Abstract

Embedded devices permeate our every day lives. They exist in our vehicles, traffic lights, medical equipment, and infrastructure controls. In many cases, improper functionality of these devices can present a physical danger to their users, data or financial loss, etc. Improper functionality can be a result of software or hardware bugs, but now more than ever, is often the result of malicious compromise and tampering, or as it is known colloquially "hacking". We are beginning to witness a proliferation of cyber-crime, and as more devices are built with internet connectivity (in the so called "Internet of Things"), security should be of the utmost concern. Embedded devices have begun to seamlessly merge with our daily existence. Therefore the need for security grows as it more directly affects the safety of our data, property, and even physical health. This thesis presents an FPGA-assisted framework for remote attestation, a security service that allows a remote device to prove to a verifying entity that it can be trusted. In other words, it presents a protocol by which a device (be it an insulin pump, vehicle, etc.) can prove to a user (or other entity) that it can be trusted - i.e. that it has not been "hacked". This is accomplished through executable code integrity verification and run-time monitoring. In essence, the protocol verifies that a device is running authorized and untampered software and makes it known to a verifier in a trusted fashion. We implement the protocol on a physical device to demonstrate its feasibility and to examine its performance impact.

Degree

College and Department

Ira A. Fulton College of Engineering and Technology; Electrical and Computer Engineering

Rights

http://lib.byu.edu/about/copyright/