With the rising number of IoT devices, the security of such devices becomes increasingly important. Remote attestation (RA) is a distinct security service that allows a remote verifer to reason about the state of an untrusted remote prover (device). Paradigms of remote attestation span from exclusively software, in software-based attestation, to exclusively hardware-based. In between the extremes are hybrid attestation that utilize the enhanced security of secure hardware components in combination with the lower cost of purely software-based implementations. Traditional remote attestation protocols are concerned with reasoning about the state of a prover. However, extensions to remote attestation also exist, such as code updates, device resets, erasure and attestation of the device's run-time state. Furthermore, as interconnected IoT devices are becoming increasingly more popular, so is the need for attestation of device swarms. We will describe and evaluate the state-of-the-art for remote attestation, which covers singular attestation of devices as well as newer research in the area of formally verified RA protocols, swarm attestation and control-flow attestation.

中文翻译：

---

远程认证：文献综述

随着物联网设备数量的增加，此类设备的安全性变得越来越重要。远程证明（RA）是一项独特的安全服务，它允许远程Verifer推断不可信的远程证明者（设备）的状态。远程认证的范式从基于软件的认证中的专有软件到基于硬件的专有认证。在极端情况之间是混合证明，该证明利用安全硬件组件的增强的安全性以及较低的纯基于软件的实施成本。传统的远程证明协议关注证明者状态的推理。但是，还存在对远程证明的扩展，例如代码更新，设备重置，擦除和设备运行时状态的证明。此外，随着互连的物联网设备变得越来越流行，对设备群的证明的需求也越来越大。我们将描述和评估远程认证的最新技术，其中包括设备的单一认证以及形式验证的RA协议，群认证和控制流认证领域中的最新研究。