Karim Eldefrawy

Cryptography, Cybersecurity, Privacy

Co-founder and CTO at Confidencial.io
2017-2021: SRI
2011-2016: HRL Laboratories
2006-2010: PhD@UC Irvine

Scientific curiosity

Scientific knowledge map · Paper #50

VRASED: A Verified Hardware/Software Co-Design for Remote Attestation

Ivan De Oliveira Nunes, Karim Eldefrawy, Norrathep Rattanavipanon, Michael Steiner, and Gene Tsudik

2019 · 28th USENIX Security Symposium

  • Applied
  • System
  • Implementation
  • Formal Verification
  • protocol

What does the paper try to establish?

Can a low-end embedded device obtain strong, formally stated remote-attestation guarantees with only a small amount of additional hardware?

What is the proposed answer?

VRASED combines verified HMAC software with a small hardware monitor, then connects component properties to end-to-end soundness and security under explicit MCU, compiler, cryptographic, and physical-attack assumptions.

Abstract

Remote Attestation (RA) is a distinct security service that allows a trusted verifier (Vrf) to measure the software state of an untrusted remote prover (Prv). If correctly implemented, RA allows Vrf to remotely detect if Prv is in an illegal or compromised state. Although several RA approaches have been explored (including hardware-based, software-based, and hybrid) and many concrete methods have been proposed, comparatively little attention has been devoted to formal verification. In particular, thus far, no RA designs and no implementations have been formally verified with respect to claimed security properties. In this work, we take the first step towards formal verification of RA by designing and verifying an architecture called VRASED: Verifiable Remote Attestation for Simple Embedded Devices. VRASED instantiates a hybrid (HW/SW) RA co-design aimed at low-end embedded systems, e.g., simple IoT devices. VRASED provides a level of security comparable to HW-based approaches, while relying on SW to minimize additional HW costs. Since security properties must be jointly guaranteed by HW and SW, verification is a challenging task, which has never been attempted before in the context of RA. We believe that VRASED is the first formally verified RA scheme. To the best of our knowledge, it is also the first formal verification of a HW/SW co-design implementation of any security service. To demonstrate VRASED’s practicality and low overhead, we instantiate and evaluate it on a commodity platform (TI MSP430). VRASED was deployed using the Basys3 Artix-7 FPGA and its implementation is publicly available.

Provenance: Transcribed from the checked-in full-text PDF; calligraphic verifier/prover symbols were normalized to Vrf and Prv, and only typography, discretionary hyphenation, and line-break artifacts were otherwise normalized.

Six dimensions, kept separate

The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.

The visual spider chart requires JavaScript. The complete values and rationales follow in text.

LowMediumHighN/A = not assessed

A smaller value means less documented support for that dimension, not that the paper is false or unimportant.

Epistemic evidence Medium

Strong formal and empirical evidence supports the stated model, but crucial transfer steps to the concrete compiler, MCU, and integration are assumed; later adversarial work found implementation-level gaps.

LTL, NuSMV, Verilog2SMV, and composition workflow Soundness and security proof chain Verification results, overhead, and performance Independent adversarial analysis of gaps between formal models and concrete implementations
Auditability High

An author-hosted paper, implementation, verification specifications, scripts, and proof material are public and documented, making the work directly inspectable; auditability is high. The map has not pinned an immutable repository revision or recorded an independent full reproduction.

Public implementation, build instructions, verification specifications, and proof artifacts Verification results, overhead, and performance
Production provenance Medium

The record documents named authorship and the publication or review status of the paper, establishing a baseline human and lifecycle provenance trail. Contributor roles, revision and effort history, AI or tool use, artifact-version lineage, and explicit final approval have not yet been audited, so this provisional medium rating should not be read as complete production provenance.

Problem, contribution, and priority claims Public implementation, build instructions, verification specifications, and proof artifacts
External scrutiny High

The work passed conference review, exposes public artifacts, received detailed independent adversarial examination, and has a public response that records scope distinctions and prototype changes.

Official peer-reviewed publication record Independent adversarial analysis of gaps between formal models and concrete implementations Author response clarifying the verified module, integration assumptions, and prototype changes
Reception High

OpenAlex reported 89 citations for the USENIX record on 2026-07-11. Under the author-defined corpus rule, 11 or more located citations is High; follow-on architectures, outside analysis, and an independent reimplementation add qualitative evidence, but neither count nor uptake establishes correctness.

Dated citation-count snapshot Independent description of VRASED's formal model, trusted boundaries, and research lineage Public implementation, build instructions, verification specifications, and proof artifacts
Contribution significance High

The paper introduced a first-of-kind verified hybrid remote-attestation architecture and helped establish a research line around both verified low-end security architectures and the limits of transferring proofs to implementations.

Problem, contribution, and priority claims Claimed significance, portability, and future directions Independent description of VRASED's formal model, trusted boundaries, and research lineage

Hierarchical knowledge map

Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.

paper

VRASED

A formally specified hardware/software architecture for remote attestation on low-end embedded devices, accompanied by proofs, model checking, a public implementation, and FPGA evaluation.

Problem, contribution, and priority claims
  1. question

    Research question

    research question

    Can remote attestation for a constrained MCU be both practical and connected to explicit end-to-end soundness and security definitions?

    Problem, contribution, and priority claims
  2. scope Scope, adversary, and assumptions explicitly scoped

    The guarantees concern software-controlled attacks on a low-end MCU and hold only when the stated machine, compiler, cryptographic, and hardware boundaries are satisfied.

    Adversarial capabilities, axioms A1-A7, and exclusions RA security game and SW-Att boundary
  3. method Architecture and enforcement path implemented

    The design composes a trusted software attestation routine with hardware state machines that watch execution and force reset on policy violations.

    Secure-attestation properties P1-P7 LTL, NuSMV, Verilog2SMV, and composition workflow
    1. component

      SW-Att

      partially machine checked

      HACL* HMAC-SHA256 derives a challenge-specific key and authenticates the requested memory region; HACL* supplies inherited F* proofs, while mapping those guarantees into VRASED's model is manual.

      RA security game and SW-Att boundary
    2. definition

      Required properties P1-P7

      defined

      Key access control, no leakage, secure reset, functional correctness, immutability, atomicity, and controlled invocation are the bridge from components to remote-attestation guarantees.

      Secure-attestation properties P1-P7
  4. claim group Principal claims mixed

    The paper makes formal claims about a stated model, an empirical claim about concrete overhead, and a priority claim about first-of-kind verification.

    End-to-end soundness definition RA security game and SW-Att boundary Verification results, overhead, and performance
  5. evidence group Evidence chain documented

    The evidence combines inherited software proofs, model-checked hardware properties, compositional reasoning, public artifacts, and FPGA measurements.

    LTL, NuSMV, Verilog2SMV, and composition workflow Verification results, overhead, and performance Soundness and security proof chain
  6. limitation group Trusted boundary and limitations material

    The strongest guarantees apply to the formalized module and model; moving from verified source and FSMs to a concrete MCU/FPGA system introduces trusted steps.

    Adversarial capabilities, axioms A1-A7, and exclusions Soundness and security proof chain
  7. scrutiny Independent scrutiny and correction context independently examined

    Later researchers examined the gap between VRASED's formal model and its concrete openMSP430 instantiation, and the VRASED repository records a scoped response and prototype changes.

    Independent adversarial analysis of gaps between formal models and concrete implementations Author response clarifying the verified module, integration assumptions, and prototype changes

Source index

Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.

  1. Problem, contribution, and priority claims Abstract and Section 1, PDF page 1
  2. Adversarial capabilities, axioms A1-A7, and exclusions Section 3.1, PDF pages 4-5
  3. Secure-attestation properties P1-P7 Section 3.2 and Figure 2, PDF page 5
  4. LTL, NuSMV, Verilog2SMV, and composition workflow Sections 3.3-3.4 and Figures 4-5, PDF page 6
  5. End-to-end soundness definition Section 4.2, Definition 1, PDF page 7
  6. RA security game and SW-Att boundary Section 4.2, Definition 2 and Figure 6, PDF page 8
  7. LTL enforcement for access control, atomicity, confidentiality, DMA, and reset Sections 4.4-4.9, PDF pages 9-11
  8. OpenMSP430 and FPGA implementation Section 6.1, PDF page 12
  9. Verification results, overhead, and performance Sections 6.2-6.4 and Tables 2-4, PDF page 13
  10. Claimed significance, portability, and future directions Sections 7-8, PDF pages 14-15
  11. Soundness and security proof chain Appendix A, Theorems 1-2, PDF pages 16-18
  12. Official peer-reviewed publication record USENIX Security 2019
  13. Public implementation, build instructions, verification specifications, and proof artifacts Repository README, accessed 2026-07-11
  14. Author response clarifying the verified module, integration assumptions, and prototype changes Repository README: A Note on the Extent of VRASED Verification, accessed 2026-07-11
  15. Independent description of VRASED's formal model, trusted boundaries, and research lineage Sections I-II, PDF pages 2-4
  16. Independent adversarial analysis of gaps between formal models and concrete implementations Abstract and contributions, PDF pages 1-2
  17. Dated citation-count snapshot OpenAlex reported 89 citing works for the USENIX record when accessed 2026-07-11