Karim Eldefrawy

Cryptography, Cybersecurity, Privacy

Co-founder and CTO at Confidencial.io
2017-2021: SRI
2011-2016: HRL Laboratories
2006-2010: PhD@UC Irvine

Scientific curiosity

Scientific knowledge map · Paper #33

Lightweight Swarm Attestation: A Tale of Two LISA-s

Xavier Carpent, Karim Eldefrawy, Norrathep Rattanavipanon, and Gene Tsudik

2017 · ACM Asia Conference on Computer and Communications Security (AsiaCCS)

  • Applied
  • System
  • Implementation
  • protocol

What does the paper try to establish?

How can a verifier attest a connected, possibly mobile swarm of low-end devices and choose how much per-device or topology information to receive, without imposing the cost of independent single-device attestation on every prover?

What is the proposed answer?

The paper defines Quality of Swarm Attestation (QoSA) and constructs two SMART+-based protocols: asynchronous LISA-alpha forwards individual authenticated reports for list-level detail, while synchronous LISA-s aggregates authenticated descendant reports along a temporary spanning tree and can expose binary through full topology-aware QoSA. Their assurance and efficiency claims are bounded by quasi-static connectivity, an honest verifier, protected attestation code and state, and the exclusion of physical compromise and lower-layer denial of service.

Six dimensions, kept separate

The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.

The visual spider chart requires JavaScript. The complete values and rationales follow in text.

LowMediumHighN/A = not assessed

A smaller value means less documented support for that dimension, not that the paper is false or unimportant.

Epistemic evidence High

The complete paper specifies two protocols, their state machines and assumptions, provides an attack-structured security analysis, and reports a 30-scenario-per-point emulation study. This is substantial mixed analytical and empirical support, although the security reasoning is informal and no independent reproduction was located.

LISA-alpha protocol, state machines, QoSA, and complexity LISA-s aggregation protocol, state machines, QoSA, and complexity Attack vectors and informal security analysis CORE implementation, experimental setup, metrics, and results
Auditability High

A checked-in author-hosted full paper with recorded SHA-256 and page count, plus the official DOI and precise section/page anchors, makes the represented claims and assumptions directly inspectable. Code and raw experimental data were not located.

Motivation, QoSA contribution, and two-protocol overview Official AsiaCCS publication identity CORE implementation, experimental setup, metrics, and results
Production provenance Medium

Named authorship, affiliations, venue, date, DOI, funding acknowledgments, and an author-hosted manuscript are documented. Contributor roles, revision history, tool use, and artifact-version lineage have not been audited.

Motivation, QoSA contribution, and two-protocol overview Official AsiaCCS publication identity
External scrutiny Medium

AsiaCCS publication establishes external venue review, but review reports, rebuttal, independent formal verification, reproduction, and correction history are not represented in the audited sources.

Official AsiaCCS publication identity
Reception High

OpenAlex reported 75 citations on 2026-07-11. Under the author-defined corpus rule, more than 10 located citations is High. The count is index- and date-dependent and is not evidence of correctness by itself.

Dated citation-count snapshot
Contribution significance High

The paper introduces an explicit vocabulary for swarm-attestation information quality and two contrasting protocol designs, and the dated citation record shows substantial follow-on attention. Priority and real-world adoption have not been independently established.

Motivation, QoSA contribution, and two-protocol overview Binary, list, intermediate, and full Quality of Swarm Attestation Dated citation-count snapshot

Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.

Hierarchical knowledge map

Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.

paper

Lightweight Swarm Attestation: A Tale of Two LISA-s

A protocol-and-systems paper that defines an information-quality vocabulary for swarm attestation, specifies two lightweight collective-attestation protocols, informally analyzes attacks, and evaluates Python implementations in an emulated mobile network.

Motivation, QoSA contribution, and two-protocol overview
  1. question

    Research question

    research question

    How can a verifier collectively assess a low-end device swarm while controlling the granularity of the returned integrity information and the communication, computation, and trusted-state cost?

    Motivation, QoSA contribution, and two-protocol overview
  2. contribution

    QoSA plus two protocol points

    source asserted

    QoSA separates what a verifier learns from how attestation is performed; LISA-alpha prioritizes minimal changes and individual reports, whereas LISA-s adds protected state and authenticated aggregation to reduce communication and support richer aggregate outcomes.

    Binary, list, intermediate, and full Quality of Swarm Attestation LISA-alpha protocol, state machines, QoSA, and complexity LISA-s aggregation protocol, state machines, QoSA, and complexity
  3. scope Operating model explicitly scoped

    The swarm contains a known number n of low-end devices and an honest verifier. Its communication graph must remain connected and quasi-static during an attestation session; mobility is allowed only when it does not disrupt the protocol's message propagation.

    Swarm, connectivity, adversary, and verifier model
    1. assumption

      SMART+ root-of-trust assumptions

      assumed

      Each prover supplies immutable attestation code, protected keys and variables, controlled entry/exit, interrupt handling, and memory-protection rules sufficient to keep malware from invoking the key outside AttCode or modifying protected protocol state.

      SMART+ hybrid attestation basis and memory-access rules
  4. definition

    Quality of Swarm Attestation

    defined

    QoSA describes the information returned to the verifier: B-QoSA is a swarm-wide bit, L-QoSA identifies successfully attested devices, I-QoSA supplies an intermediate statistic such as a count, and F-QoSA also exposes connectivity or topology.

    Binary, list, intermediate, and full Quality of Swarm Attestation
  5. method Collective-attestation construction specified

    Both protocols flood an authenticated fresh request, derive a parent relation, invoke protected single-device attestation, and route authenticated results back toward the verifier; they differ in whether devices merely forward reports or verify and aggregate them.

    LISA-alpha protocol, state machines, QoSA, and complexity LISA-s aggregation protocol, state machines, QoSA, and complexity
    1. protocol LISA-alpha asynchronous forwarding specified

      A device authenticates a fresh request, records the sender as its parent, rebroadcasts the request, measures its memory, and sends an authenticated individual report upward. Intermediate devices forward current-session reports without authenticating them.

      LISA-alpha protocol, state machines, QoSA, and complexity
      1. output

        List-level outcome and optional topology

        specified

        The verifier partitions known identifiers into attested, failed, and no-report sets, giving L-QoSA. Parent fields can expose topology only after extra authentication; the basic parent value is not trustworthy enough for reliable F-QoSA.

        LISA-alpha protocol, state machines, QoSA, and complexity
    2. protocol LISA-s synchronous aggregation specified

      Devices establish children during a bounded request phase, attest locally, authenticate child reports, aggregate descendant identifiers or results, and send one authenticated report to the parent. Verification before aggregation suppresses forged-report propagation.

      LISA-s aggregation protocol, state machines, QoSA, and complexity
      1. output

        Configurable aggregate QoSA

        specified

        Changing what each aggregate carries supports outcomes from B-QoSA through lists, counts, and a recursively encoded descendant tree for F-QoSA, trading information granularity against payload size and protected state.

        Binary, list, intermediate, and full Quality of Swarm Attestation LISA-s aggregation protocol, state machines, QoSA, and complexity
  6. claim group Main claims source asserted

    The source argues protocol-level authenticity and freshness under its root-of-trust and MAC assumptions and reports distinct resource tradeoffs; these are not claims of physical security, lower-layer availability, or fully formal verification.

    Attack vectors and informal security analysis CORE implementation, experimental setup, metrics, and results
    1. claim

      Resistance to report and request forgery

      informally analyzed

      Accepted forged reports or requests would require MAC forgery, disclosure of protected key K, or modification of protected state; the analysis relies on SMART+ isolation, freshness counters, and a secure MAC rather than a game-based proof.

      Attack vectors and informal security analysis
    2. claim

      Best effort under connectivity change

      conditional claim

      If quasi-static connectivity fails, healthy devices may be omitted and produce a false-negative or no-report outcome, but the paper states that affected devices are not positively attested merely because links change.

      Swarm, connectivity, adversary, and verifier model
  7. evidence group Evidence mixed analytical and empirical

    Evidence consists of executable pseudocode and state machines, an informal attack-by-attack security analysis, asymptotic complexity discussion, and experiments with Python implementations in the CORE network emulator.

    LISA-alpha protocol, state machines, QoSA, and complexity LISA-s aggregation protocol, state machines, QoSA, and complexity Attack vectors and informal security analysis CORE implementation, experimental setup, metrics, and results
    1. evidence

      Security-analysis coverage

      informal argument

      The analysis considers report forgery, request forgery, attestation-layer denial of service, and lower-layer denial of service separately for both protocols, tracing accepted forgeries to cryptographic or protected-state failures.

      Attack vectors and informal security analysis
    2. evidence

      CORE emulation study

      reported experiment

      Random connected topologies in a 1,500 by 800 area use a 200-unit link threshold, 802.11, OLSR, and cryptographic delays derived from a laptop and Raspberry Pi 2. Each plotted point averages 30 generated scenarios while varying swarm and attested-memory size.

      CORE implementation, experimental setup, metrics, and results
    3. evidence

      Reported performance pattern

      reported measurement

      Average device CPU time is similar because memory hashing dominates, whereas LISA-alpha bandwidth is higher; at 40 nodes the reported payload difference reaches about threefold, and bandwidth grows roughly linearly with swarm size.

      CORE implementation, experimental setup, metrics, and results
  8. limitation group Limitations and exclusions material

    The results are conditional on protected SMART+ execution, an honest verifier, known membership, suitable timeouts, quasi-static connected topology, static-memory measurement, and absence of physical compromise; the experiments are emulations rather than a deployed hardware swarm.

    Swarm, connectivity, adversary, and verifier model SMART+ hybrid attestation basis and memory-access rules CORE implementation, experimental setup, metrics, and results Cryptographic choices and physical-compromise tradeoffs
    1. limitation

      Shared-key physical-compromise boundary

      explicitly out of scope

      With one swarm-wide master key, physical compromise of one device exposes the key and permits impersonation of devices and verifier. Per-device symmetric keys or public-key designs reduce that blast radius but change computation, bandwidth, and neighbor-authentication costs.

      Cryptographic choices and physical-compromise tradeoffs
    2. limitation

      Availability boundary

      explicitly out of scope

      Radio jamming, packet dropping, and other network-, link-, or physical-layer denial of service are not prevented; protocol timeouts bound waiting but cannot distinguish every adversarial omission from natural loss or mobility.

      Attack vectors and informal security analysis
  9. artifact group

    Artifacts and reproducibility

    paper described

    The paper reports Python implementations and the open-source CORE emulator, but this map located no archived code, scenario bundle, measurement data, or executable reproduction package tied to the publication.

    CORE implementation, experimental setup, metrics, and results
  10. scrutiny

    External scrutiny

    venue reviewed

    The work appeared at ACM AsiaCCS. The public record establishes venue scrutiny, while review reports, rebuttal, independent protocol verification, replication, and correction history are not represented here.

    Official AsiaCCS publication identity
  11. lineage

    Open development path

    author identified future work

    The conclusion identifies formal security proofs and implementation and evaluation on a real device swarm as future work, marking the boundary between the paper's informal/emulated evidence and stronger validation.

    Conclusions and future work

Source index

Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.

  1. Motivation, QoSA contribution, and two-protocol overview Abstract and Sections 1.2-1.3, PDF pages 1-3
  2. Swarm, connectivity, adversary, and verifier model Sections 2.1, 2.2, and 2.7, PDF pages 3-5
  3. SMART+ hybrid attestation basis and memory-access rules Section 2.3 and Figure 1, PDF pages 3-4
  4. Binary, list, intermediate, and full Quality of Swarm Attestation Section 2.4, PDF pages 4-5
  5. LISA-alpha protocol, state machines, QoSA, and complexity Section 3.1 and Algorithms 1-2, PDF pages 5-8
  6. LISA-s aggregation protocol, state machines, QoSA, and complexity Section 3.2 and Algorithms 3-4, PDF pages 8-10
  7. Attack vectors and informal security analysis Section 4, PDF pages 10-11
  8. CORE implementation, experimental setup, metrics, and results Section 5 and Figure 4, PDF pages 11-12
  9. Cryptographic choices and physical-compromise tradeoffs Section 6, PDF pages 12-13
  10. Conclusions and future work Section 8, PDF page 13
  11. Official AsiaCCS publication identity AsiaCCS 2017, pages 86-100, DOI 10.1145/3052973.3053010
  12. Dated citation-count snapshot OpenAlex reported 75 citing works when accessed 2026-07-11