PReFeR : P hysically Re lated F unction bas e d R emote Attestation Protocol

Remote attestation is a request-response based security service that permits a trusted entity (verifier) to check the current state of an untrusted remote device (prover). The verifier initiates the attestation process by sending an attestation challenge to the prover; the prover responds with its current state, which establishes its trustworthiness. Physically Unclonable Function (PUF) offers an attractive choice for hybrid attestation schemes owing to its low overhead security guarantees. However, this comes with the limitation of secure storage of the PUF model or large challenge-response database on the verifier end. To address these issues, in this work, we propose a hybrid attestation framework, named PReFeR , that leverages a new class of hardware primitive known as Physically Related Function (PReF) to remotely attest low-end devices without the requirement of secure storage or heavy cryptographic operations. It comprises a static attestation scheme that validates the memory state of the remote device prior to code execution, followed by a dynamic run-time attestation scheme that asserts the correct code execution by evaluating the content of special registers present in embedded systems, known as hardware performance counters (HPC). The use of HPCs in the dynamic attestation scheme mitigates the popular class of attack known as the time-of-check-time-of-use (TOCTOU) attack, which has broken several state-of-the-art hybrid attestation schemes. We demonstrate our protocol and present our experimental results using a prototype implementation on Digilent Cora Z7 board, a low-cost embedded platform, specially designed for IoT applications.