SWATT:
SoftWare-based ATTestation for Embedded Systems
SWATT provides
attestation, that is, it allows an external verifier to establish the
absence of malicious changes to the memory contents of an embedded
device. It is designed to work with embedded devices based on simple 8
and 16-bit CPUs. SWATT does not require physical access to the memory of
the embedded device. Also, SWATT is software-based and does not require
any hardware extensions such as secure co-processors.
The key idea in SWATT is to design a special verification procedure
that computes a checksum over the memory contents of the embedded
device. The verification procedure is constructed so that if an attacker
modifies the memory contents of the embedded device and tries to forge
the checksum, the checksum computation will take a longer time than
expected. Thus, a correct checksum obtained within the expected amount
of time provides a guarantee to the verifier that the memory contents
of the embedded device are untampered. Further details may be found in
our paper.
SWATT provides an equality check for memory contents. This property is
insufficient to obtain the guarantee of verifiable code execution since
the attacker can modify the code between the time it is checked and the
time the code the invoked for execution. This is referred to as the
time-of-check-to-time-of-use (TOCTTOU) attack.