LiteAtt: A Peer-to-Peer Self-Attestation Framework and Handshake Protocol for Connected IoT Devices

As the Internet of Things (IoT) becomes an integral part of critical infrastructure and commercial services, runtime firmware attestation of constituent Micro-Controllers (MCUs) has become instrumental in maintaining security and trust. Most prior works assume computational limitations on the MCUs and rely on a remote verifier to perform complex computation. This introduces a centralized point of failure, round-trip latency, and the burden of maintaining golden reference states at the recipient, even in recent Peer-to-Peer (P2P) and Self-Attestation (SA) schemes. This is avoidable for modern MCUs such as Arm Cortex-M, which, although battery-operated, feature security and intelligence capabilities, including Trusted Execution Environments (TEE) and embedded Tiny Machine Learning (TinyML) inference. Leveraging such provisions, this paper presents LiteAtt, a verifier-less, P2P-SA framework and protocol for modern IoT MCUs that folds directly into the connection handshake between IoT MCUs. Each MCU runs quantized TinyML Autoencoders (TinyAE) within its TEE to evaluate the runtime SRAM state. SA verdicts are securely bound to the handshake transcript context, enabling stateless verification at the peer node. The proposed protocol yields mutually authenticated and firmware-attested communication without traditional latency and reference distribution overheads. We report an average accuracy of 99.42%, F1 score of 99.70%, TPR of 99.45%, and TNR of 95.14% on SRAM attestation datasets, an optimized per-handshake latency, energy consumption, and peak memory footprint of 26.3-294.9ms, 2.65-9.35mJ, and 4.91KB, respectively, across three Arm Cortex-M boards, and evaluate the models on simulated runtime attacks, random perturbation, and adversarial ML.