Sebastian Surminski, member of the chair, presented a new security solution for smart speakers in June at the ACM Conference on Applied Cryptography and Network Security (ACNS) in Kyoto in Japan a new security solution for embedded systems basing on Direct Memory Access (DMA).

Remote attestation allows for validating the trustworthiness of a remote device. Existing attestation schemes either require hardware changes, trusted computing components or rely on strict timing constraints. In this paper, we present a novel remote attestation approach, called DMA’N’PLAY, that tackles these practical limitations by leveraging DMA (direct memory access). Since DMA does not require CPU time, DMA’N’PLAY even allows attestation of devices with real-time constraints. To prevent the exploitation of side-channels which potentially could determine if the attestation is running, we developed DMA’N’PLAY TO-GO, a small, mobile attestation device that can be plugged into the attested device. We evaluated DMA’N’PLAY on two real-world devices, namely a syringe pump and a drone. Our evaluation shows that DMA’N’PLAY adds negligible performance overhead and prevents data-only attacks, by validating critical data in memory.

This work is the result of a collaboration between the chair for systems security of the University of Duisburg-Essen and researchers at the TU Darmstadt within the DFG Collaborative Research Center CROSSING.

All details can be found in the Paper:
Surminski, S., Niesler, C., Davi, L., & Sadeghi, A. R. (2023, May). DMA’n’Play: Practical Remote Attestation Based on Direct Memory Access. In International Conference on Applied Cryptography and Network Security (pp. 32-61). Cham: Springer Nature Switzerland.