{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T12:28:10Z","timestamp":1775737690045,"version":"3.50.1"},"reference-count":41,"publisher":"MDPI AG","issue":"13","license":[{"start":{"date-parts":[[2022,7,5]],"date-time":"2022-07-05T00:00:00Z","timestamp":1656979200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"European Union\u2019s Horizon 2020 Research and Innovation program","award":["871518"],"award-info":[{"award-number":["871518"]}]},{"name":"European Union\u2019s Horizon 2020 Research and Innovation program","award":["B-TIC-588-UGR20"],"award-info":[{"award-number":["B-TIC-588-UGR20"]}]},{"name":"FEDER\/Junta de Andaluc\u00eda-Consejer\u00eda de Transformaci\u00f3n Econ\u00f3mica, Industria, Conocimiento y Universidades","award":["871518"],"award-info":[{"award-number":["871518"]}]},{"name":"FEDER\/Junta de Andaluc\u00eda-Consejer\u00eda de Transformaci\u00f3n Econ\u00f3mica, Industria, Conocimiento y Universidades","award":["B-TIC-588-UGR20"],"award-info":[{"award-number":["B-TIC-588-UGR20"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>This paper presents and implements a novel remote attestation method to ensure the integrity of a device applicable to decentralized infrastructures, such as those found in common edge computing scenarios. Edge computing can be considered as a framework where multiple unsupervised devices communicate with each other with lack of hierarchy, requesting and offering services without a central server to orchestrate them. Because of these characteristics, there are many security threats, and detecting attacks is essential. Many remote attestation systems have been developed to alleviate this problem, but none of them can satisfy the requirements of edge computing: accepting dynamic enrollment and removal of devices to the system, respecting the interrupted activity of devices, and last but not least, providing a decentralized architecture for not trusting in just one Verifier. This security flaw has a negative impact on the development and implementation of edge computing-based technologies because of the impossibility of secure implementation. In this work, we propose a remote attestation system that, through using a Trusted Platform Module (TPM), enables the dynamic enrollment and an efficient and decentralized attestation. We demonstrate and evaluate our work in two use cases, attaining acceptance of intermittent activity by IoT devices, deletion of the dependency of centralized verifiers, and the probation of continuous integrity between unknown devices just by one signature verification.<\/jats:p>","DOI":"10.3390\/s22135060","type":"journal-article","created":{"date-parts":[[2022,7,6]],"date-time":"2022-07-06T21:15:52Z","timestamp":1657142152000},"page":"5060","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["RESEKRA: Remote Enrollment Using SEaled Keys for Remote Attestation"],"prefix":"10.3390","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8402-4103","authenticated-orcid":false,"given":"Ernesto","family":"G\u00f3mez-Mar\u00edn","sequence":"first","affiliation":[{"name":"Infineon Technologies AG, 85579 Neubiberg, Germany"},{"name":"Departamento Electr\u00f3nica y Tecnolog\u00eda de Computadores, Universidad de Granada, 18071 Granada, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8126-1146","authenticated-orcid":false,"given":"Luis","family":"Parrilla","sequence":"additional","affiliation":[{"name":"Departamento Electr\u00f3nica y Tecnolog\u00eda de Computadores, Universidad de Granada, 18071 Granada, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3204-1555","authenticated-orcid":false,"given":"Gianfranco","family":"Mauro","sequence":"additional","affiliation":[{"name":"Infineon Technologies AG, 85579 Neubiberg, Germany"},{"name":"Departamento Electr\u00f3nica y Tecnolog\u00eda de Computadores, Universidad de Granada, 18071 Granada, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Antonio","family":"Escobar-Molero","sequence":"additional","affiliation":[{"name":"Infineon Technologies AG, 85579 Neubiberg, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3294-8934","authenticated-orcid":false,"given":"Diego P.","family":"Morales","sequence":"additional","affiliation":[{"name":"Departamento Electr\u00f3nica y Tecnolog\u00eda de Computadores, Universidad de Granada, 18071 Granada, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6476-8105","authenticated-orcid":false,"given":"Encarnaci\u00f3n","family":"Castillo","sequence":"additional","affiliation":[{"name":"Departamento Electr\u00f3nica y Tecnolog\u00eda de Computadores, Universidad de Granada, 18071 Granada, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2022,7,5]]},"reference":[{"key":"ref_1","unstructured":"Cisco, U. (2020). Cisco Annual Internet Report (2018\u20132023) White Paper, Cisco."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"637","DOI":"10.1109\/JIOT.2016.2579198","article-title":"Edge Computing: Vision and Challenges","volume":"3","author":"Shi","year":"2016","journal-title":"IEEE Internet Things J."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"4946","DOI":"10.1109\/JIOT.2019.2897619","article-title":"A survey on secure data analytics in edge computing","volume":"6","author":"Liu","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"680","DOI":"10.1016\/j.future.2016.11.009","article-title":"Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges","volume":"78","author":"Roman","year":"2018","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_5","unstructured":"(2022, May 23). ISG; ETSI; GMI; Mobile Edge Computing; Market Acceleration; MEC Metrics Best Practice and Guidelines. Available online: https:\/\/www.etsi.org\/deliver\/etsi_gs\/MEC-IEG\/001_099\/006\/01.01.01_60\/gs_MEC-IEG006v010101p.pdf."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"1608","DOI":"10.1109\/JPROC.2019.2918437","article-title":"Edge Computing Security: State of the Art and Challenges","volume":"107","author":"Xiao","year":"2019","journal-title":"Proc. IEEE"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"450","DOI":"10.1109\/JIOT.2017.2750180","article-title":"Mobile Edge Computing: A Survey","volume":"5","author":"Abbas","year":"2018","journal-title":"IEEE Internet Things J."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"2447","DOI":"10.1109\/COMST.2020.3008879","article-title":"Collective Remote Attestation at the Internet of Things Scale: State-of-the-art and Future Challenges","volume":"22","author":"Ambrosin","year":"2020","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"21742","DOI":"10.1109\/ACCESS.2022.3153064","article-title":"Defense and Attack Techniques Against File-Based TOCTOU Vulnerabilities: A Systematic Review","volume":"10","author":"Raducu","year":"2022","journal-title":"IEEE Access"},{"key":"ref_10","unstructured":"(2022, May 23). Trusted Computing Group TPM 2.0 Library. Available online: https:\/\/trustedcomputinggroup.org\/resource\/tpm-library-specification\/."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Calvo, M., and Beltr\u00e1n, M. (2021, January 5\u201310). Remote Attestation as a Service for Edge-Enabled IoT. Proceedings of the 2021 IEEE International Conference on Services Computing (SCC), Chicago, IL, USA.","DOI":"10.1109\/SCC53864.2021.00046"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"78","DOI":"10.1016\/j.cose.2018.10.008","article-title":"MTRA: Multi-Tier randomized remote attestation in IoT networks","volume":"81","author":"Tan","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Tan, H., Hu, W., and Jha, S. (2011, January 31). A TPM-enabled remote attestation protocol (TRAP) in wireless sensor networks. Proceedings of the 6th ACM Workshop on Performance Monitoring and Measurement of Heterogeneous Wireless and Wired Networks, Miami, FL, USA.","DOI":"10.1145\/2069087.2069090"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1109\/COMST.2006.315852","article-title":"A survey of security issues in wireless sensor networks","volume":"8","author":"Wang","year":"2006","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_15","unstructured":"Seshadri, A., Perrig, A., Van Doorn, L., and Khosla, P. (2004, January 12). SWATT: Software-based attestation for embedded devices. Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, CA, USA."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1145\/353323.353383","article-title":"Reflection as a mechanism for software integrity verification","volume":"3","author":"Spinellis","year":"2000","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Seshadri, A., Luk, M., Perrig, A., Van Doorn, L., and Khosla, P. (2006, January 29). SCUBA: Secure code update by attestation in sensor networks. Proceedings of the 5th ACM workshop on Wireless Security, Los Angeles, CA, USA.","DOI":"10.1145\/1161289.1161306"},{"key":"ref_18","unstructured":"Francillon, A., Nguyen, Q., Rasmussen, K.B., Tsudik, G., and Systematic Treatment of Remote Attestation (2022, June 24). Cryptology ePrint Archive, Report 2012\/713. Available online: https:\/\/ia.cr\/2012\/713."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"7220","DOI":"10.1109\/JIOT.2020.2983655","article-title":"HAtt: Hybrid remote attestation for the Internet of Things with high availability","volume":"7","author":"Aman","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Ibrahim, A., Sadeghi, A.R., and Zeitouni, S. (2017, January 18\u201320). SeED: Secure non-interactive attestation for embedded devices. Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Boston, MA, USA.","DOI":"10.1145\/3098243.3098260"},{"key":"ref_21","unstructured":"Eldefrawy, K., Tsudik, G., Francillon, A., and Perito, D. (2012, January 5\u20138). Smart: Secure and minimal architecture for (establishing dynamic) root of trust. Proceedings of the Ndss, San Diego, CA, USA."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Carpent, X., Tsudik, G., and Rattanavipanon, N. (2018, January 19\u201323). ERASMUS: Efficient remote attestation via self-measurement for unattended settings. Proceedings of the 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE), Dresden, Germany.","DOI":"10.23919\/DATE.2018.8342195"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Koeberl, P., Schulz, S., Sadeghi, A.R., and Varadharajan, V. (2014, January 14\u201316). TrustLite: A security architecture for tiny embedded devices. Proceedings of the Ninth European Conference on Computer Systems, Amsterdam, The Netherlands.","DOI":"10.1145\/2592798.2592824"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Carpent, X., ElDefrawy, K., Rattanavipanon, N., and Tsudik, G. (2017, January 2\u20136). Lightweight swarm attestation: A tale of two lisa-s. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, Abu Dhabi, United Arab Emirates.","DOI":"10.1145\/3052973.3053010"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"3123","DOI":"10.1109\/TIFS.2020.2983282","article-title":"SARA: Secure asynchronous remote attestation for IoT systems","volume":"15","author":"Dushku","year":"2020","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_26","unstructured":"Safford, D., Kasatkin, D., and Mzohar (2022, June 24). Integrity Measurement Architecture (IMA). Available online: https:\/\/sourceforge.net\/projects\/linux-ima\/."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Cooper, D., Polk, W., Regenscheid, A., and Souppaya, M. (2022, June 07). BIOS Protection Guidelines\u2014NIST, 2011. National Institute of Standards and Technology, Available online: https:\/\/nvlpubs.nist.gov\/nistpubs\/legacy\/sp\/nistspecialpublication800-147.pdf.","DOI":"10.6028\/NIST.SP.800-147"},{"key":"ref_28","unstructured":"Trusted Computing Group\u2122 (2022, May 20). Endorsement Key (EK) and Platform Certificate Enrollment Specification. Available online: https:\/\/trustedcomputinggroup.org\/wp-content\/uploads\/IWG-EK-CMC-enrollment-for-TPM-v1-2-FAQ-rev-April-3-2013.pdf."},{"key":"ref_29","unstructured":"Trusted Computing Group (2022, June 24). TCG Trusted Attestation Protocol (TAP) Information Model for TPM Families 1.2 and 2.0 and DICE Family 1.0 Revision 0.36. Available online: https:\/\/trustedcomputinggroup.org\/wp-content\/uploads\/TNC_TAP_Information_Model_v1.00_r0.36-FINAL.pdf."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Arthur, W., Challener, D., and Goldman, K. (2015). A Practical Guide to TPM 2.0: Using the New Trusted Platform Module in the New Age of Security, Springer Nature.","DOI":"10.1007\/978-1-4302-6584-9"},{"key":"ref_31","unstructured":"Ernesto (2022, June 21). RESEKRA: Verifier. Available online: https:\/\/github.com\/ernesto418\/Remote_attestation_server\/."},{"key":"ref_32","unstructured":"Dierks, T., and Rescorla, E. (2022, May 20). The Transport Layer Security (TLS) Protocol Version 1.2. RFC5246. Available online: https:\/\/www.rfc-editor.org\/info\/rfc5246."},{"key":"ref_33","unstructured":"Technologies, I. (2022, June 21). DPS310 Pressure Shield2Go. Available online: https:\/\/www.infineon.com\/cms\/en\/product\/evaluation-boards\/s2go-pressure-dps310\/."},{"key":"ref_34","unstructured":"Technologies, I. (2022, May 23). IRIDIUM9670 TPM2.0 LINUX. Available online: https:\/\/www.infineon.com\/cms\/en\/product\/evaluation-boards\/iridium9670-tpm2.0-linux\/."},{"key":"ref_35","unstructured":"Mode, M. (2022, May 20). Secured Boot for ARM Processor Platforms. Available online: https:\/\/www.infineon.com\/dgdl\/Infineon-ISPN-Use-Case-Secured-boot-for-ARM-processor-platforms-ABR-v01_00-EN.pdf?fileId=5546d4625bd71aa0015c0b1fceee0851."},{"key":"ref_36","unstructured":"Leong, W., and Yushev, A. (2022, May 23). OPTIGA\u2122 TPM Application Note Remote Attestation. Available online: https:\/\/github.com\/Infineon\/remote-attestation-optiga-tpm."},{"key":"ref_37","unstructured":"Ernesto (2022, June 21). RESEKRA: Attestor. Available online: https:\/\/github.com\/ernesto418\/Remote_attestation_TPM\/."},{"key":"ref_38","unstructured":"(2022, May 20). Linux Kernel. Available online: https:\/\/github.com\/torvalds\/linux."},{"key":"ref_39","unstructured":"(2022, January 28). Helium\u00a9, People-Powered Network, 2021 Helium Systems Inc. Available online: https:\/\/www.helium.com\/."},{"key":"ref_40","unstructured":"Leach, P., Mealling, M., and Salz, R. (2022, June 24). A Universally Unique Identifier (uuid) urn Namespace. RFC 4122. Available online: https:\/\/www.rfc-editor.org\/rfc\/rfc4122."},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"370","DOI":"10.1109\/JSAC.2005.861394","article-title":"Wormhole attacks in wireless networks","volume":"24","author":"Hu","year":"2006","journal-title":"IEEE J. Sel. Areas Commun."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/13\/5060\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T23:43:03Z","timestamp":1760139783000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/13\/5060"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,7,5]]},"references-count":41,"journal-issue":{"issue":"13","published-online":{"date-parts":[[2022,7]]}},"alternative-id":["s22135060"],"URL":"https:\/\/doi.org\/10.3390\/s22135060","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,7,5]]}}}