HAtt: Hybrid Remote Attestation for the Internet of Things With High Availability

The critical and sensitive nature of data that the Internet-of-Things (IoT) devices produce makes them an attractive target for cyber attacks. Among the various types of attacks, malware is becoming a major concern for the IoT device. This article proposes a remote attestation protocol, hybrid remote attestation, which ensures the high availability of IoT devices during the software attestation process. The proposed attestation technique uses a randomized approach to attest different parts of an IoT device's memory. We use physical unclonable functions (PUFs) to protect the secrets of an IoT device from physical attacks. The security analysis shows that the proposed attestation technique can effectively detect roving malware. Implementation of the proposed protocol on Raspberry Pi and AVR/ARM-based ATMEL microcontrollers and comparison with existing techniques shows that the proposed protocol results in significantly higher availability and lower energy consumption.