The Case for Energy-aware Trust Establishment in Dynamic Networks of

Cyber Physical Devices

Amruta Gokhale, John McCabe, Vinod Ganapathy, Ulrich Kremer

Motivation

• Wireless devices becoming ubiquitous• 1.39 billion phones sold in 2010, 302.6M were smart phones (Source: International Data Corporation market research)

Motivation

• Computing power can be exploited • Physical location can be exploited

Dynamic Networks Spontaneous, dynamic sets of cooperating devices Potentially mobile and heterogeneous Applications are location- and time-sensitive Applications are accountable for resource usage

Sample Application: Amber Alert

Sample Application: Amber Alert

Sample Application: Amber Alert

Dynamic Networks: Security Challenges Devices are untrusted May misbehave

Malicious intent Faulty software

Dynamic Networks: Security Challenges

Trust in Dynamic Networks

• How to trust the query requests– Mechanisms to establish authenticity of

launcher device• How to trust the query results

– Mechanisms to establish trustworthiness of launchee devices

Hardware Based Attestation

• One way to establish trust in dynamic networks

Verifier Device Prover Device

TPM Chip

Hardware Based Attestation Protocols

Verifier Device Prover Device

TPM Chip

Request Quote

Respond with Quote

Hardware Based Attestation Protocols

Verifier Device Prover Device

TPM Chip

Request Quote

PCR Contents

Measurement Log

Goal

• To measure and understand resource consumption of hardware based attestation protocols

• SARANA – Our prototype architecture

SARANA

• SARANA - Space-Aware, Resource-Aware Network Architecture Developed by Prof. Ulrich Kremer and his group

• Language, compiler, and run-time infrastructure• Parallel macroprogramming framework• Support for spatial and temporal constraints• Application-centric cost model / resource management

Execution Model

Launcher Device

Launchee Device

Launchee DeviceLaunchee Device

Query request

Query response

Aggregate results

Query execution

Attestation Model

Launcher Device

Launchee Device

Launchee DeviceLaunchee Device

Attestation Challenge

Attestation Model

Launcher Device

Launchee Device

Launchee DeviceLaunchee Device

Query request

Attestation + Query response

Verification

Attestation computation + Query execution

Attestation Model

Launcher Device

Launchee Device

Launchee DeviceLaunchee Device

Query request

Attestation + Query response

Aggregate results

Measurements

• Measurement of Time Energy

• Different Configurations Number of nodes in the network (10, 100,

1000, 10000) Increasing execution times of the task (0ms,

0.5ms, 1ms, 500ms) Programs of different complexity (single visit

operation, amber alert operation)

Experimental Setup

• Basis for measurementsTPM-enabled desktop machine Implemented Integrity Measurement

Architecture (IMA) protocolMeasured the execution time for prover and

verifierOther timings by profiling a Nokia N900

• Simulator Time measurements by modeling time

utilizationEnergy measurements based on resource

consumption

Evaluation of Time spent

Evaluation of Energy Consumption

Remote Attestation

Evaluation of Energy Consumption

Remote Attestation

Observations and Conclusion

• 97% energy spent in attestation for small payloads

• Remote attestation increases the energy budget of Amber Alert – like application by a factor of 2

• Trust Establishment protocols should be energy-conserving specially on resource-constrained devices

• Need to focus on energy efficiency of these protocols

Thank you!