Abstract Remote attestation enables centralized entities to assess the trustworthiness of remote devices. However, despite its utility, existing approaches often lack explicit support for secure software updates, which are essential for maintaining long-term security in embedded systems. This paper presents RASUES, a remote-attestation-based scheme specifically designed to integrate software update mechanisms into embedded systems. To achieve this, we extend the RATS (Remote ATtestation procedureS) RFC 9334 specification with an update procedure that accounts for both the expected state before and after the update. We implement the core functionality of RASUES on a TPM-based embedded hardware platform to demonstrate its feasibility. We evaluate the latency of the prototype and analyze its security properties, revealing that RASUES introduces minimal performance overhead while significantly enhancing security under defined assumptions. Furthermore, we conduct a comprehensive security analysis to identify potential threats and demonstrate how RASUES mitigates them. We also highlight areas in which the protocol must be complemented with additional security mechanisms, ensuring a transparent evaluation of RASUES’s capabilities and limitations.
Usman et al. (Sat,) studied this question.