Abstract
Attestation has become a promising approach for ensuring software integrity in wireless sensor networks. However, current attestation either focuses on static system properties, e.g., code integrity, or requires hardware support such as Trusted Platform Module (TPM). However, there are attacks exploiting vulnerabilities that do not violate static system properties, and sensor platforms may not have hardware-based security support. This paper presents a software attestation scheme for dynamic data integrity based on data boundary integrity. It automatically transforms the source code and inserts data guards to track run-time program data. A data guard is unrecoverable once it is corrupted by an attacker, even if the attacker fully controls the system later. The corruption of any data guard at runtime can be remotely detected. A corruption either indicates a software attack or a bug in the software that needs immediate attention. The benefits of the proposed attestation scheme are as follows. First, it does not rely on any additional hardware support, making it suitable for low-cost sensor nodes. Second, it introduces minimal communication cost and has adjustable runtime memory overhead. Third, it works even if sensor nodes use different hardware platforms, as long as they run the same software. The prototype implementation and the experiments on TelosB motes show that the proposed technique is both effective and efficient for sensor networks.