Secure Intermittent Computing Protocol: Protecting State Across Power Loss

Archanaa S. Krishnana, Charles Suslowiczb, Daniel Dinuc and Patrick Schaumontd
Virginia Tech Blacksburg, VA, USA
aarchanaa@vt.edu
bcesuslow@vt.edu
cddinu@vt.edu
dschaum@vt.edu

ABSTRACT


Intermittent computing systems execute longrunning tasks under a transient power supply such as an energy harvesting power source. During a power loss, they save intermediate program state as a checkpoint into writeefficient non-volatile memory. When the power is restored, the system state is reconstructed from the checkpoint, and the long-running computation continues. We analyze the security risks when power interruption is used as an attack vector, and we demonstrate the need to protect the integrity, authenticity, confidentiality, continuity, and freshness of checkpointed data. We propose a secure checkpointing technique called the Secure Intermittent Computing Protocol (SICP). The proposed protocol has the following properties. First, it associates every checkpoint with a unique power-on state to checkpoint replay. Second, every checkpoint is cryptographically chained to its predecessor, providing continuity, which enables the programmer to carry run-time security properties such as attested program images across power loss events. Third, SICP is atomic and resistant to power loss. We demonstrate a prototype implementation of SICP on an MSP430 microcontroller, and we investigate the overhead of SICP for several cryptographic kernels. To the best of our knowledge, this is the first work to provide a robust solution to secure intermittent computing.

Keywords: Intermittent computing, Secure checkpoints, Embedded systems, Atomicity, continuity.



Full Text (PDF)