On the Design and Security of Collective Remote Attestation Protocols

本文介绍了一种名为“集体远程认证（CRA）”的安全服务，旨在高效地识别（通常是低功率的）网络中受到攻击的设备。近年来，CRA协议提案数量急剧增长，这些提案展示了各种设计，受不同网络拓扑、硬件假设和其他功能要求的指导。然而，它们在信任假设、对手模型和角色描述方面存在差异，这使得难以统一评估它们的安全保证。因此，本文提出了一个名为Catt的统一框架，用于CRA协议的系统比较，基于对40个CRA协议及其对手模型的全面研究。Catt定义了设备可以扮演的角色，并基于此开发了一组新的CRA协议安全属性。然后，我们对所有研究的协议的安全目标进行分类。最后，我们通过在Tamarin Prover中编码这些安全属性并验证SIMPLE+协议来说明我们安全属性的适用性。

Catt: A Unifying Framework for Comparing Collective Remote Attestation Protocols

The paper presents Catt, a framework for systematically comparing collective remote attestation (CRA) protocols based on a comprehensive study of 40 CRA protocols and their adversary models. Catt characterizes the roles that devices can take and develops a novel set of security properties for CRA protocols.

The paper illustrates the applicability of the security properties by encoding them in the tamarin prover and verifying the SIMPLE+ protocol against them. The study provides a comprehensive classification of the security aims of all the studied protocols. The framework can be used to compare CRA protocols based on their trust assumptions, adversary models, and role descriptions.

Recent related work includes 'A Survey of Collective Remote Attestation' by M. Conti et al. and 'A Survey on Security and Privacy Issues in IoT-based Healthcare Systems' by S. Ruj et al.