Towards Remotely Verifiable Software Integrity in Resource-Constrained IoT Devices
Ivan De Oliveira Nunes, Sashidhar Jakkamsetti, Norrathep Rattanavipanon, Gene Tsudik
TL;DR
The paper addresses securing software on resource-constrained IoT MCUs by surveying a progression of integrity proofs: remote attestation ($\\mathsf{RA}$), proofs of execution ($\\mathsf{PoX}$), control-flow attestation ($\\mathsf{CFA}$), and data-flow attestation ($\\mathsf{DFA}$). It analyzes hardware-software co-design approaches (Sancus, SMART, $\\mathsf{VRASED}$, $\\mathsf{RATA}$, and $\\mathsf{APEX}$) and instrumentation-based techniques (Tiny-CFA, DIALED) that enable verifiable evidence with varying overheads. It provides qualitative and quantitative comparisons on low-cost MCUs (OpenMSP430), highlighting the tradeoffs between security expressiveness and resource costs. The work also outlines open problems—formal verification for CFA/DFA, higher-end device applicability, efficiency improvements, auditing challenges, and swarm-scale attestation—guiding future research toward practical, scalable, and robust remote software integrity for constrained devices.
Abstract
Lower-end IoT devices typically have strict cost constraints that rule out usual security mechanisms available in general-purpose computers or higher-end devices. To secure low-end devices, various low-cost security architectures have been proposed for remote verification of their software state via integrity proofs. These proofs vary in terms of expressiveness, with simpler ones confirming correct binary presence, while more expressive ones support verification of arbitrary code execution. This article provides a holistic and systematic treatment of this family of architectures. It also compares (qualitatively and quantitatively) the types of software integrity proofs, respective architectural support, and associated costs. Finally, we outline some research directions and emerging challenges.