all InfoSec news
Attestation with Constrained Relying Party. (arXiv:2312.08903v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
Allowing a compromised device to receive privacy-sensitive sensor readings,
or to operate a safety-critical actuator, carries significant risk. Usually,
such risks are mitigated by validating the device's security state with remote
attestation, but current remote attestation protocols are not suitable when the
beneficiary of attestation, the relying party, is a constrained device such as
a small sensor or actuator. These devices typically lack the power and memory
to operate public-key cryptography needed by such protocols, and may only be
able …
attestation compromised critical current device party privacy protocols risk risks safety safety-critical security sensitive sensor state