Читать книгу Service Level Management in Emerging Environments - Nader Mbarek - Страница 30

Various European research projects have studied the security service ensuring both types of integrity, that of data as well as of objects, in an IoT environment. SMARTIE, for instance, takes into account several architectures for the implementation of the integrity service in an IoT environment. It uses Linux’s kernel integrity measurement architecture (Pokric et al. 2015) to verify the integrity of objects. It additionally takes the support of integrity verification mechanisms present on smart cards, while taking inspiration from the Integrity Measurement Architecture (IMA). SMARTIE thus offers a node-attestation component that makes it possible to verify the integrity of the node by testing the hashing for the list of software and files that have been executed on that node. The node attestation component consists of a Remote Attestation mechanism between IoT objects and the remote central unit that is responsible for measuring the integrity of the objects. Remote attestation allows the remote party – the gateway or server responsible for verifying the integrity of the objects – to inspect the state of a device or an IoT object at any given moment. The remote party may request the hashing of the list of software or files and is able to verify whether the records provided by the device have been falsified by comparing the hashing received with the hashing that was calculated. The node-attestation component developed in SMARTIE makes it possible to provide a practical solution, which is a compromise between the hardware solution and the software-based approaches by using the IMA module and the architecture for integrity measurement that is present in the Linux kernel (SMARTIE 2014a; Pokric et al. 2015). The IMA module measures the integrity of the binary code before the kernel proceeds to loading the code into memory to be run. The measurement result is recorded and sent to the IMASC service (Integrity Management Architecture using a Smart Card). The IMASC system transmits the result to the smart card, where it is timestamped and signed so that there can be no subsequent manipulation of the entry. In addition, the smart card preserves a record with the hash value. For remote attestation, the verifying party can inspect the state of a remote device at any time by requesting the hashing and verifying the signatures. During a remote attestation request, the IMASC service interacts with the smart card and with the remote party in order to provide the proof of attestation. Further, various libraries have been designed for IoT objects in order to carry out the hash functions. For example, we have “Cryptosuite” (Knight 2010), which is a library for Arduino that supports different hashing algorithms such as SHA-1, SHA-256, HMAC-SHA-1 and HMAC-SHA-256.