UBITECH
The present blog comes from the presentations took place during the REWIRE Cybersecurity Awareness Webinar Series, entitled: “Trust or Bust: Reinforcing the IoT Interoperable Security Stack with Efficient Secure Lifecycle Management Capabilities – The RISC-V Opportunity”.
During the webinar session focusing on “Efficient and Scalable Attestation Mechanisms for RISC-V Devices”, Stefanos Vasileiadis and Nikos Varvitsiotis introduced the configuration integrity verification designed for the REWIRE project, which was built on strong trust guarantees for IoT and edge devices using hardware-backed security and the RISC-V open hardware architecture, using the Keystone Task Execution Environment (TEE). The overall design emulates Trust Device Interfaces (TDIS), defining four different TDIs for key management, enhanced authorization, key restriction usage policy verifiability, and tracing, aiming to ensure device security.
Moreover, the REWIRE’s Configuration Integrity Scheme utilizes three participating devices: the domain manager, the prover (edge device), and the agnostic verifier. The domain manager is responsible for the onboarding of devices by attesting their trusted computing base and issuing key restrictions, while the prover contains components like the attestation agent, verifiable policy enforcer, and tracer. The design aims to secure the entire device lifecycle through trust assessment, focusing on design time integrity, bootup integrity, and runtime integrity, with a key innovation being the zero-knowledge nature of the scheme to protect against implementation disclosure attacks.
In addition, the REWIRE scheme enhances security by moving beyond runtime attestation with real-time introspection and safety zones protected by the risk 5 architecture’s physical memory protection layer. The local attestation works in a zero-knowledge manner, representing a significant innovation, preventing attackers from observing network traffic to find vulnerabilities. This scheme also protects against rollback and replay attacks, using challenge-based attestation and key restriction usage policy verifiability, while at the same time supports secure software updates.
The main steps of the REWIRE Attestation Scheme Workflow, begin with the device onboarding to the domain manager, where the attestation agent provides a dedicated public key. The domain manager computes the key restriction usage policy and creates the VPA key bound to the device’s static properties, then sends an authorization ticket back to the device in a trusted manner. During runtime, the attestation agent initiates the process by sending a challenge to the VP, which in turn challenges the tracer to introspect system properties based on a predefined policy. Furthermore, the tracer sends signed traces to the VP, which verifies the tracer’s static attributes and sends a ticket to the attestation agent if valid. The attestation agent then uses the key restriction usage policy enforcement to verify its own configuration and the received traces against the domain manager’s definitions before signing the verifier’s challenge with its attestation key.
As far as the implementation and demonstration of the REWIRE Platform, Stefanos during his presentation mentioned that their scheme was developed using Keystone and successfully configured to run on two different platforms: a Zelink Kintex Genesis 2 board with a CVA6 core and a StarFive VisionFive 2 board, with RISC-V architecture.
The REWIRE project addresses this by developing lightweight, scalable attestation and cryptographic mechanisms that quantify device trustworthiness across the compute continuum. Leveraging RISC-V hardware and Keystone TEE, REWIRE introduces the first attestation extensions enabling runtime integrity verification with minimal performance impact. These innovations form the basis of a harmonized Trusted Computing Base, and an interoperable security stack designed to support secure, trusted IoT environments.