simulate large-scale swarms of up to 1,000,000 devices to validate the efficiency of FeSA in large-scale swarms. Last, the security analysis proves the ability of FeSA to resist various attacks.

Keywords

Remote attestation, Internet of Things, federated learning

Discipline

Information Security

Research Areas

Cybersecurity

Publication

IEEE Transactions on Dependable and Secure Computing

Volume

20

Issue

4

First Page

2954

Last Page

2969

ISSN

1545-5971

Identifier

10.1109/TDSC.2022.3193106

Publisher

Institute of Electrical and Electronics Engineers

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1109/TDSC.2022.3193106

This document is currently not available here.

Share

COinS