A survey of remote attestation in Internet of Things: Attacks, countermeasures, and prospects

Abstract The explosive growth of the Internet of Things (IoT) devices is an inevitable trend, especially considering the fact that 5G technology facilitates numerous services building on IoT devices. IoT devices deliver great convenience to our daily lives; nevertheless, they are becoming attractive attacking targets. Compromised IoT devices can result in the exposure of user privacy, damage to network security, or even threats to personal safety. In a rush for convenience and marketability, the security of these devices is usually less considered during production and even ignored. Under these circumstances, Remote Attestation (RA) becomes a valuable security service. It outsources the computation and verification burden to a resource-rich party, e.g., server, to ease its on-device implementation, making it suitable for protocol extensions. In this paper, we investigate the state-of-the-art RA schemes from different perspectives, aiming to offer a comprehensive understanding of this security service. Specifically, we summarize the basis of RA. We set up an elaborate adversarial model by systematizing existing RA schemes. Then we put forward the evaluation criteria from protection capability, performance, network adaptability, and attestation quality. According to the adversarial model, we classify existing RA schemes into five categories to show the various characteristics. A comparison of representative proposals enables readers to adopt and design suitable protocols in different application scenarios. Finally, we discuss some open challenges and provision prospects for future research.