Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

PACCOR4ESP: Embedded Device Security Attestation using Platform Attribute Certificates

Thomas Grübl, Jan von der Assen, Markus Knecht, Burkhard Stiller

TL;DR

PACCOR4ESP presents a single-device hybrid attestation approach for embedded systems by extending NSA’s Platform Attribute Certificate Creator (PACCOR) to the ESP32-S3, enabling generation of TC G Platform Attribute Certificates (PACs) that encode comprehensive hardware and software characteristics. The design couples ESP32-side attestation with a verifier-side PAC creation and validation workflow, including two verification modes ($approach_1$ and $approach_2$) and deterministic signing to support ground-truth comparison and component-level checks. Runtime evaluations show ESP32-S3 attestation completes under 550 ms, EK-reference extraction from ATECC608B around 149 ms, and final PACs of about 2 KB, supporting scalable deployment with low overhead. The work also analyzes security considerations against GPIO, firmware, ELF tampering, and ROP threats, and discusses integration opportunities with RAS, CRAFT, and SEDA to broaden PAC-based attestation across heterogeneous embedded ecosystems.

Abstract

Verifying the integrity of embedded device characteristics is required to ensure secure operation of a device. One central challenge is to securely extract and store device-specific configurations for future verification. Existing device attestation schemes suffer from notable limitations, including a lack of standardization and a failure to encompass all hardware and software aspects inherent to a platform. This paper proposes an extension of the NSA Cybersecurity Directorate's Platform Attribute Certificate Creator (PACCOR) for the ESP32, a widely-used microcontroller series. Platform Attribute Certificates store device characteristics as per the Trusted Computing Group's Platform Certificate Profile. As of today, there is little research on hybrid attestation schemes utilizing Platform Attribute Certificates on embedded devices, which this work addresses. This paper presents a collection of attacks that can be detected using PACCOR4ESP. The toolkit extracts security-relevant information from an ESP32-S3, such as the firmware hash, bootloader hash, GPIO pin configuration, and a reference to the endorsement key of the secure element, and automatically embeds it into a Platform Attribute Certificate. Lastly, this work shows how PACCOR4ESP can be integrated with existing embedded device attestation frameworks, such as RAS, CRAFT, and SEDA.

PACCOR4ESP: Embedded Device Security Attestation using Platform Attribute Certificates

TL;DR

PACCOR4ESP presents a single-device hybrid attestation approach for embedded systems by extending NSA’s Platform Attribute Certificate Creator (PACCOR) to the ESP32-S3, enabling generation of TC G Platform Attribute Certificates (PACs) that encode comprehensive hardware and software characteristics. The design couples ESP32-side attestation with a verifier-side PAC creation and validation workflow, including two verification modes ( and ) and deterministic signing to support ground-truth comparison and component-level checks. Runtime evaluations show ESP32-S3 attestation completes under 550 ms, EK-reference extraction from ATECC608B around 149 ms, and final PACs of about 2 KB, supporting scalable deployment with low overhead. The work also analyzes security considerations against GPIO, firmware, ELF tampering, and ROP threats, and discusses integration opportunities with RAS, CRAFT, and SEDA to broaden PAC-based attestation across heterogeneous embedded ecosystems.

Abstract

Verifying the integrity of embedded device characteristics is required to ensure secure operation of a device. One central challenge is to securely extract and store device-specific configurations for future verification. Existing device attestation schemes suffer from notable limitations, including a lack of standardization and a failure to encompass all hardware and software aspects inherent to a platform. This paper proposes an extension of the NSA Cybersecurity Directorate's Platform Attribute Certificate Creator (PACCOR) for the ESP32, a widely-used microcontroller series. Platform Attribute Certificates store device characteristics as per the Trusted Computing Group's Platform Certificate Profile. As of today, there is little research on hybrid attestation schemes utilizing Platform Attribute Certificates on embedded devices, which this work addresses. This paper presents a collection of attacks that can be detected using PACCOR4ESP. The toolkit extracts security-relevant information from an ESP32-S3, such as the firmware hash, bootloader hash, GPIO pin configuration, and a reference to the endorsement key of the secure element, and automatically embeds it into a Platform Attribute Certificate. Lastly, this work shows how PACCOR4ESP can be integrated with existing embedded device attestation frameworks, such as RAS, CRAFT, and SEDA.
Paper Structure (28 sections, 5 figures, 5 tables, 1 algorithm)

This paper contains 28 sections, 5 figures, 5 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Background
  3. Platform Attribute Certificates
  4. Platform Attribute Certificate Creator
  5. Related Work
  6. Problem Statement
  7. Design and Implementation
  8. Verification Process
  9. Architecture and Implementation Details
  10. Generalizability
  11. Runtime Evaluations
  12. Security Considerations
  13. System Model and Assumption
  14. Threat Model
  15. T1: Resistance to GPIO Pin Attacks
  16. ...and 13 more sections

Figures (5)

  • Figure 1: PACCOR4ESP Architecture, Adapted from PACCORpaccor.
  • Figure 2: Illustrative Life Cycle Considered in the Security Analysis
  • Figure 3: Attestation results after a program simulated tampering with the GPIO pin configuration and thus yielding an incorrect signature in the newly generated PAC (bottom) compared to the ground truth PAC (top).
  • Figure 4: Attestation results after tampering with the firmware and thus yielding an incorrect firmware hash in the newly generated PAC (bottom) compared to the ground truth PAC (top).
  • Figure 5: Attestation results after tampering with the ELF file and thus yielding an incorrect ELF hash prefix in the newly generated PAC (bottom) compared to the ground truth PAC (top).