An embedded system is a computer system having a dedicated function within a larger mechanical or electrical system, often with real-time computing constraints. It is embedded as part of a complete device that may include hardware and mechanical parts. Embedded systems are found in many applications, including cell phones, home security systems, alarm systems, automated teller machines, automobiles, traffic lights, industrial control systems, medical equipment, and avionics. Due to the numerous critical uses of embedded systems, a method to detect instances of system compromise (cyber-attacks) is important.
Attestation is the process of validating the integrity of a computing device, such as a server needed for secure computing. One approach to detect a compromised device is software attestation. Generally, software attestation verifies that an initial application is still running unmodified on the untrusted device. Software attestation is a trust establishment mechanism in which a verifier system checks the integrity of the program memory content of a client system against unauthorized modification, such as what could occur by the insertion of malicious code. As opposed to hardware-based attestation, software attestation requires no additional hardware to verify untrusted computing systems. Software attestation is based on a challenge-response paradigm, between the verifier and the client. For example, the verifier may compare specific client data memory values to a known set of values, and if the values match, the client can be trusted. Because software attestation does not require physical access to the untrusted computing system, software attestation can verify the integrity of the application and/or code execution without special hardware.
One disadvantage of software attestation is that it validates only the client software, independent of the underlying hardware or additional CPU processing. In one scenario, an attacker could launch software exploits, such as return-oriented programming, to undermine software attestation. This could allow a compromised client, running on suspect hardware or running extra malicious code, to send an attestation response that the verifier accepts as valid.
What is needed, therefore, is a method to detect cyber-attacks in the software and hardware of embedded systems prior to their operational use. Knowing that a system has been compromised before a malicious attack manifests itself allows for mitigation before any real harm can be done.