Advanced search
Publication Cover
Behaviour & Information Technology Latest Articles
Submit an article Journal homepage
28
Views
0
CrossRef citations to date
0
Altmetric
Research Article

Building trust in remote attestation through transparency – a qualitative user study on observable attestation

Sebastian Linsnera PEASEC, Technical University of Darmstadt, Darmstadt, GermanyCorrespondence[email protected]
View further author information
,
Kilian Demutha PEASEC, Technical University of Darmstadt, Darmstadt, GermanyView further author information
,
Sebastian Surminskib University of Duisburg-Essen, Essen, GermanyView further author information
,
Lucas Davib University of Duisburg-Essen, Essen, GermanyView further author information
&
Christian Reutera PEASEC, Technical University of Darmstadt, Darmstadt, GermanyView further author information
Received 01 Nov 2023, Accepted 23 Jun 2024, Published online: 11 Jul 2024

References

  • Abbott, Jacob, Jayati Dev, Donginn Kim, Shakthidhar Gopavaram, Meera Iyer, Shivani Sadam, Shrirang Mare, et al. 2022. “Privacy Lessons Learnt from Deploying an IoT Ecosystem in the Home.” In Proceedings of the 2022 European Symposium on Usable Security (Karlsruhe, Germany) (EuroUSEC '22), 98–110. New York, NY, USA: Association for Computing Machinery. https://doi.org/10.1145/3549015.3554205.
  • Abdi, Noura, Kopo M. Ramokapane, and Jose M. Such. 2019. “More than Smart Speakers: Security and Privacy Perceptions of Smart Home Personal Assistants.” In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019), 451–466. Santa Clara, CA: USENIX Association. https://www.usenix.org/conference/soups2019/presentation/abdi.
  • Abera, Tigist, N. Asokan, Lucas Davi, Jan-Erik Ekberg, Thomas Nyman, Andrew Paverd, Ahmad-Reza Sadeghi, and Gene Tsudik. 2016. “C-FLAT: Control-Flow Attestation for Embedded Systems Software.” In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (Vienna, Austria) (CCS '16), 743–754. New York, NY, USA: Association for Computing Machinery. https://doi.org/10.1145/2976749.2978358.
  • Abera, Tigist, N. Asokan, Lucas Davi, Farinaz Koushanfar, Andrew Paverd, Ahmad-Reza Sadeghi, and Gene Tsudik. 2016. “Invited: Things, Trouble, Trust: On Building Trust in IoT Systems.” In Proceedings of the 53rd Annual Design Automation Conference, 1–6. Austin, TX, USA: ACM, IEEE. https://doi.org/10.1145/2897937.2905020.
  • Abera, Tigist, Raad Bahmani, Ferdinand Brasser, Ahmad Ibrahim, Ahmad-Reza Sadeghi, and Matthias Schunter. 2019. “DIAT: Data Integrity Attestation for Resilient Collaboration of Autonomous Systems.” In NDSS, 1–15. San Diego, CA, USA: Network and Distributed Systems Security (NDSS).
  • Aldowah, Hanan, Shafiq Ul Rehman, and Irfan Umar. 2021. “Trust in IoT Systems: A Vision on the Current Issues, Challenges, and Recommended Solutions.” In Advances on Smart and Soft Computing, edited by Faisal Saeed, Tawfik Al-Hadhrami, Fathey Mohammed, and Errais Mohammed, 329–339. Singapore: Springer Singapore.
  • AlHogail, Areej. 2018. “Improving IoT Technology Adoption Through Improving Consumer Trust.” Technologies 6 (3): 64. https://doi.org/10.3390/technologies6030064.
  • Alraja, Mansour Naser, Murtaza Mohiuddin Junaid Farooque, and Basel Khashab. 2019. “The Effect of Security, Privacy, Familiarity, and Trust on Users' Attitudes Toward the Use of the IoT-based Healthcare: The Mediation Role of Risk Perception.” IEEE Access 7:111341–111354. https://doi.org/10.1109/Access.6287639.
  • Alrawi, Omar, Chaz Lever, Manos Antonakakis, and Fabian Monrose. 2019. “SoK: Security Evaluation of Home-Based IoT Deployments.” In IEEE Symposium on Security and Privacy (SP), 1362–1380. San Francisco, CA, USA: IEEE. https://doi.org/10.1109/SP.2019.00013.
  • Alshehri, Ahmed, Joseph Spielman, Amiya Prasad, and Chuan Yue. 2022. “Exploring the Privacy Concerns of Bystanders in Smart Homes From the Perspectives of Both Owners and Bystanders.” Proceedings on Privacy Enhancing Technologies 2022 (3): 99–119. https://doi.org/10.56553/popets-2022-0064.
  • Aman, Muhammad Naveed, Mohamed Haroon Basheer, Siddhant Dash, Jun Wen Wong, Jia Xu, HW Lim, and Biplab Sikdar. 2020. “HAtt: Hybrid Remote Attestation for the Internet of Things with High Availability.” IEEE Internet of Things Journal 7 (8): 7220–7233. https://doi.org/10.1109/JIoT.6488907.
  • Ambrosin, Moreno, Mauro Conti, Riccardo Lazzeretti, Md. Masoom Rabbani, and Silvio Ranise. 2020. “Collective Remote Attestation At the Internet of Things Scale: State-of-the-Art and Future Challenges.” IEEE Communications Surveys & Tutorials 22 (4): 2447–2461. https://doi.org/10.1109/COMST.9739.
  • Ammar, Mahmoud, Bruno Crispo, and Gene Tsudik. 2020. “SIMPLE: A Remote Attestation Approach for Resource-Constrained IoT Devices.” In 2020 ACM/IEEE 11th International Conference on Cyber-Physical Systems (ICCPS), 247–258. Sydney, NSW, Australia: IEEE. https://doi.org/10.1109/ICCPS48487.2020.00036.
  • Architecure ARM. 2009. ARM Security Technology: Building a Secure System using TrustZone Technology. white paper. ARM Limited.
  • Asplund, Mikael, and Simin Nadjm-Tehrani. 2016. “Attitudes and Perceptions of IoT Security in Critical Societal Services.” IEEE Access 4:2130–2138. https://doi.org/10.1109/ACCESS.2016.2560919..
  • Babun, Leonardo, Z. Berkay Celik, Patrick McDaniel, and A. Selcuk Uluagac. 2021. “Real-Time Analysis of Privacy-(un) Aware IoT Applications.” Proceedings on Privacy Enhancing Technologies 2021 (1): 145–166. https://doi.org/10.2478/popets-2021-0009.
  • Bawden, D., and L. Robinson. 2020. “Information Overload: An Overview.” In Oxford Encyclopedia of Political Decision Making. Oxford: Oxford University Press. https://doi.org/10.1093/acrefore/9780190228637.013.1360.
  • Brasser, Ferdinand, Brahim El Mahjoub, Ahmad-Reza Sadeghi, Christian Wachsmann, and Patrick Koeberl. 2015. “TyTAN: Tiny Trust Anchor for Tiny Devices.” In Proceedings of the 52nd annual Design Automation Conference, 1–6. San Francisco, CA, USA: ACM, IEEE. https://doi.org/10.1145/2744769.2744922.
  • Business Wire. 2021. Strategy Analytics: Global Smart Speaker Sales Cross 150 Million Units for 2020 Following Robust Q4 Demand. 2023 Business Wire, Inc. https://www.businesswire.com/news/home/20210303005852/en/Strategy-Analytics-Global-Smart-Speaker-Sales-Cross-150-Million-Units-for-2020-Following-Robust-Q4-Demand.
  • Carpent, Xavier, Norrathep Rattanavipanon, and Gene Tsudik. 2018. “Remote Attestation of IoT Devices via SMARM: Shuffled Measurements Against Roving Malware.” In 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 9–16. Washington, DC, USA: IEEE.
  • Conti, Mauro, Edlira Dushku, and Luigi V. Mancini. 2019. “RADIS: Remote Attestation of Distributed IoT Services.” In 2019 Sixth International Conference on Software Defined Systems (SDS), 25–32. Rome, Italy: IEEE.
  • Costan, Victor, and Srinivas Devadas. 2016. Intel SGX explained. Cryptology ePrint Archive Paper 2016, 086 (2016), 118. https://eprint.iacr.org/2016/086.
  • Dushku, Edlira, Md. Masoom Rabbani, Mauro Conti, Luigi V. Mancini, and Silvio Ranise. 2020. “SARA: Secure Asynchronous Remote Attestation for IoT Systems.” IEEE Transactions on Information Forensics and Security 15:3123–3136. https://doi.org/10.1109/TIFS.10206.
  • Edu, Jide S., Jose M. Such, and Guillermo Suarez-Tangil. 2020. “Smart Home Al Assistants: A Security and Privacy Review.” ACM Computing Surveys (CSUR) 53 (6): 1–36. https://doi.org/10.1145/3412383.
  • Emami-Naeini, Pardis, Janarth Dheenadhayalan, Yuvraj Agarwal, and Lorrie Faith Cranor. 2021. “Which Privacy and Security Attributes Most Impact Consumers' Risk Perception and Willingness to Purchase IoT Devices?” In 2021 IEEE Symposium on Security and Privacy (SP), 519–536. San Francisco, CA, USA: IEEE.
  • Furnell, Steven, and Nathan Clarke. 2012. “Power to the People? The Evolving Recognition of Human Aspects of Security.” Computers & Security 31 (8): 983–988. https://doi.org/10.1016/j.cose.2012.08.004.
  • Gerber, Nina, Benjamin Reinheimer, and Melanie Volkamer. 2018. “Home Sweet Home? Investigating Users' Awareness of Smart Home Privacy Threats.” In Proceedings of an Interactive Workshop on the Human aspects of Smarthome Security and Privacy (WSSP). Baltimore, MD, USA: USENIX Association.
  • Hassan, Wan Haslina. 2019. “Current Research on Internet of Things (IoT) Security: A Survey.” Computer Networks 148:283–294. https://doi.org/10.1016/j.comnet.2018.11.025.
  • Hu, Hong, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua, Prateek Saxena, and Zhenkai Liang. 2016. “Data-Oriented Programming: On the Expressiveness of Non-Control Data Attacks.” In 2016 IEEE Symposium on Security and Privacy (SP), 969–986. San Jose, CA, USA: IEEE.
  • Kil, Chongkyung, Emre C. Sezer, Ahmed M. Azab, Peng Ning, and Xiaolan Zhang. 2009. “Remote Attestation to Dynamic System Properties: Towards Providing Complete System Integrity Evidence.” In 2009 IEEE/IFIP International Conference on Dependable Systems & Networks, 115–124. Lisbon, Portugal: IEEE. https://doi.org/10.1109/DSN.2009.5270348.
  • Koeberl, Patrick, Steffen Schulz, Ahmad-Reza Sadeghi, and Vijay Varadharajan. 2014. “TrustLite: A Security Architecture for Tiny Embedded Devices.” In Proceedings of the Ninth European Conference on Computer Systems (EuroSys '14), 14. Amsterdam, Netherlands: ACM. https://doi.org/10.1145/2592798.2592824.
  • Kolias, Constantinos, Georgios Kambourakis, Angelos Stavrou, and Jeffrey Voas. 2017. “DDoS in the IoT: Mirai and Other Botnets.” Computer 50 (7): 80–84. https://doi.org/10.1109/MC.2017.201.https://doi.org/10.1109/MC.2017.201.
  • Korneeva, Elena, Nina Olinder, and Wadim Strielkowski. 2021. “Consumer Attitudes to the Smart Home Technologies and the Internet of Things (IoT).” Energies 14 (23): 7913. https://doi.org/10.3390/en14237913.
  • Kuang, Boyu, Anmin Fu, Shui Yu, Guomin Yang, and Mang Su, and Yuqing Zhang. 2019. “ESDRA: An Efficient and Secure Distributed Remote Attestation Scheme for IoT Swarms.” IEEE Internet of Things Journal 6 (5): 8372–8383. https://doi.org/10.1109/JIoT.6488907.
  • Kuang, Boyu, Anmin Fu, Lu Zhou, Willy Susilo, and Yuqing Zhang. 2020. “DO-RA: Data-Oriented Runtime Attestation for IoT Devices.” Computers & Security 97:101945. https://doi.org/10.1016/j.cose.2020.101945.
  • Lafontaine, Evan, Aafaq Sabir, and Anupam Das. 2021. “Understanding People's Attitude and Concerns Towards Adopting IoT Devices.” In Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems (Yokohama, Japan) (CHI EA '21), Article 307, 10. New York, NY, USA: Association for Computing Machinery. https://doi.org/10.1145/3411763.3451633.
  • Mahmoud, Rwan, Tasneem Yousuf, Fadi Aloul, and Imran Zualkernan. 2015. “Internet of Things (IoT) Security: Current Status, Challenges and Prospective Measures.” In 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), 336–341. London, UK: IEEE. https://doi.org/10.1109/ICITST.2015.7412116.
  • Mare, Shrirang, Franziska Roesner, and Tadayoshi Kohno. 2020. “Smart Devices in Airbnbs: Considering Privacy and Security for Both Guests and Hosts.” Proceedings on Privacy Enhancing Technologies 2020 (2): 436–458. https://doi.org/10.2478/popets-2020-0035.
  • McDermott, Christopher D., John P. Isaacs, and Andrei V. Petrovski. 2019. “Evaluating Awareness and Perception of Botnet Activity Within Consumer Internet-of-Things (IoT) Networks.” In Informatics, Vol. 6, 8. Basel, Switzerland: MDPI.
  • Menard, Philip, and Gregory J. Bott. 2020. “Analyzing IOT Users' Mobile Device Privacy Concerns: Extracting Privacy Permissions Using a Disclosure Experiment.” Computers & Security 95:101856. ISSN: 0167-4048. https://doi.org/10.1016/j.cose.2020.101856.
  • Moss, Simon. 2016. Acquiescence Bias. Sicotests. Accessed 23 May, 2023. https://www.sicotests.com/newpsyarticle/Acquiescence-bias.
  • Nemec Zlatolas, Lili, Nataša Feher, and Marko Hölbl. 2022. “Security Perception of IoT Devices in Smart Homes.” Journal of Cybersecurity and Privacy 2 (1): 65–73. https://doi.org/10.3390/jcp2010005.
  • Nunes, Ivan De Oliveira, Karim Eldefrawy, Norrathep Rattanavipanon, Michael Steiner, and Gene Tsudik. 2019. “VRASED: A Verified Hardware/Software Co-Design for Remote Attestation.” In Proceedings of the 28th USENIX Conference on Security Symposium (Santa Clara, CA, USA) (SEC'19), 1429–1446. USA: USENIX Association.
  • Nunes, Ivan De Oliveira, Sashidhar Jakkamsetti, and Gene Tsudik. 2021. “Dialed: Data Integrity Attestation for Low-End Embedded Devices.” In 2021 58th ACM/IEEE Design Automation Conference (DAC), 313–318. San Francisco, CA, USA: IEEE.
  • Nyhan, Brendan, and Jason Reifler. 2010. “When Corrections Fail: The Persistence of Political Misperceptions.” Political Behavior 32 (2): 303–330. https://doi.org/10.1007/s11109-010-9112-2.
  • Oser, Pascal, Sebastian Feger, Paweł W. Woźniak, Jakob Karolus, Dayana Spagnuelo, Akash Gupta, Stefan Lüders, Albrecht Schmidt, and Frank Kargl. Sep 2020. “SAFER: Development and Evaluation of An IoT Device Risk Assessment Framework in a Multinational Organization.” Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 4 (3): 1–22. https://doi.org/10.1145/3414173.https://doi.org/10.1145/3414173.
  • OWASP. 2018. Internet of Things (IoT) Top. Accessed 3 July, 2022. https://owasp.org/www-pdf-archive/OWASP-IoT-Top-10-2018-final.pdf.
  • Park, Chankook, Yangsoo Kim, and Min Jeong. 2018. “Influencing Factors on Risk Perception of IoT-based Home Energy Management Services.” Telematics and Informatics 35 (8): 2355–2365. ISSN: 0736-5853. https://doi.org/10.1016/j.tele.2018.10.005.
  • Parno, Bryan, Jonathan M. McCune, and Adrian Perrig. 2010. “Bootstrapping Trust in Commodity Computers.” In 2010 IEEE Symposium on Security and Privacy, 414–429. Oakland, CA, USA: IEEE. https://doi.org/10.1109/SP.2010.32.
  • Pfeffer, Katharina, Alexandra Mai, Adrian Dabrowski, Matthias Gusenbauer, Philipp Schindler, Edgar Weippl, Michael Franz, and Katharina Krombholz. 2021. “On the Usability of Authenticity Checks for Hardware Security Tokens.” In 30th USENIX Security Symposium (USENIX Security 21), 37–54. USENIX Association, virtual event. https://www.usenix.org/conference/usenixsecurity21/presentation/pfeffer.
  • Remesh, Athira, Divya Muralidharan, Neha Raj, J. Gopika, and P. K. Binu. 2020. “Intrusion Detection System for IoT Devices.” In 2020 International Conference on Electronics and Sustainable Communication Systems (ICESC), 826–830. Coimbatore, India: IEEE. https://doi.org/10.1109/ICESC48915.2020.9155999.
  • Reuter, Christian, Marc-André Kaufhold, Stefka Schmid, Thomas Spielhofer, and Anna Sophie Hahne. 2019. “The Impact of Risk Cultures: Citizens' Perception of Social Media Use in Emergencies Across Europe.” Technological Forecasting and Social Change (TFSC) 148 (119724): 1–17. https://doi.org/10.1016/j.techfore.2019.119724.
  • Roemer, Ryan, Erik Buchanan, Hovav Shacham, and Stefan Savage. 2012. “Return-Oriented Programming: Systems, Languages, and Applications.” ACM Transactions on Information and System Security (TISSEC) 15 (1): 1–34. https://doi.org/10.1145/2133375.2133377.
  • Saeidi, Mahsa, McKenzie Calvert, Audrey W. Au, Anita Sarma, and Rakesh B. Bobba. 2021. “If This Context Then That Concern: Exploring Users' Concerns with IFTTT Applets.” Proceedings on Privacy Enhancing Technologies 2022 (1): 166–186. https://doi.org/10.2478/popets-2022-0009.
  • Sasse, M. Angela, and Ivan Flechais. 2005. “Usable Security: Why Do We Need It? How Do We Get It?” In Security and Usability: Designing Secure Systems That People Can Use, edited by L. F. Cranor and S. Garfinkel, 13–30. Sebastopol, US: O'Reilly.
  • Schrepp, Martin, Andreas Hinderks, and Jörg Thomaschewski. 2017. “Design and Evaluation of a Short Version of the User Experience Questionnaire (UEQ-S).” International Journal of Interactive Multimedia and Artificial Intelligence 4 (6): 103–108. https://doi.org/10.9781/ijimai.2017.09.001.https://doi.org/10.9781/ijimai.2017.09.001.
  • Seralathan, Yogeesh, Tae Tom Oh, Suyash Jadhav, Jonathan Myers, Jaehoon Paul Jeong, Young Ho Kim, and Jeong Neyo Kim. 2018. “IoT Security Vulnerability: A Case Study of a Web Camera.” In 2018 20th International Conference on Advanced Communication Technology (ICACT), 172–177. Chuncheon, Korea (South): IEEE. https://doi.org/10.23919/ICACT.2018.8323686.
  • Seshadri, Arvind, Adrian Perrig, Leendert van Doorn, and Pradeep K. Khosla. 2004. “SWATT: SoftWare-Based ATTestation for Embedded Devices.” In IEEE Symposium on Security and Privacy (SP), 272–282. Berkeley, CA, USA: IEEE. https://doi.org/10.1109/SECPRI.2004.1301329.
  • Surminski, Sebastian, Christian Niesler, Ferdinand Brasser, Lucas Davi, and Ahmad-Reza Sadeghi. 2021. “RealSWATT: Remote Software-Based Attestation for Embedded Devices under Realtime Constraints.” In 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS) (CCS '21), 2890–2905. ACM, Virtual Event, Republic of Korea. https://doi.org/10.1145/3460120.3484788.
  • Surminski, Sebastian, Christian Niesler, Sebastian Linsner, Lucas Davi, and Christian Reuter. 2023. “SCAtt-Man: Side-Channel-Based Remote Attestation for Embedded Devices that Users Understand.” In Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy (CODASPY '23), 225–236. New York, NY, USA: Association for Computing Machinery. https://doi.org/10.1145/3577923.3583652.
  • van Deursen, Alexander J. A. M., Alex van der Zeeuw, Pia de Boer, Giedo Jansen, and Thomas van Rompay. 2021. “Digital Inequalities in the Internet of Things: Differences in Attitudes, Material Access, Skills, and Usage.” Information, Communication & Society 24 (2): 258–276. https://doi.org/10.1080/1369118X.2019.1646777.
  • Williams, Meredydd, Jason R. C. Nurse, and Sadie Creese. 2017. “Privacy is the Boring Bit: User Perceptions and Behaviour in the Internet-of-Things.” In 2017 15th Annual Conference on Privacy, Security and Trust (PST), 181–18109. Calgary, AB, Canada: IEEE. https://doi.org/10.1109/PST.2017.00029.
  • Yan, Chen, Xiaoyu Ji, Kai Wang, Qinhong Jiang, Zizhi Jin, and Wenyuan Xu. 2022. “A Survey on Voice Assistant Security: Attacks and Countermeasures.” ACM Computing Surveys 55 (4): 1–36. https://doi.org/10.1145/3527153.
  • Zeng, Eric, Shrirang Mare, and Franziska Roesner. 2017. “End User Security and Privacy Concerns with Smart Homes.” In Proceedings of the Thirteenth USENIX Conference on Usable Privacy and Security (Santa Clara, CA, USA) (SOUPS '17, Vol. 220), 65–80. USA: USENIX Association.
  • Zhang, Zhi-Kai, Michael Cheng Yi Cho, Chia-Wei Wang, Chia-Wei Hsu, Chong-Kuan Chen, and Shiuhpyng Shieh. 2014. “IoT Security: Ongoing Challenges and Research Opportunities.” In 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications, 230–234. Matsue, Japan: IEEE. https://doi.org/10.1109/SOCA.2014.58.
  • Zheng, Serena, Noah Apthorpe, Marshini Chetty, and Nick Feamster. 2018. “User Perceptions of Smart Home IoT Privacy.” Proceedings of the ACM on Human–Computer Interaction 2 (CSCW): 1–20. https://doi.org/10.1145/3274469.
  • Zubiaga, Arkaitz, Rob Procter, and Carsten Maple. 2018. “A Longitudinal Analysis of the Public Perception of the Opportunities and Challenges of the Internet of Things.” PLoS One 13 (12): e0209472. https://doi.org/10.1371/journal.pone.0209472.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.