Authors: Anum Khurshid, Shahid Raza
Date: October 2022
DOI Bookmark: https://doi.org/10.1016/j.cose.2022.102952
A new journal paper has been accepted in the Computers & Security, Volume 124 by Elsevier Computers & Security Journal, titled AutoCert: Automated TOCTOU-secure Digital Certification for IoT with combined Authentication and Assurance.
This paper presents the first TOCTOU-secure mechanism to combine software-state integrity with Public Key Infrastructure for IoT, and establishes a standardized mechanism to relay software-state assurance for IoT devices. The proposed mechanism is built using the IETF Remote ATtestation procedureS (RATS) architecture and standard X.509 IoT profile certificates to ensure both device authentication and software assurance for IoT. The implementation and evaluation of performance of the Proof-of-Concept is demonstrated on the OPTIGA TPM Evaluation Kit, which is specially designed to evaluate applications in the industrial and automotive use cases.