ABSTRACT
Remote and largely unattended sensing devices are being deployed rapidly in sensitive environments, such as healthcare, in the home, and on corporate premises. A major challenge, however, is trusting data from such devices to inform critical decision-making using standardised trust mechanisms. Previous attempts have focused heavily on Trusted Platform Modules (TPMs) as a root of trust, but these forgo desirable features of recent developments, namely Trusted Execution Environments (TEEs), such as Intel SGX and the GlobalPlatform TEE. In this paper, we contrast the application of TEEs in trusted sensing devices with TPMs, and raise the challenge of secure TEE-to-TEE communication between remote devices with mutual trust assurances. To this end, we present a novel secure and trusted channel protocol that performs mutual remote attestation in a single run for small-scale devices with TEEs. This is evaluated on two ARM development boards hosting GlobalPlatform-compliant TEEs, yielding approximately four-times overhead versus untrusted world TLS and SSH. Our work provides strong resilience to integrity and confidentiality attacks from untrusted world adversaries, facilitates TEE interoperability, and is subjected to mechanical formal analysis using Scyther.
- William Aiello, Steven M Bellovin, Matt Blaze, Ran Canetti, John Ioannidis, Angelos D Keromytis, and Omer Reingold. 2004. Just fast keying: Key agreement in a hostile internet. ACM Transactions on Information and System Security (TISSEC) 7, 2 (2004), 242--273. Google ScholarDigital Library
- Raja Akram, Konstantinos Markantonakis, Keith Mayes, Pierre-Francois Bonnefoi, Damien Sauveron, and Serge Chaumette. 2016. An Efficient, Secure and Trusted Channel Protocol for Avionics Wireless Networks. IEEE Computer Society.Google Scholar
- Raja Naeem Akram, Konstantinos Markantonakis, and Keith Mayes. 2012. A privacy preserving application acquisition protocol. In 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications. IEEE, 383--392. Google ScholarDigital Library
- ARM. 2015. ARM Cortex Programmer's Guide for ARMv8-A. Version 1.0. (2015). http://infocenter.arm.com/help/topic/com.arm.doc.den0024a/DEN0024A_v8_architecture_PG.pdf.Google Scholar
- Myo Min Aung and Yoon Seok Chang. 2014. Temperature management for the quality assurance of a perishable food supply chain. Food Control 40 (2014), 198--207.Google ScholarCross Ref
- Ashar Aziz and Whitfield Diffie. 1994. Privacy and authentication for wireless local area networks. IEEE Personal Communications 1, 1 (1994), 25--31.Google ScholarCross Ref
- Ernie Brickell and Jiangtao Li. 2011. Enhanced privacy ID from bilinear pairing for hardware authentication and attestation. International Journal of Information Privacy, Security and Integrity 2 1, 1 (2011), 3--33.Google ScholarCross Ref
- Capgemini. 2016. Wearable Devices and their Applicability in the Life Insurance Industry. (2016). https://www.capgemini.com/resource-file-access/resource/pdf/wearable_devices_and_their_applicability_in_thelife_insurance_industry.pdf.Google Scholar
- Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. IACR Cryptology ePrint Archive 2016 (2016), 86. https://eprint.iacr.org/2016/086.pdf.Google Scholar
- Cas JF Cremers. 2008. The Scyther Tool: Verification, falsification, and analysis of security protocols. In International Conference on Computer Aided Verification. Springer, 414--418. Google ScholarDigital Library
- Tim Dierks and Eric Rescorla. 2008. RFC 5246 - Transport Layer Security (TLS) Protocol Version 1.2. (August 2008). https://tools.ietf.org/html/rfc5246.Google Scholar
- Whitfield Diffie, Paul C Van Oorschot, and Michael J Wiener. 1992. Authentication and authenticated key exchanges. Designs, Codes and Cryptography 2, 2 (1992), 107--125. Google ScholarDigital Library
- Yacine Gasmi, Ahmad-Reza Sadeghi, Patrick Stewin, Martin Unger, and N. Asokan. 2007. Beyond Secure Channels. In Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing (STC '07). ACM, New York, NY, USA, 30--40. Google ScholarDigital Library
- Peter Gilbert, Landon P Cox, Jaeyeon Jung, and David Wetherall. 2010. Toward trustworthy mobile sensing. In Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications. ACM, 31--36. Google ScholarDigital Library
- GlobalPlatform. 2014. TEE Protection Profile (Version 1.2). (2014).Google Scholar
- GlobalPlatform. 2015. Card Remote Application Management over HTTP. (2015).Google Scholar
- GlobalPlatform. 2016. GlobalPlatform TEE Client API Specification v1.0. (2016).Google Scholar
- GlobalPlatform. 2016. GlobalPlatform TEE Internal API Specification v1.0. (2016).Google Scholar
- GlobalPlatform. 2016. GlobalPlatform TEE System Architecture Specification v1.1. (2016).Google Scholar
- Ulrich Greveler, Benjamin Justus, and Dennis Loehr. 2011. Mutual remote attestation: enabling system cloning for TPM based platforms. In International Workshop on Security and Trust Management. Springer, 193--206. Google ScholarDigital Library
- Ramakrishna Gummadi, Hari Balakrishnan, Petros Maniatis, and Sylvia Ratnasamy. 2009. Not-a-Bot: Improving Service Availability in the Face of Botnet Attacks. In NSDI, Vol. 9. 307--320. Google ScholarDigital Library
- Dae-ManHan and Jae-Hyun Lim. 2010. Smart home energy management system using IEEE 802.15.4 and ZigBee. IEEE Transactions on Consumer Electronics 56, 3 (2010). Google ScholarDigital Library
- Günther Horn and Bart Preneel. 2000. Authentication and Payment in Future Mobile Systems. Journal of Computer Security 8, 2,3 (Aug. 2000), 183--207. http://dl.acm.org/citation.cfm?id=1297828.1297832 Google ScholarDigital Library
- Xiaochun Li, Anastasios Golnas, and Fritz B Prinz. 2000. Shape deposition manufacturing of smart metallic structures with embedded sensors. In SPIE's 7th Annual International Symposium on Smart Structures and Materials. International Society for Optics and Photonics, 160--171.Google Scholar
- Linaro. 2017. OP-TEE: Open Source Trusted Execution Environment. (2017). https://www.op-tee.org/.Google Scholar
- He Liu, Stefan Saroiu, Alec Wolman, and Himanshu Raj. 2012. Software abstractions for trusted sensors. In Proceedings of the 10th international conference on Mobile systems, applications, and services. ACM, 365--378. Google ScholarDigital Library
- Konstantinos Markantonakis and Keith Mayes. 2005. A Secure Channel protocol for multi-application smart cards based on public key cryptography. In Communications and Multimedia Security. Springer, 79--95.Google Scholar
- Jonathan M McCune, Bryan J Parno, Adrian Perrig, Michael K Reiter, and Hiroshi Isozaki. 2008. Flicker: An execution infrastructure for TCB minimization. In ACM SIGOPS Operating Systems Review, Vol. 42. ACM, 315--328. Google ScholarDigital Library
- Esmaeil S Nadimi, Rasmus Nyholm Jørgensen, Victoria Blanes-Vidal, and Svend Christensen. 2012. Monitoring and classifying animal behavior using ZigBeebased mobile ad hoc wireless sensor networks and artificial neural networks. Computers and Electronics in Agriculture 82 (2012), 44--54. Google ScholarDigital Library
- NIST. 2016. Recommendations for Key Management. (2016). Special Publication 800-57 Part 1 Rev. 4.Google Scholar
- Norbert Noury, Thierry Hervé, Vicent Rialle, Gilles Virone, Eric Mercier, Gilles Morey, Aldo Moro, and Thierry Porcheron. 2000. Monitoring behavior in home using a smart fall sensor and position sensors. In Microtechnologies in Medicine and Biology, 1st Annual International, Conference On. 2000. IEEE, 607--610.Google Scholar
- Alexandros Pantelopoulos and Nikolaos G Bourbakis. 2010. A survey on wearable sensor-based systems for health monitoring and prognosis. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews) 40, 1 (2010), 1--12. Google ScholarDigital Library
- Himanshu Raj, Stefan Saroiu, Alec Wolman, Ronald Aigner, Jeremiah Cox, Paul England, Chris Fenner, Kinshuman Kinshumann, Jork Loeser, Dennis Mattoon, Magnus Nystrom, David Robinson, Rob Spiger, Stefan Thom, and David Wooten. 2016. fTPM: A Software-Only Implementation of a TPM Chip. In Proceedings of the 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 841--856. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/rajGoogle Scholar
- Parisa Rashidi and Alex Mihailidis. 2013. A survey on ambient-assisted living tools for older adults. IEEE journal of biomedical and health informatics 17, 3 (2013), 579--590.Google Scholar
- E. Rescorla and N. Modadugu. 2012. RFC 6347 - Datagram Transport Layer Security (DTLS) Version 1.2. (January 2012). https://tools.ietf.org/html/rfc6347.Google Scholar
- Mohamed Sabt, Mohammed Achemlal, and Abdelmadjid Bouabdallah. 2015. Trusted execution environment: what it is, and what it is not. In Trustcom/BigDataSE/ISPA, 2015 IEEE, Vol. 1. IEEE, 57--64. Google ScholarDigital Library
- Samsung Electronics Co. 2015. An Overview of the Samsung KNOX Platform. (November 2015). http://www.samsung.com/global/business/business-images/resource/white-paper/2013/06/Samsung_KNOX_whitepaperJune-0.pdf.Google Scholar
- Nuno Santos, Himanshu Raj, Stefan Saroiu, and Alec Wolman. 2011. Trusted language runtime (TLR): enabling trusted applications on smartphones. In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications. ACM, 21--26. Google ScholarDigital Library
- A. Sarela, I. Korhonen, J. Salminen, E. Koskinen, O. Kirkeby, and D. Walters. 2009. A home-based care model for outpatient cardiac rehabilitation based on mobile technologies. In 2009 3rd International Conference on Pervasive Computing Technologies for Healthcare. 1--8.Google Scholar
- Stefan Saroiu and Alec Wolman. 2010. I am a sensor, and I approve this message. In Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications. ACM, 37--42. Google ScholarDigital Library
- F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich. VC3: Trustworthy Data Analytics in the Cloud Using SGX. In 2015 IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- Carlton Shepherd, Raja N Akram, and Konstantinos Markantonakis. 2017. Towards Trusted Execution of Continuous Authentication Schemes. In Proceedings of the 32nd ACM Symposium on Applied Computing. ACM. Google ScholarDigital Library
- Carlton Shepherd, Ghada Arfaoui, Iakovos Gurulian, Robert P Lee, Konstantinos Markantonakis, Raja N Akram, Damien Saveron, and Emmanuel Conchon. 2016. Secure and Trusted Execution: Past, Present, and Future - A Critical Review in the Context of the Internet of Things and Cyber-Physical Systems. In 2016 IEEE Trustcom/BigDataSE/ISPA. 168--177.Google Scholar
- Weidong Shi, Jun Yang, Yifei Jiang, Feng Yang, and Yingen Xiong. 2011. Senguard: Passive user identification on smartphones using multiple sensors. In Wireless and Mobile Computing, Networking and Communications (WiMob), 2011 IEEE 7th International Conference on. IEEE, 141--148. Google ScholarDigital Library
- William G Sirett, John A MacDonald, Keith Mayes, and Konstantinos Markantonakis. 2006. Design, installation and execution of a security agent for mobile stations. In International Conference on Smart Card Research and Advanced Applications. Springer, 1--15. Google ScholarDigital Library
- Upkar Varshney. 2007. Pervasive healthcare and wireless health monitoring. Mobile Networks and Applications 12, 2--3 (2007), 113--127. Google ScholarDigital Library
- Tatu Ylonen and Chris Lonvick. 2006. RFC 4253 - The Secure Shell (SSH) Transport Layer Protocol. (January 2006). https://tools.ietf.org/html/rfc4253.Google Scholar
- Zongwei Zhou, Virgil D Gligor, James Newsome, and Jonathan M McCune. 2012. Building verifiable trusted path on commodity x86 computers. In Security and Privacy (SP), 2012 IEEE Symposium on. IEEE, 616--630. Google ScholarDigital Library
Index Terms
- Establishing Mutually Trusted Channels for Remote Sensing Devices with Trusted Execution Environments
Recommendations
Trusted execution environments on mobile devices
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityA trusted execution environment (TEE) is a secure processing environment that is isolated from the normal processing environment where the device operating system and applications run. The first mobile phones with hardware-based TEEs appeared almost a ...
Remote Attestation Assurance Arguments for Trusted Execution Environments
SaT-CPS '23: Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical SystemsRemote attestation (RA) is emerging as an important security mechanism for cyber-physical systems with strict security requirements. Trusted computing at large and Trusted Execution Environments (TEEs) in particular have been identified as key ...
TEESec: Pre-Silicon Vulnerability Discovery for Trusted Execution Environments
ISCA '23: Proceedings of the 50th Annual International Symposium on Computer ArchitectureTrusted execution environments (TEE) are CPU hardware extensions that provide security guarantees for applications running on untrusted operating systems. The security of TEEs is threatened by a variety of microarchitectural vulnerabilities, which ...
Comments