LiSB: Lightweight Secure Boot and Attestation Scheme for IoT and Edge Devices

Files

LiSB_Lightweight_Secure_Boot_and_Attestation_Scheme_for_IoT_and_Edge_Devices.pdf (6.18 MB)

Links to Files

https://ieeexplore.ieee.org/abstract/document/11095728

Permanent Link

https://doi.org/10.1109/TIFS.2025.3592573
 http://hdl.handle.net/11603/39745

Collections

UMBC Faculty Collection
UMBC Computer Science and Electrical Engineering Department
UMBC Student Collection

Author/Creator

Author/Creator ORCID

https://orcid.org/0000-0003-3865-9217
 https://orcid.org/0000-0001-6831-8339
 https://orcid.org/0009-0002-6840-2850
 https://orcid.org/0000-0002-5825-6637

Date

2025-07-24

Type of Work

journal articles
postprints
Text

Department

Program

Citation of Original Publication

Younis, Mohamed, Mohammad Ebrahimabadi, Suhee Sanjana Mehjabin, Emily Pozniak, Tamim Sookoor, and Naghmeh Karimi. “LiSB: Lightweight Secure Boot and Attestation Scheme for IoT and Edge Devices.” IEEE Transactions on Information Forensics and Security, July 24, 2025, 1–1. https://doi.org/10.1109/TIFS.2025.3592573.

Rights

© 2025 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works

Subjects

Random access memory
Mathematical models
Performance evaluation
Microprogramming
Physical Unclonable Function
Codes
Software Integrity Attestation
Security
Physical unclonable function
Secure Boot
UMBC Cybersecurity Institute
Internet of Things
Authentication
Nonvolatile memory
Hardware

Abstract

With the increasing popularity of small computing devices and applications of IoT, the need for platform integrity grows both in scale and scope. In particular, the detection of successful attempts to inject a malicious software module or modify an existing one is of utmost importance. This paper promotes LiSB, a novel approach for validating software/firmware integrity and ensuring secure boot-up for resource-constrained embedded devices. LiSB is lightweight, yet very robust. A hardware primitive is used as a Root-of-Trust to support the confidentiality of generated digests and the security of the attestation protocol. Specifically, LiSB employs Physically Unclonable Functions (PUFs) to make the digest device-specific without storing any secrets in the device memory. The performance and robustness of LiSB are validated using a prototype implementation on an FPGA. The results demonstrate that LiSB outperforms recently-published and prominent commercial attestation schemes like TPM, and consumes 25 times less power than SHA-256, which serves as the core component of most existing attestation schemes. The security properties of LiSB are formally analyzed.