Fortress: Securing IoT Peripherals with Trusted Execution Environments

• URL: http://arxiv.org/abs/2312.02542v2
• Date: Wed, 20 Dec 2023 09:34:54 GMT
• Title: Fortress: Securing IoT Peripherals with Trusted Execution Environments
• Authors: Peterson Yuhala, Jämes Ménétrey, Pascal Felber, Marcelo Pasin, Valerio Schiavoni,
• Abstract summary: Internet of Things (IoT) devices often collect confidential information, such as audio and visual data, through peripheral inputs like microphones and cameras. We propose a generic design to enhance the privacy in IoT-based systems by isolating peripheral I/O memory regions in a secure kernel space of a trusted execution environment (TEE) The sensitive peripheral data is then securely transferred to a user-space TEE, where obfuscation mechanisms can be applied before it is relayed to third parties, e.g., the cloud.
• Score: 2.2476099815732518
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: With the increasing popularity of Internet of Things (IoT) devices, securing sensitive user data has emerged as a major challenge. These devices often collect confidential information, such as audio and visual data, through peripheral inputs like microphones and cameras. Such sensitive information is then exposed to potential threats, either from malicious software with high-level access rights or transmitted (sometimes inadvertently) to untrusted cloud services. In this paper, we propose a generic design to enhance the privacy in IoT-based systems by isolating peripheral I/O memory regions in a secure kernel space of a trusted execution environment (TEE). Only a minimal set of peripheral driver code, resident within the secure kernel, can access this protected memory area. This design effectively restricts any unauthorised access by system software, including the operating system and hypervisor. The sensitive peripheral data is then securely transferred to a user-space TEE, where obfuscation mechanisms can be applied before it is relayed to third parties, e.g., the cloud. To validate our architectural approach, we provide a proof-of-concept implementation of our design by securing an audio peripheral based on inter-IC sound (I2S), a serial bus to interconnect audio devices. The experimental results show that our design offers a robust security solution with an acceptable computational overhead.

Related papers

• How Memory-Safe is IoT? Assessing the Impact of Memory-Protection Solutions for Securing Wireless Gateways [0.0]
  Memory-based vulnerabilities are among the most serious threats in software, with no universal solution yet available. This paper explores the impact of memory safety on the IoT domain through an empirical large-scale analysis of memory-related vulnerabilities in modern wireless gateways.
  arXiv  Detail & Related papers  (2024-11-02T23:00:37Z)
• Collaborative Inference over Wireless Channels with Feature Differential Privacy [57.68286389879283]
  Collaborative inference among multiple wireless edge devices has the potential to significantly enhance Artificial Intelligence (AI) applications. transmitting extracted features poses a significant privacy risk, as sensitive personal data can be exposed during the process. We propose a novel privacy-preserving collaborative inference mechanism, wherein each edge device in the network secures the privacy of extracted features before transmitting them to a central server for inference.
  arXiv  Detail & Related papers  (2024-10-25T18:11:02Z)
• DIMSIM -- Device Integrity Monitoring through iSIM Applets and Distributed Ledger Technology [0.023020018305241332]
  We introduce a distributed ledger technology-oriented architecture to monitor the remote devices' integrity using eUICC technology. eUICC is a feature commonly found in industrial devices for cellular connectivity. We present an end-to-end architecture to monitor device integrity thereby enabling all the stakeholders in the system to trust the devices.
  arXiv  Detail & Related papers  (2024-05-16T09:13:54Z)
• Differentiated Security Architecture for Secure and Efficient Infotainment Data Communication in IoV Networks [55.340315838742015]
  Negligence on the security of infotainment data communication in IoV networks can unintentionally open an easy access point for social engineering attacks. In particular, we first classify data communication in the IoV network, examine the security focus of each data communication, and then develop a differentiated security architecture to provide security protection on a file-to-file basis.
  arXiv  Detail & Related papers  (2024-03-29T12:01:31Z)
• zk-IoT: Securing the Internet of Things with Zero-Knowledge Proofs on Blockchain Platforms [0.0]
  This paper introduces the zk-IoT framework, a novel approach to enhancing the security of Internet of Things (IoT) ecosystems. Our framework ensures the integrity of firmware execution and data processing in potentially compromised IoT devices.
  arXiv  Detail & Related papers  (2024-02-13T09:34:23Z)
• Domain-Agnostic Hardware Fingerprinting-Based Device Identifier for Zero-Trust IoT Security [7.8344795632171325]
  Next-generation networks aim for comprehensive connectivity, interconnecting humans, machines, devices, and systems seamlessly. To address this challenge, the Zero Trust (ZT) paradigm emerges as a key method for safeguarding network integrity and data confidentiality. This work introduces EPS-CNN, a novel deep-learning-based wireless device identification framework.
  arXiv  Detail & Related papers  (2024-02-08T00:23:42Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
  Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge. This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI) We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
  arXiv  Detail & Related papers  (2024-01-03T07:47:22Z)
• RIPencapsulation: Defeating IP Encapsulation on TI MSP Devices [6.4241197750493475]
  This paper uncovers two fundamental weaknesses in IP Encapsulation (IPE), the TEE deployed by Texas Instruments for MSP430 and MSP432 devices. We implement an attack called RIPencapsulation, which executes portions of code within the IPE and uses the partial state revealed through the register file to exfiltrate secret data.
  arXiv  Detail & Related papers  (2023-10-25T08:00:59Z)
• SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
  We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes. SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices. We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
  arXiv  Detail & Related papers  (2023-09-26T08:11:38Z)
• SemProtector: A Unified Framework for Semantic Protection in Deep Learning-based Semantic Communication Systems [51.97204522852634]
  We present a unified framework that aims to secure an online semantic communications system with three semantic protection modules. Specifically, these protection modules are able to encrypt semantics to be transmitted by an encryption method, mitigate privacy risks from wireless channels by a perturbation mechanism, and calibrate distorted semantics at the destination. Our framework enables an existing online SC system to dynamically assemble the above three pluggable modules to meet customized semantic protection requirements.
  arXiv  Detail & Related papers  (2023-09-04T06:34:43Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.