Abstract. Recent research demonstrates that adversaries can inject malicious code into a peripheral’s firmware during a firmware update, which can result in password leakage or even compromise of the whole host operating system. Therefore, it is desirable for a host system to be able to verify the firmware integrity of attached peripherals. Several softwarebased attestation techniques on embedded devices have been proposed as potentially enabling firmware verification. In this work, we propose a Software-Based Attestation technique for Peripherals that verifies the firmware integrity of a peripheral and detects malicious changes with a high probability, even in the face of recently proposed attacks. We implement and evaluate SBAP in an Apple Aluminum Keyboard and study the extent to which our scheme enhances the security properties of peripherals.
Yanlin Li, Jonathan M. McCune, Adrian Perrig