SWATT: SoftWare-based ATTestation for Embedded Systems

SWATT provides attestation, that is, it allows an external verifier to establish the absence of malicious changes to the memory contents of an embedded device. It is designed to work with embedded devices based on simple 8 and 16-bit CPUs. SWATT does not require physical access to the memory of the embedded device. Also, SWATT is software-based and does not require any hardware extensions such as secure co-processors.

The key idea in SWATT is to design a special verification procedure that computes a checksum over the memory contents of the embedded device. The verification procedure is constructed so that if an attacker modifies the memory contents of the embedded device and tries to forge the checksum, the checksum computation will take a longer time than expected. Thus, a correct checksum obtained within the expected amount of time provides a guarantee to the verifier that the memory contents of the embedded device are untampered. Further details may be found in our paper.

SWATT provides an equality check for memory contents. This property is insufficient to obtain the guarantee of verifiable code execution since the attacker can modify the code between the time it is checked and the time the code the invoked for execution. This is referred to as the time-of-check-to-time-of-use (TOCTTOU) attack.