Log-Based Control Flow Attestation For Embedded Devices

Remote attestation is a very important mechanism helping a trusted party to get the status of a remote embedded device. Most remote attestation schemes aim at checking the code integrity and leave devices vulnerable to runtime attacks. Recently a new kind of attestation called control flow attestation has been proposed to get rid of this limitation. However, previous studies on control flow attestation cannot verify the attestation result efficiently and lack secure storage.In this paper, we present a log-based attestation scheme that not only can attest the control flow path of programs on embedded devices but also can verify the attestation result very efficiently. We use a lightweight root of trust in our attestation. We implement our system on Hikey board using ARM TrustZone security extension. We evaluate the performance using a popular embedded device benchmark Mibench and demonstrate that our scheme has a high security assurance and a good performance.