Allowing a compromised device to receive privacy-sensitive sensor readings, or to operate a safety-critical actuator, carries significant risk. Usually, such risks are mitigated by validating the device's security state with remote attestation, but current remote attestation protocols are not suitable when the beneficiary of attestation, the relying party, is a constrained device such as a small sensor or actuator. These devices typically lack the power and memory to operate public-key cryptography needed by such protocols, and may only be able to communicate with devices in their physical proximity, such as with the controller whose security state they wish to evaluate. In this paper, we present a remote platform attestation protocol suitable for relying parties that are limited to symmetric-key cryptography and a single communication channel. We show that our protocol, including the needed cryptography and message processing, can be implemented with a code size of 6 KB and validate its security via model checking with the ProVerif tool.

翻译：允许被攻陷的设备接收隐私敏感的传感器读数或操作安全关键的执行器会带来重大风险。通常，此类风险通过远程证明验证设备安全状态来缓解，但现有远程证明协议并不适用于证明受益方（即依赖方）为受限设备（如小型传感器或执行器）的场景。这类设备通常缺乏运行公钥密码学所需的算力和内存，且可能仅能与物理邻近设备（如需要评估其安全状态的控制器）通信。本文提出一种适用于仅支持对称密钥密码学和单一通信信道的依赖方的远程平台证明协议。我们证明该协议（包括所需密码学运算和消息处理）可仅用6 KB代码实现，并通过ProVerif工具进行模型检验验证其安全性。