Visible to the public Securing Mobile Data Collectors by Integrating Software Attestation and Encrypted Data Repositories

TitleSecuring Mobile Data Collectors by Integrating Software Attestation and Encrypted Data Repositories
Publication TypeConference Paper
Year of Publication2018
AuthorsWon, J., Bertino, E.
Conference Name2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC)
Keywordsattestation, code attestation technique, composability, data encryption, data memory, data privacy, data repositories, drones, Encryption, group attestation scheme, Human Behavior, malicious physical/cyber attacks, Malware, mobile data collectors, privacy-sensitive data, private key cryptography, pubcrawl, Resiliency, secret key protection, secret keys, secure communications, security of data, software attestation, software integrity, software-based attestation, Table lookup, tampered drones, whitebox cryptography
AbstractDrones are increasingly being used as mobile data collectors for various monitoring services. However, since they may move around in unattended hostile areas with valuable data, they can be the targets of malicious physical/cyber attacks. These attacks may aim at stealing privacy-sensitive data, including secret keys, and eavesdropping on communications between the drones and the ground station. To detect tampered drones, a code attestation technique is required. However, since attestation itself does not guarantee that the data in the drones' memory are not leaked, data collected by the drones must be protected and secret keys for secure communications must not be leaked. In this paper, we present a solution integrating techniques for software-based attestation, data encryption and secret key protection. We propose an attestation technique that fills up free memory spaces with data repositories. Data repositories consist of pseudo-random numbers that are also used to encrypt collected data. We also propose a group attestation scheme to efficiently verify the software integrity of multiple drones. Finally, to prevent secret keys from being leaked, we utilize a technique that converts short secret keys into large look-up tables. This technique prevents attackers from abusing free space in the data memory by filling up the space with the look-up tables. To evaluate the integrated solution, we implemented it on AR.Drone and Raspberry Pi.
Citation Keywon_securing_2018