U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

ZKASP: ZKP-based Attestation of Software Possession for Measuring Instruments

Published

Author(s)

Luis Brandao, Carlos Eduardo Cardoso Galhardo, Rene Peralta

Abstract

Software-controlled measuring instruments used in commercial transactions, such as fuel dispensers and smart meters, are sometimes subject to "memory replacement" attacks. Cybercriminals replace the approved software by a malicious one that then tampers with measurement results, inflicting a financial loss to customers and companies. To mitigate such attacks, legal metrology systems often require regular device attestation, where an auditor checks that the device possesses ("knows") the approved software. However, current attestation methods usually require the software to be known by the auditor, thus increasing the risk of inadvertent leakage or malicious theft of proprietary information, besides facilitating its malicious adulteration. We describe how this issue can be addressed in legal metrology systems by using zero-knowledge proofs of knowledge (ZKPoK). These proofs enable attestation of possession of approved software, while ensuring its confidentiality from the auditor. To further provide publicly verifiable evidence of freshness, each such proof can be related to a fresh random value from a public randomness beacon. This article presents the basic conceptual idea, while also discussing pitfalls that should be avoided.
Citation
Measurement Science and Technology
Volume
33
Issue
6
Pub Type
Journals

Download Paper

https://doi.org/10.1088/1361-6501/ac5438
Local Download

Keywords

cryptography, device attestation, legal metrology, proof of knowledge, public auditability, randomness beacon, zero-knowledge proof
Metrology and Cryptography

Citation

Brandao, L. , Cardoso Galhardo, C. and Peralta, R. (2022), ZKASP: ZKP-based Attestation of Software Possession for Measuring Instruments, Measurement Science and Technology, [online], https://doi.org/10.1088/1361-6501/ac5438, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=932897 (Accessed April 19, 2024)

Created March 9, 2022, Updated November 29, 2022