The Internet of Things (IoT) ecosystem comprises billions of heterogeneous Internet-connected devices which are revolutionizing many domains, such as healthcare, transportation, smart cities, to mention only a few. Along with the unprecedented new opportunities, the IoT revolution is creating an enormous attack surface for potential sophisticated cyber attacks. In this context, Remote Attestation (RA) has gained wide interest as an important security technique to remotely detect adversarial presence and assure the legitimate state of an IoT device. While many RA approaches proposed in the literature make different assumptions regarding the architecture of IoT devices and adversary capabilities, most typical RA schemes rely on minimal Root of Trust by leveraging hardware that guarantees code and memory isolation. However, the presence of a specialized hardware is not always a realistic assumption, for instance, in the context of legacy IoT devices and resource-constrained IoT devices. In this paper, we survey and analyze existing software-based RA schemes (i.e., RA schemes not relying on specialized hardware components) through the lens of IoT. In particular, we provide a comprehensive overview of their design characteristics and security capabilities, analyzing their advantages and disadvantages. Finally, we discuss the opportunities that these RA schemes bring in attesting legacy and resource-constrained IoT devices, along with open research issues.

中文翻译：

---

物联网的机会和开放性问题

物联网（IoT）生态系统包含数十亿种异构连接互联网的设备，这些设备正在彻底改变许多领域，例如医疗保健，交通运输，智慧城市等。伴随着前所未有的新机遇，物联网革命为潜在的复杂网络攻击创造了巨大的攻击面。在这种情况下，远程认证（RA）作为一种重要的安全技术已引起广泛关注，该技术可远程检测对手的存在并确保IoT设备的合法状态。尽管文献中提出的许多RA方法对IoT设备的架构和对手能力做出了不同的假设，但大多数典型的RA方案通过利用可保证代码和内存隔离的硬件，而依赖于最小的信任根。然而，例如，在遗留物联网设备和资源受限的物联网设备的背景下，专用硬件的存在并不总是一个现实的假设。在本文中，我们通过物联网的角度来调查和分析现有的基于软件的RA方案（即，不依赖于专用硬件组件的RA方案）。特别是，我们提供了它们的设计特征和安全功能的全面概述，并分析了它们的优缺点。最后，我们讨论了这些RA方案为证明遗留和受资源限制的IoT设备带来的机会，以及开放的研究问题。RA方案不依赖于物联网的角度而依赖于专门的硬件组件。特别是，我们提供了它们的设计特征和安全功能的全面概述，并分析了它们的优缺点。最后，我们讨论了这些RA方案为证明遗留和受资源限制的IoT设备带来的机会，以及开放的研究问题。RA方案不依赖于物联网的角度而依赖于专门的硬件组件。特别是，我们提供了它们的设计特征和安全功能的全面概述，并分析了它们的优缺点。最后，我们讨论了这些RA方案为证明遗留和受资源限制的IoT设备带来的机会，以及开放的研究问题。