To see the other types of publications on this topic, follow the link: Trusted Execution Environment (TEE).
Journal articles on the topic 'Trusted Execution Environment (TEE)'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Trusted Execution Environment (TEE).'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Kato, Fumiyuki, Yang Cao, and Mastoshi Yoshikawa. "PCT-TEE: Trajectory-based Private Contact Tracing System with Trusted Execution Environment." ACM Transactions on Spatial Algorithms and Systems 8, no. 2 (2022): 1–35. http://dx.doi.org/10.1145/3490491.
Full textAbstract:
Existing Bluetooth-based private contact tracing (PCT) systems can privately detect whether people have come into direct contact with patients with COVID-19. However, we find that the existing systems lack functionality and flexibility , which may hurt the success of contact tracing. Specifically, they cannot detect indirect contact (e.g., people may be exposed to COVID-19 by using a contaminated sheet at a restaurant without making direct contact with the infected individual); they also cannot flexibly change the rules of “risky contact,” such as the duration of exposure or the distance (both spatially and temporally) from a patient with COVID-19 that is considered to result in a risk of exposure, which may vary with the environmental situation. In this article, we propose an efficient and secure contact tracing system that enables us to trace both direct contact and indirect contact. To address the above problems, we need to utilize users’ trajectory data for PCT, which we call trajectory-based PCT . We formalize this problem as a spatiotemporal private set intersection that satisfies both the security and efficiency requirements. By analyzing different approaches such as homomorphic encryption, which could be extended to solve this problem, we identify the trusted execution environment (TEE) as a candidate method to achieve our requirements. The major challenge is how to design algorithms for a spatiotemporal private set intersection under the limited secure memory of the TEE. To this end, we design a TEE-based system with flexible trajectory data encoding algorithms. Our experiments on real-world data show that the proposed system can process hundreds of queries on tens of millions of records of trajectory data within a few seconds.
2
Ng, Lucien K. L., Sherman S. M. Chow, Anna P. Y. Woo, Donald P. H. Wong, and Yongjun Zhao. "Goten: GPU-Outsourcing Trusted Execution of Neural Network Training." Proceedings of the AAAI Conference on Artificial Intelligence 35, no. 17 (2021): 14876–83. http://dx.doi.org/10.1609/aaai.v35i17.17746.
Full textAbstract:
Deep learning unlocks applications with societal impacts, e.g., detecting child exploitation imagery and genomic analysis of rare diseases. Deployment, however, needs compliance with stringent privacy regulations. Training algorithms that preserve the privacy of training data are in pressing need. Purely cryptographic approaches can protect privacy, but they are still costly, even when they rely on two or more non-colluding servers. Seemingly-"trivial" operations in plaintext quickly become prohibitively inefficient when a series of them are "crypto-processed," e.g., (dynamic) quantization for ensuring the intermediate values would not overflow. Slalom, recently proposed by Tramer and Boneh, is the first solution that leverages both GPU (for efficient batch computation) and a trusted execution environment (TEE) (for minimizing the use of cryptography). Roughly, it works by a lot of pre-computation over known and fixed weights, and hence it only supports private inference. Five related problems for private training are left unaddressed. Goten, our privacy-preserving training and prediction framework, tackles all five problems simultaneously via our careful design over the "mismatched" cryptographic and GPU data types (due to the tension between precision and efficiency) and our round-optimal GPU-outsourcing protocol (hence minimizing the communication cost between servers). It 1) stochastically trains a low-bitwidth yet accurate model, 2) supports dynamic quantization (a challenge left by Slalom), 3) minimizes the memory-swapping overhead of the memory-limited TEE and its communication with GPU, 4) crypto-protects the (dynamic) model weight from untrusted GPU, and 5) outperforms a pure-TEE system, even without pre-computation (needed by Slalom). As a baseline, we build CaffeScone that secures Caffe using TEE but not GPU; Goten shows a 6.84x speed-up of the whole VGG-11. Goten also outperforms Falcon proposed by Wagh et al., the latest secure multi-server cryptographic solution, by 132.64x using VGG-11. Lastly, we demonstrate Goten's efficacy in training models for breast cancer diagnosis over sensitive images.
3
Meftah, Souhail, Shuhao Zhang, Bharadwaj Veeravalli, and Khin Mi Mi Aung. "Revisiting the Design of Parallel Stream Joins on Trusted Execution Environments." Algorithms 15, no. 6 (2022): 183. http://dx.doi.org/10.3390/a15060183.
Full textAbstract:
The appealing properties of secure hardware solutions such as trusted execution environment (TEE) including low computational overhead, confidentiality guarantee, and reduced attack surface have prompted considerable interest in adopting them for secure stream processing applications. In this paper, we revisit the design of parallel stream join algorithms on multicore processors with TEEs. In particular, we conduct a series of profiling experiments to investigate the impact of alternative design choices to parallelize stream joins on TEE including: (1) execution approaches, (2) partitioning schemes, and (3) distributed scheduling strategies. From the profiling study, we observe three major high-performance impediments: (a) the computational overhead introduced with cryptographic primitives associated with page swapping operations, (b) the restrictive Enclave Page Cache (EPC) size that limits the supported amount of in-memory processing, and (c) the lack of vertical scalability to support the increasing workload often required for near real-time applications. Addressing these issues allowed us to design SecJoin, a more efficient parallel stream join algorithm that exploits modern scale-out architectures with TEEs rendering no trade-offs on security whilst optimizing performance. We present our model-driven parameterization of SecJoin and share our experimental results which have shown up to 4-folds of improvements in terms of throughput and latency.
4
Khurshid, Anum, Sileshi Demesie Yalew, Mudassar Aslam, and Shahid Raza. "TEE-Watchdog: Mitigating Unauthorized Activities within Trusted Execution Environments in ARM-Based Low-Power IoT Devices." Security and Communication Networks 2022 (May 25, 2022): 1–21. http://dx.doi.org/10.1155/2022/8033799.
Full textAbstract:
Trusted execution environments (TEEs) are on the rise in devices all around us ranging from large-scale cloud-based solutions to resource-constrained embedded devices. With the introduction of ARM TrustZone-M, hardware-assisted trusted execution is now supported in IoT nodes. TrustZone-M provides isolated execution of security-critical operations and sensitive data-generating peripherals. However, TrustZone-M, like all other TEEs, does not provide a mechanism to monitor operations in the trusted areas of the device and software in the secure areas of an IoT device has access to the entire secure and nonsecure software stack. This is crucial due to the diversity of device manufacturers and component suppliers in the market, which manifests trust issues, especially when third-party peripherals are incorporated into a TEE. Compromised TEEs can be misused for industrial espionage, data exfiltration through system backdoors, and illegal data sharing. It is of utmost importance here that system peripheral behaviour in terms of resource access is in accordance with their intended usage that is specified during integration. We propose TEE-Watchdog, a lightweight framework that establishes MPU protections for secure system peripherals in TrustZone-enabled low-end IoT devices. TEE-Watchdog ensures blocking unauthorized peripheral accesses and logging of application misbehaviour running in the TEE based on a manifest file. We define lightweight specifications and structure for the application manifest file enlisting permissions for critical system peripherals using concise binary object representation (CBOR). We implement and evaluate TEE-Watchdog using a Musca-A2 test chipboard. Our microbenchmark evaluations on CPU time and RAM usage demonstrated the practicality of TEE-Watchdog. Securing the system peripherals using TEE-Watchdog protections induced a 1.4% overhead on the latency of peripheral accesses, which was 61 microseconds on our test board. Our optimized CBOR-encoded manifest file template also showed a decrease in manifest file size by 40% as compared to the standard file formats, e.g., JSON.
5
Chen, Yuehai, Huarun Chen, Shaozhen Chen, et al. "DITES: A Lightweight and Flexible Dual-Core Isolated Trusted Execution SoC Based on RISC-V." Sensors 22, no. 16 (2022): 5981. http://dx.doi.org/10.3390/s22165981.
Full textAbstract:
A Trusted Execution Environment (TEE) is an efficient way to secure information. To obtain higher efficiency, the building of a dual-core system-on-chip (SoC) with TEE security capabilities is the hottest topic. However, TEE SoCs currently commonly use complex processor cores such as Rocket, resulting in high resource usage. More importantly, the cryptographic unit lacks flexibility and ignores secure communication in dual cores. To address the above problems, we propose DITES, a dual-core TEE SoC based on a Reduced Instruction Set Computer-V (RISC-V). At first, we designed a fully isolated multi-level bus architecture based on a lightweight RISC-V processor with an integrated crypto core supporting Secure Hashing Algorithm-1 (SHA1), Advanced Encryption Standard (AES), and Rivest–Shamir–Adleman (RSA), among which RSA can be configured to five key lengths. Then, we designed a secure boot based on Chain-of-Trust (CoT). Furthermore, we propose a hierarchical access policy to improve the security of inter-core communication. Finally, DITES is deployed on a Kintex 7 Field-Programmable-Gate-Array (FPGA) with a power consumption of 0.297 W, synthesized using TSMC 90 nm. From the results, the acceleration ratios of SHA1 and RSA1024 decryption/encryption can reach 75 and 1331/1493, respectively. Compared to exiting TEE SoCs, DITES has lower resource consumption, higher flexibility, and better security.
6
Sebastian, D. Jonathan, Utkarsh Agrawal, Ali Tamimi, and Adam Hahn. "DER-TEE: Secure Distributed Energy Resource Operations Through Trusted Execution Environments." IEEE Internet of Things Journal 6, no. 4 (2019): 6476–86. http://dx.doi.org/10.1109/jiot.2019.2909768.
Full text
7
Song, Weiqiong, Shuai Guo, Jiwei Li, et al. "Security Authentication Framework Design for Electric Internet of Things." Journal of Physics: Conference Series 2356, no. 1 (2022): 012003. http://dx.doi.org/10.1088/1742-6596/2356/1/012003.
Full textAbstract:
The intelligent terminal equipment of the electric internet of things (IoT) is vulnerable to network attacks when installing APPs from the application store. Encryption of the communication process can enhance security protection, but the key needs to be stored in the local equipment. When the equipment is attacked, the key is leaked easily resulting in communication security problems. To solve the above problems, we proposes a terminal APP security authentication mechanism based on TrustZone approach and OP-TEE (Open Source Trust Execution Environment) system to identify the identity information of both sides of the communication. The digital certificate of the application store is checked before the terminal equipment installs the APP. After the check is passed, the session key is generated in the Trusted Execution Environment (TEE), and the communication parties use the session key to encrypt the subsequent process. Simulation results validate that the proposed security authentication mechanism can effectively protect the communication process of terminal equipment installation APP and meet the performance requirements.
8
Wang, Zhihong, Yongbiao Li, Dingcheng Li, et al. "Enabling Fairness-Aware and Privacy-Preserving for Quality Evaluation in Vehicular Crowdsensing: A Decentralized Approach." Security and Communication Networks 2021 (November 12, 2021): 1–11. http://dx.doi.org/10.1155/2021/9678409.
Full textAbstract:
With the rapid development of vehicular crowdsensing, it becomes easier and more efficient for mobile devices to sense, compute, and measure various data. However, how to address the fair quality evaluation between the platform and participants while preserving the privacy of solutions is still a challenge. In the work, we present a fairness-aware and privacy-preserving scheme for worker quality evaluation by leveraging the blockchain, trusted execution environment (TEE), and machine learning technologies. Specifically, we build our framework atop the decentralized blockchain which can resist a single point of failure/compromise. The smart contracts paradigm in blockchain enforces correct and automatic program execution for task processing. In addition, machine learning and TEE are utilized to evaluate the quality of data collected by the sensors in a privacy-preserving and fair way, eliminating human subject judgement of the sensing solutions. Finally, a prototype of the proposed scheme is implemented to verify the feasibility and efficiency with a benchmark dataset.
9
Noh, Yoongdoo, and Chanik Park. "CrossPay: A TEE (Trusted Execution Environment)-based Offchain Protocol for Real-Time Cross Chain Asset Transfer." KIISE Transactions on Computing Practices 28, no. 3 (2022): 160–74. http://dx.doi.org/10.5626/ktcp.2022.28.3.160.
Full text
10
Li, Rujia, Qin Wang, Qi Wang, David Galindo, and Mark Ryan. "SoK: TEE-Assisted Confidential Smart Contract." Proceedings on Privacy Enhancing Technologies 2022, no. 3 (2022): 711–31. http://dx.doi.org/10.56553/popets-2022-0093.
Full textAbstract:
The blockchain-based smart contract lacks privacy, since the contract state and instruction code are exposed to the public. Combining smart-contract execution with Trusted Execution Environments provides an efficient solution, called TEE-assisted smart contracts (TCSC), for protecting the confidentiality of contract states. However, the combination approaches are varied, and a systematic study is absent. Newly released systems may fail to draw upon the experience learned from existing protocols, such as repeating known design mistakes or applying TEE technology in insecure ways. In this paper, we first investigate and categorize existing systems into two types: the layer-one solution and the layer-two solution. Then, we establish an analysis framework to capture their common aspects, covering desired properties (for contract services), threat models, and security considerations (for underlying systems). Based on our taxonomy, we identify their ideal functionalities, and uncover fundamental flaws and challenges in each specification’s design. We believe that this work would provide a guide for the development of TEE-assisted smart contracts, as well as a framework to evaluate future TCSC systems.
11
Choi, Joseph I., and Kevin R. B. Butler. "Secure Multiparty Computation and Trusted Hardware: Examining Adoption Challenges and Opportunities." Security and Communication Networks 2019 (April 2, 2019): 1–28. http://dx.doi.org/10.1155/2019/1368905.
Full textAbstract:
When two or more parties need to compute a common result while safeguarding their sensitive inputs, they use secure multiparty computation (SMC) techniques such as garbled circuits. The traditional enabler of SMC is cryptography, but the significant number of cryptographic operations required results in these techniques being impractical for most real-time, online computations. Trusted execution environments (TEEs) provide hardware-enforced isolation of code and data in use, making them promising candidates for making SMC more tractable. This paper revisits the history of improvements to SMC over the years and considers the possibility of coupling trusted hardware with SMC. This paper also addresses three open challenges: (1) defeating malicious adversaries, (2) mobile-friendly TEE-supported SMC, and (3) a more general coupling of trusted hardware and privacy-preserving computation.
12
Liu, Songran, Nan Guan, Zhishan Guo, and Wang Yi. "MiniTEE—A Lightweight TrustZone-Assisted TEE for Real-Time Systems." Electronics 9, no. 7 (2020): 1130. http://dx.doi.org/10.3390/electronics9071130.
Full textAbstract:
While trusted execution environments (TEEs) provide industry standard security and isolation, TEE requests through secure monitor calls (SMCs) attribute to large time overhead and weakened temporal predictability. Moreover, as current available TEE solutions are designed for Linux and/or Android initially, it will encounter many constraints (e.g., driver libraries incompatible, large memory footprint, etc.) when integrating with low-end Real-Time Operating Systems, RTOSs. In this paper, we present MiniTEE to understand, evaluate and discuss the benefits and limitations when integrating TrustZone-assisted TEEs with RTOSs. We demonstrate how MiniTEE can be adequately exploited for meeting the real-time needs, while presenting a low performance overhead to the rich OSs (i.e., low-end RTOSs).
13
Koutroumpouchos, Nikolaos, Christoforos Ntantogian, and Christos Xenakis. "Building Trust for Smart Connected Devices: The Challenges and Pitfalls of TrustZone." Sensors 21, no. 2 (2021): 520. http://dx.doi.org/10.3390/s21020520.
Full textAbstract:
TrustZone-based Trusted Execution Environments (TEEs) have been utilized extensively for the implementation of security-oriented solutions for several smart intra and inter-connected devices. Although TEEs have been promoted as the starting point for establishing a device root of trust, a number of published attacks against the most broadly utilized TEE implementations request a second view on their security. The aim of this research is to provide an analytical and educational exploration of TrustZone-based TEE vulnerabilities with the goal of pinpointing design and implementation flaws. To this end, we provide a taxonomy of TrustZone attacks, analyze them, and more importantly derive a set of critical observations regarding their nature. We perform a critical appraisal of the vulnerabilities to shed light on their underlying causes and we deduce that their manifestation is the joint effect of several parameters that lead to this situation. The most important ones are the closed implementations, the lack of security mechanisms, the shared resource architecture, and the absence of tools to audit trusted applications. Finally, given the severity of the identified issues, we propose possible improvements that could be adopted by TEE implementers to remedy and improve the security posture of TrustZone and future research directions.
14
Le, Duc V., Lizzy Tengana Hurtado, Adil Ahmad, Mohsen Minaei, Byoungyoung Lee, and Aniket Kate. "A Tale of Two Trees: One Writes, and Other Reads." Proceedings on Privacy Enhancing Technologies 2020, no. 2 (2020): 519–36. http://dx.doi.org/10.2478/popets-2020-0039.
Full textAbstract:
AbstractThe Bitcoin network has offered a new way of securely performing financial transactions over the insecure network. Nevertheless, this ability comes with the cost of storing a large (distributed) ledger, which has become unsuitable for personal devices of any kind. Although the simplified payment verification (SPV) clients can address this storage issue, a Bitcoin SPV client has to rely on other Bitcoin nodes to obtain its transaction history and the current approaches offer no privacy guarantees to the SPV clients.This work presents T3, a trusted hardware-secured Bitcoin full client that supports efficient oblivious search/update for Bitcoin SPV clients without sacrificing the privacy of the clients. In this design, we leverage the trusted execution and attestation capabilities of a trusted execution environment (TEE) and the ability to hide access patterns of oblivious random access machine (ORAM) to protect SPV clients’ requests from potentially malicious nodes. The key novelty of T3 lies in the optimizations introduced to conventional ORAM, tailored for expected SPV client usages. In particular, by making a natural assumption about the access patterns of SPV clients, we are able to propose a two-tree ORAM construction that overcomes the concurrency limitation associated with traditional ORAMs. We have implemented and tested our system using the current Bitcoin Unspent Transaction Output (UTXO) Set. Our experiment shows that T3 is feasible to be deployed in practice while providing strong privacy and security guarantees to Bitcoin SPV clients.
15
Niu, Yue, Ramy E. Ali, and Salman Avestimehr. "3LegRace: Privacy-Preserving DNN Training over TEEs and GPUs." Proceedings on Privacy Enhancing Technologies 2022, no. 4 (2022): 183–203. http://dx.doi.org/10.56553/popets-2022-0105.
Full textAbstract:
Leveraging parallel hardware (e.g. GPUs) for deep neural network (DNN) training brings high computing performance. However, it raises data privacy concerns as GPUs lack a trusted environment to protect the data. Trusted execution environments (TEEs) have emerged as a promising solution to achieve privacypreserving learning. Unfortunately, TEEs’ limited computing power renders them not comparable to GPUs in performance. To improve the trade-off among privacy, computing performance, and model accuracy, we propose an asymmetric model decomposition framework, AsymML, to (1) accelerate training using parallel hardware; and (2) achieve a strong privacy guarantee using TEEs and differential privacy (DP) with much less accuracy compromised compared to DP-only methods. By exploiting the low-rank characteristics in training data and intermediate features, AsymML asymmetrically decomposes inputs and intermediate activations into low-rank and residual parts. With the decomposed data, the target DNN model is accordingly split into a trusted and an untrusted part. The trusted part performs computations on low-rank data, with low compute and memory costs. The untrusted part is fed with residuals perturbed by very small noise. Privacy, computing performance, and model accuracy are well managed by respectively delegating the trusted and the untrusted part to TEEs and GPUs. We provide a formal DP guarantee that demonstrates that, for the same privacy guarantee, combining asymmetric data decomposition and DP requires much smaller noise compared to solely using DP without decomposition. This improves the privacy-utility trade-off significantly compared to using only DP methods without decomposition. Furthermore, we present a rank bound analysis showing that the low-rank structure is preserved after each layer across the entire model. Our extensive evaluations on DNN models show that AsymML delivers 7.6× speedup in training compared to the TEE-only executions while ensuring privacy. We also demonstrate that AsymML is effective in protecting data under common attacks such as model inversion and gradient attacks.
16
Zhang, Meiyu, Qianying Zhang, Shijun Zhao, Zhiping Shi, and Yong Guan. "SoftME: A Software-Based Memory Protection Approach for TEE System to Resist Physical Attacks." Security and Communication Networks 2019 (March 4, 2019): 1–12. http://dx.doi.org/10.1155/2019/8690853.
Full textAbstract:
The development of the Internet of Things has made embedded devices widely used. Embedded devices are often used to process sensitive data, making them the target of attackers. ARM TrustZone technology is used to protect embedded device data from compromised operating systems and applications. But as the value of the data stored in embedded devices increases, more and more effective physical attacks have emerged. However, TrustZone cannot resist physical attacks. We propose SoftME, an approach that utilizes the on-chip memory space to provide a trusted execution environment for sensitive applications. We protect the confidentiality and integrity of the data stored on the off-chip memory. In addition, we design task scheduling in the encryption process. We implement a prototype system of our approach on the development board supporting TrustZone and evaluate the overhead of our approach. The experimental results show that our approach improves the security of the system, and there is no significant increase in system overhead.
17
Li, Xinyao, and Akhilesh Tyagi. "Cross-World Covert Channel on ARM Trustzone through PMU." Sensors 22, no. 19 (2022): 7354. http://dx.doi.org/10.3390/s22197354.
Full textAbstract:
The TrustZone technology is incorporated in a majority of recent ARM Cortex A and Cortex M processors widely deployed in the IoT world. Security critical code execution inside a so-called secure world is isolated from the rest of the application execution within a normal world. It provides hardware-isolated area called a trusted execution environment (TEE) in the processor for sensitive data and code. This paper demonstrates a vulnerability in the secure world in the form of a cross-world, secure world to normal world, covert channel. Performance counters or Performance Monitoring Unit (PMU) events are used to convey the information from the secure world to the normal world. An encoding program generates appropriate PMU event footprint given a secret S. A corresponding decoding program reads the PMU footprint and infers S using machine learning (ML). The machine learning model can be trained entirely from the data collected from the PMU in user space. Lack of synchronization between PMU start and PMU read adds noise to the encoding/decoding ML models. In order to account for this noise, this study proposes three different synchronization capabilities between the client and trusted applications in the covert channel. These are synchronous, semi-synchronous, and asynchronous. Previously proposed PMU based covert channels deploy L1 and LLC cache PMU events. The latency of these events tends to be 100–1000 cycles limiting the bandwidth of these covert channels. We propose to use microarchitecture level events with latency of 10–100 cycles captured through PMU for covert channel encoding leading to a potential 100× higher bandwidth. This study conducts a series of experiments to evaluate the proposed covert channels under various synchronization models on a TrustZone supported Cortex-A processor using OP-TEE framework. As stated earlier, switch from signaling based on PMU cache events to PMU microarchitectural events leads to approximately 15× higher covert channel bandwidth. This proposed finer-grained microarchitecture event encoding covert channel can achieve throughput of the order of 11 Kbits/s as opposed to previous work’s throughput of the order of 760 bits/s.
18
Mo, Fan, Hamed Haddadi, Kleomenis Katevas, Eduard Marin, Diego Perino, and Nicolas Kourtellis. "PPFL." GetMobile: Mobile Computing and Communications 25, no. 4 (2022): 35–38. http://dx.doi.org/10.1145/3529706.3529715.
Full textAbstract:
Mobile networks and devices provide the users with ubiquitous connectivity, while many of their functionality and business models rely on data analysis and processing. In this context, Machine Learning (ML) plays a key role and has been successfully leveraged by the different actors in the mobile ecosystem (e.g., application and Operating System developers, vendors, network operators, etc.). Traditional ML designs assume (user) data are collected and models are trained in a centralized location. However, this approach has privacy consequences related to data collection and processing. Such concerns have incentivized the scientific community to design and develop Privacy-preserving ML methods, including techniques like Federated Learning (FL) where the ML model is trained or personalized on user devices close to the data; Differential Privacy, where data are manipulated to limit the disclosure of private information; Trusted Execution Environments (TEE), where most of the computation is run under a secure/ private environment; and Multi-Party Computation, a cryptographic technique that allows various parties to run joint computations without revealing their private data to each other.
19
Yuan, Munan, Xiaofeng Li, Xiru Li, Haibo Tan, and Jinlin Xu. "Trust Hardware Based Secured Privacy Preserving Computation System for Three-Dimensional Data." Electronics 10, no. 13 (2021): 1546. http://dx.doi.org/10.3390/electronics10131546.
Full textAbstract:
Three-dimensional (3D) data are easily collected in an unconscious way and are sensitive to lead biological characteristics exposure. Privacy and ownership have become important disputed issues for the 3D data application field. In this paper, we design a privacy-preserving computation system (SPPCS) for sensitive data protection, based on distributed storage, trusted execution environment (TEE) and blockchain technology. The SPPCS separates a storage and analysis calculation from consensus to build a hierarchical computation architecture. Based on a similarity computation of graph structures, the SPPCS finds data requirement matching lists to avoid invalid transactions. With TEE technology, the SPPCS implements a dual hybrid isolation model to restrict access to raw data and obscure the connections among transaction parties. To validate confidential performance, we implement a prototype of SPPCS with Ethereum and Intel Software Guard Extensions (SGX). The evaluation results derived from test datasets show that (1) the enhanced security and increased time consumption (490 ms in this paper) of multiple SGX nodes need to be balanced; (2) for a single SGX node to enhance data security and preserve privacy, an increased time consumption of about 260 ms is acceptable; (3) the transaction relationship cannot be inferred from records on-chain. The proposed SPPCS implements data privacy and security protection with high performance.
20
Jones, Michael, Matthew Johnson, Mark Shervey, Joel T. Dudley, and Noah Zimmerman. "Privacy-Preserving Methods for Feature Engineering Using Blockchain: Review, Evaluation, and Proof of Concept." Journal of Medical Internet Research 21, no. 8 (2019): e13600. http://dx.doi.org/10.2196/13600.
Full textAbstract:
Background The protection of private data is a key responsibility for research studies that collect identifiable information from study participants. Limiting the scope of data collection and preventing secondary use of the data are effective strategies for managing these risks. An ideal framework for data collection would incorporate feature engineering, a process where secondary features are derived from sensitive raw data in a secure environment without a trusted third party. Objective This study aimed to compare current approaches based on how they maintain data privacy and the practicality of their implementations. These approaches include traditional approaches that rely on trusted third parties, and cryptographic, secure hardware, and blockchain-based techniques. Methods A set of properties were defined for evaluating each approach. A qualitative comparison was presented based on these properties. The evaluation of each approach was framed with a use case of sharing geolocation data for biomedical research. Results We found that approaches that rely on a trusted third party for preserving participant privacy do not provide sufficiently strong guarantees that sensitive data will not be exposed in modern data ecosystems. Cryptographic techniques incorporate strong privacy-preserving paradigms but are appropriate only for select use cases or are currently limited because of computational complexity. Blockchain smart contracts alone are insufficient to provide data privacy because transactional data are public. Trusted execution environments (TEEs) may have hardware vulnerabilities and lack visibility into how data are processed. Hybrid approaches combining blockchain and cryptographic techniques or blockchain and TEEs provide promising frameworks for privacy preservation. For reference, we provide a software implementation where users can privately share features of their geolocation data using the hybrid approach combining blockchain with TEEs as a supplement. Conclusions Blockchain technology and smart contracts enable the development of new privacy-preserving feature engineering methods by obviating dependence on trusted parties and providing immutable, auditable data processing workflows. The overlap between blockchain and cryptographic techniques or blockchain and secure hardware technologies are promising fields for addressing important data privacy needs. Hybrid blockchain and TEE frameworks currently provide practical tools for implementing experimental privacy-preserving applications.
21
Zhang, Yang, Weijing You, Shijie Jia, Limin Liu, Ziyi Li, and Wenfei Qian. "EnclavePoSt: A Practical Proof of Storage-Time in Cloud via Intel SGX." Security and Communication Networks 2022 (May 4, 2022): 1–16. http://dx.doi.org/10.1155/2022/7868502.
Full textAbstract:
Data integrity is one of the most critical security concerns for users when using the cloud storage service. However, it is difficult for users to always stay online and frequently interact with storage service providers to ensure continuous data integrity in practice. The existing Proof of Storage-time schemes, enabling verifiable continuous data integrity checking at cost of performance, fail to provide flexible storage period, reliable measurement of storage time, and resistance to the outsourcing attack. In this paper, we propose EnclavePoSt, the first practical Proof of Storage-time via Intel SGX, where the data integrity checking can be automatically executed in a hardware-driven Trusted Execution Environment (TEE), i.e., the enclave, when users are offline. The checking results can be aggregated and efficiently verified by users. Besides, the elapsed time during isolated data integrity checking can be precisely measured, and the storage period is allowed to flexibly change. Lastly, our EnclavePoSt is resistant to the outsourcing attack. The security analysis and evaluations justify that the EnclavePoSt is more practical than previous works.
22
Kim, Seongmin. "An Optimization Methodology for Adapting Legacy SGX Applications to Use Switchless Calls." Applied Sciences 11, no. 18 (2021): 8379. http://dx.doi.org/10.3390/app11188379.
Full textAbstract:
A recent innovation in the trusted execution environment (TEE) technologies enables the delegation of privacy-preserving computation to the cloud system. In particular, Intel SGX, an extension of x86 instruction set architecture (ISA), accelerates this trend by offering hardware-protected isolation with near-native performance. However, SGX inherently suffers from performance degradation depending on the workload characteristics due to the hardware restriction and design decisions that primarily concern the security guarantee. The system-level optimizations on SGX runtime and kernel module have been proposed to resolve this, but they cannot effectively reflect application-specific characteristics that largely impact the performance of legacy SGX applications. This work presents an optimization strategy to achieve application-level optimization by utilizing asynchronous switchless calls to reduce enclave transition, one of the dominant overheads of using SGX. Based on the systematic analysis, our methodology examines the performance benefit for each enclave transition wrapper and selectively applies switchless calls without modifying the legacy codebases. The evaluation shows that our optimization strategy successfully improves the end-to-end performance of our showcasing application, an SGX-enabled network middlebox.
23
Maliszewski, Kajetan, Jorge-Arnulfo Quiané-Ruiz, Jonas Traub, and Volker Markl. "What is the price for joining securely?" Proceedings of the VLDB Endowment 15, no. 3 (2021): 659–72. http://dx.doi.org/10.14778/3494124.3494146.
Full textAbstract:
Protection of personal data has been raised to be among the top requirements of modern systems. At the same time, it is now frequent that the owner of the data and the owner of the computing infrastructure are two entities with limited trust between them (e. g., volunteer computing or the hybrid-cloud). Recently, trusted execution environments (TEEs) became a viable solution to ensure the security of systems in such environments. However, the performance of relational operators in TEEs remains an open problem. We conduct a comprehensive experimental study to identify the main bottlenecks and challenges when executing relational equi-joins in TEEs. For this, we introduce TEEbench, a framework for unified benchmarking of relational operators in TEEs, and use it for conducting our experimental evaluation. In a nutshell, we perform the following experimental analysis for eight core join algorithms: off-the-shelf performance; the performance implications of data sealing and obliviousness; sensitivity and scalability. The results show that all eight join algorithms significantly suffer from different performance bottlenecks in TEEs. They can be up to three orders of magnitude slower in TEEs than on plain CPUs. Our study also indicates that existing join algorithms need a complete, hardware-aware redesign to be efficient in TEEs, and that, in secure query plans, managing TEE features is equally important to join selection.
24
Wang, Sheng, Yiran Li, Huorong Li, et al. "Operon." Proceedings of the VLDB Endowment 15, no. 12 (2022): 3332–45. http://dx.doi.org/10.14778/3554821.3554826.
Full textAbstract:
The past decade has witnessed the rapid development of cloud computing and data-centric applications. While these innovations offer numerous attractive features for data processing, they also bring in new issues about the loss of data ownership. Though some encrypted databases have emerged recently, they can not fully address these concerns for the data owner. In this paper, we propose an ownership-preserving database (OPDB), a new paradigm that characterizes different roles' responsibilities from nowadays applications and preserves data ownership throughout the entire application. We build Operon to follow the OPDB paradigm, which utilizes the trusted execution environment (TEE) and introduces a behavior control list (BCL). Different from access controls that merely handle accessibility permissions, BCL further makes data operation behaviors under control. Besides, we make Operon practical for real-world applications, by extending database capabilities towards flexibility, functionality and ease of use. Operon is the first database framework with which the data owner exclusively controls its data across different roles' subsystems. We have successfully integrated Operon with different TEEs, i.e. , Intel SGX and an FPGA-based implementation, and various database services on Alibaba Cloud, i.e. , PolarDB and RDS PostgreSQL. The evaluation shows that Operon achieves 71% - 97% of the performance of plaintext databases under the TPC-C benchmark while preserving the data ownership.
25
Mainetti, Luca, Matteo Aprile, Emanuele Mele, and Roberto Vergallo. "A Sustainable Approach to Delivering Programmable Peer-to-Peer Offline Payments." Sensors 23, no. 3 (2023): 1336. http://dx.doi.org/10.3390/s23031336.
Full textAbstract:
Payment apps and digital wallets are powerful tools used to exchange e-money via the internet. However, with the progressive disappearance of cash, there is a need for the digital equivalent of physical banknotes to guarantee the same level of anonymity of private payments. Few efforts to solve the double-spending problem exist in P2P payments (i.e., in avoiding the possibility of a payer retaining copies of digital coins in absence of a trusted third party (TTP)), and further research efforts are needed to explore options to preserve the privacy of payments, as per the mandates of numerous central bank digital currency (CBDC) exploratory initiatives, such as the digital euro. Moreover, generic programmability requirements and energetic impacts should be considered. In this paper, we present a sustainable offline P2P payment scheme to face the double-spending problem by means of a one-time program (OTP) approach. The approach consists of wiping the business logic out of a client’s app and allowing financial intermediaries to inject a certified payment code into the user’s device, which will execute (asynchronously and offline) at the time of payment. To do so, we wrap each coin in a program at the time of withdrawal. Then the program exploits the trusted execution environment (TEE) of modern smartphones to transfer itself from the payer to the payee via a direct IoT link. To confirm the validity of the approach, we performed qualitative and quantitative evaluations, specifically focusing on the energetic sustainability of the proposed scheme. Results show that our payment scheme is energetically sustainable as the current absorbed for sending one coin is, at most, ~1.8 mAh on an Apple smartphone. We advance the state-of-the-art because the scheme meets the programmability, anonymity, and sustainability requirements (at the same time).
26
Sun, Yuanyuan, Sheng Wang, Huorong Li, and Feifei Li. "Building enclave-native storage engines for practical encrypted databases." Proceedings of the VLDB Endowment 14, no. 6 (2021): 1019–32. http://dx.doi.org/10.14778/3447689.3447705.
Full textAbstract:
Data confidentiality is one of the biggest concerns that hinders enterprise customers from moving their workloads to the cloud. Thanks to the trusted execution environment (TEE), it is now feasible to build encrypted databases in the enclave that can process customers' data while keeping it confidential to the cloud. Though some enclave-based encrypted databases emerge recently, there remains a large unexplored area in between about how confidentiality can be achieved in different ways and what influences are implied by them. In this paper, we first provide a broad exploration of possible design choices in building encrypted database storage engines, rendering trade-offs in security, performance and functionality. We observe that choices on different dimensions can be independent and their combination determines the overall trade-off of the entire storage. We then propose Enclage , an encrypted storage engine that makes practical trade-offs. It adopts many enclave-native designs, such as page-level encryption, reduced enclave interaction, and hierarchical memory buffer, which offer high-level security guarantee and high performance at the same time. To make better use of the limited enclave memory, we derive the optimal page size in enclave and adopt delta decryption to access large data pages with low cost. Our experiments show that Enclage outperforms the baseline, a common storage design in many encrypted databases, by over 13x in throughput and about 5x in storage savings.
27
Wang, Lianhai, Lingyun Meng, Fengkai Liu, et al. "A User-Centered Medical Data Sharing Scheme for Privacy-Preserving Machine Learning." Security and Communication Networks 2022 (September 30, 2022): 1–16. http://dx.doi.org/10.1155/2022/3670107.
Full textAbstract:
With the rapid development and application of artificial intelligence technology, medical data play an increasingly important role in the medical field. However, there are privacy protection and data ownership issues in the process of data sharing, which brings difficulties to machine learning and data mining. On the one hand, for fear that they may risk being held accountable by users or even breaking the law due to these issues, healthcare providers are reluctant to share medical data. On the other hand, users are also reluctant to share medical data due to the possibility of privacy disclosure in the data sharing process. To improve the security and privacy of shared medical data, we propose a user-centered medical data sharing scheme for privacy-preserving machine learning. Our solution combines blockchain and a trusted execution environment to ensure that adversaries cannot steal the ownership and control of user data during sharing. A blockchain-based noninteractive key sharing scheme is proposed that allows only the users and the TEE to decrypt the shared data. At the same time, we design an auditing mechanism to facilitate users to audit the sharing process. The security analysis shows that the scheme ensures the privacy and security of user data during storage and sharing. We have completed simulation experiments to demonstrate the effectiveness and efficiency of our scheme.
28
Ostrak, Andre, Jaak Randmets, Ville Sokk, Sven Laur, and Liina Kamm. "Implementing Privacy-Preserving Genotype Analysis with Consideration for Population Stratification." Cryptography 5, no. 3 (2021): 21. http://dx.doi.org/10.3390/cryptography5030021.
Full textAbstract:
In bioinformatics, genome-wide association studies (GWAS) are used to detect associations between single-nucleotide polymorphisms (SNPs) and phenotypic traits such as diseases. Significant differences in SNP counts between case and control groups can signal association between variants and phenotypic traits. Most traits are affected by multiple genetic locations. To detect these subtle associations, bioinformaticians need access to more heterogeneous data. Regulatory restrictions in cross-border health data exchange have created a surge in research on privacy-preserving solutions, including secure computing techniques. However, in studies of such scale, one must account for population stratification, as under- and over-representation of sub-populations can lead to spurious associations. We improve on the state of the art of privacy-preserving GWAS methods by showing how to adapt principal component analysis (PCA) with stratification control (EIGENSTRAT), FastPCA, EMMAX and the genomic control algorithm for secure computing. We implement these methods using secure computing techniques—secure multi-party computation (MPC) and trusted execution environments (TEE). Our algorithms are the most complex ones at this scale implemented with MPC. We present performance benchmarks and a security and feasibility trade-off discussion for both techniques.
29
Huang, Anbu, Yang Liu, Tianjian Chen, et al. "StarFL: Hybrid Federated Learning Architecture for Smart Urban Computing." ACM Transactions on Intelligent Systems and Technology 12, no. 4 (2021): 1–23. http://dx.doi.org/10.1145/3467956.
Full textAbstract:
From facial recognition to autonomous driving, Artificial Intelligence (AI) will transform the way we live and work over the next couple of decades. Existing AI approaches for urban computing suffer from various challenges, including dealing with synchronization and processing of vast amount of data generated from the edge devices, as well as the privacy and security of individual users, including their bio-metrics, locations, and itineraries. Traditional centralized-based approaches require data in each organization be uploaded to the central database, which may be prohibited by data protection acts, such as GDPR and CCPA. To decouple model training from the need to store the data in the cloud, a new training paradigm called Federated Learning (FL) is proposed. FL enables multiple devices to collaboratively learn a shared model while keeping the training data on devices locally, which can significantly mitigate privacy leakage risk. However, under urban computing scenarios, data are often communication-heavy, high-frequent, and asynchronized, posing new challenges to FL implementation. To handle these challenges, we propose a new hybrid federated learning architecture called StarFL. By combining with Trusted Execution Environment (TEE), Secure Multi-Party Computation (MPC), and (Beidou) satellites, StarFL enables safe key distribution, encryption, and decryption, and provides a verification mechanism for each participant to ensure the security of the local data. In addition, StarFL can provide accurate timestamp matching to facilitate synchronization of multiple clients. All these improvements make StarFL more applicable to the security-sensitive scenarios for the next generation of urban computing.
30
Alam, A. K. M. Mubashwir, Sagar Sharma, and Keke Chen. "SGX-MR: Regulating Dataflows for Protecting Access Patterns of Data-Intensive SGX Applications." Proceedings on Privacy Enhancing Technologies 2021, no. 1 (2021): 5–20. http://dx.doi.org/10.2478/popets-2021-0002.
Full textAbstract:
AbstractIntel SGX has been a popular trusted execution environment (TEE) for protecting the integrity and confidentiality of applications running on untrusted platforms such as cloud. However, the access patterns of SGX-based programs can still be observed by adversaries, which may leak important information for successful attacks. Researchers have been experimenting with Oblivious RAM (ORAM) to address the privacy of access patterns. ORAM is a powerful low-level primitive that provides application-agnostic protection for any I/O operations, however, at a high cost. We find that some application-specific access patterns, such as sequential block I/O, do not provide additional information to adversaries. Others, such as sorting, can be replaced with specific oblivious algorithms that are more efficient than ORAM. The challenge is that developers may need to look into all the details of application-specific access patterns to design suitable solutions, which is time-consuming and error-prone. In this paper, we present the lightweight SGX based MapReduce (SGX-MR) approach that regulates the dataflow of data-intensive SGX applications for easier application-level access-pattern analysis and protection. It uses the MapReduce framework to cover a large class of data-intensive applications, and the entire framework can be implemented with a small memory footprint. With this framework, we have examined the stages of data processing, identified the access patterns that need protection, and designed corresponding efficient protection methods. Our experiments show that SGX-MR based applications are much more efficient than the ORAM-based implementations.
31
Kumarathunga, Malni, Rodrigo N. Calheiros, and Athula Ginige. "Smart Agricultural Futures Market: Blockchain Technology as a Trust Enabler between Smallholder Farmers and Buyers." Sustainability 14, no. 5 (2022): 2916. http://dx.doi.org/10.3390/su14052916.
Full textAbstract:
Smallholder farmers produce over 70% of the world’s food needs. Yet, the socioeconomic conditions of the smallholder farmers are substandard. One of the primary reasons for this unpropitious situation is that they generate modest income by selling their harvest due to the lack of trusted buyers and organized markets. This research explores how technology can enable the trust to reduce transaction-related risks, empowering unknown parties to transact. Blockchain technology has the potential of mitigating transaction-related risks and promoting trust with a tamper-proof history of transactions and automatic execution of smart contracts. Based on blockchain technology to promote trust, this research has discovered a novel approach for smallholder farmers to conduct exchanges by generating social capital as an individual and using that social capital as collateral for financial exchanges when establishing contracts. This approach empowers farmers to trade smart futures contracts on behalf of the expected harvest at a better rate to receive some cash in advance to be used in the cultivation process to produce a high-quality harvest that attracts better rates. It also enables them to perform aggregated marketing with enhanced market linkages that, in turn, assist in increasing margins made by the farmer.
32
Philip, Jithu, and Merin Raju. "Security Impact of Trusted Execution Environment in Rich Execution Environment Based Systems." Indian Journal of Computer Science 5, no. 4&5 (2020): 26. http://dx.doi.org/10.17010/ijcs/2020/v5/i4-5/154785.
Full text
33
S, Prabhav, Madhav V. Deshpande, Rakshak R. Kamath, Rohan N, and Latha NR. "Trusted Execution Environment and Linux A Survey." International Journal of Computer Trends and Technology 45, no. 1 (2017): 28–32. http://dx.doi.org/10.14445/22312803/ijctt-v45p105.
Full text
34
Zhang, Denghui, Lijing Ren, and Zhaoquan Gu. "Enhancing the Privacy of Network Services through Trusted Computing." Applied Sciences 12, no. 18 (2022): 9191. http://dx.doi.org/10.3390/app12189191.
Full textAbstract:
The addressing and discovering service is a vital infrastructure of the Internet. New applications and scenarios in next-generation networks rely on the secure and stable operation of domain name services, which puts forward new security challenges for the original domain name mechanism. While previous security enhancements of network services struggled to strike a balance between security, performance, and compatibility, hindering further use of core network services, the TEE (Trusted Computing Environment) technology can provide trusted and confidential services in untrusted network environments by verifiable hardware signatures. In this paper, we present a novel trustworthy service architecture with the preservation of security and privacy for addressing messages. The scheme provides a secure enclave to generate authenticatable responses between clients and targets, thus ensuring the privacy of services. We further build a new TEE compilation model to ensure that the built resolver application can provide trusted and secure services within TEE while keeping the availability without the TEE hardware. Experimental results show that our approach can enhance the privacy and security of addressing services such as DNS (Domain Name System) without sacrificing the quality of service and breaking the infrastructures of existing services.
35
Li, Mingyu, Yubin Xia, and Haibo Chen. "Memory Optimization System for SGXv2 Trusted Execution Environment." International Journal of Software and Informatics 12, no. 3 (2022): 285–307. http://dx.doi.org/10.21655/ijsi.1673-7288.00287.
Full text
36
Zou, Deqing, Weide Zheng, Jinjiu Long, Hai Jin, and Xueguang Chen. "Constructing trusted virtual execution environment in P2P grids." Future Generation Computer Systems 26, no. 5 (2010): 769–75. http://dx.doi.org/10.1016/j.future.2009.05.020.
Full text
37
Drozdovskyi, Taras, and Oleksandr Moliavko. "mTower: Trusted Execution Environment for MCU-based devices." Journal of Open Source Software 4, no. 40 (2019): 1494. http://dx.doi.org/10.21105/joss.01494.
Full text
38
Xu, Peng, Ruijie Sun, Wei Wang, Tianyang Chen, Yubo Zheng, and Hai Jin. "SDD: A trusted display of FIDO2 transaction confirmation without trusted execution environment." Future Generation Computer Systems 125 (December 2021): 32–40. http://dx.doi.org/10.1016/j.future.2021.06.034.
Full text
39
SUZAKI, Kuniyasu. "Implementation of Trusted Execution Environment and Its Supporting Technologies." IEICE ESS Fundamentals Review 14, no. 2 (2020): 107–17. http://dx.doi.org/10.1587/essfr.14.2_107.
Full text
40
Lee, Unsung, and Chanik Park. "SofTEE: Software-Based Trusted Execution Environment for User Applications." IEEE Access 8 (2020): 121874–88. http://dx.doi.org/10.1109/access.2020.3006703.
Full text
41
Jang, Jinsoo, and Brent Byunghoon Kang. "Securing a communication channel for the trusted execution environment." Computers & Security 83 (June 2019): 79–92. http://dx.doi.org/10.1016/j.cose.2019.01.012.
Full text
42
Hoang, Trong-Thuc, Ckristian Duran, Duc-Thinh Nguyen-Hoang, et al. "Quick Boot of Trusted Execution Environment With Hardware Accelerators." IEEE Access 8 (2020): 74015–23. http://dx.doi.org/10.1109/access.2020.2987617.
Full text
43
Fan, Yongkai, Shengle Liu, Gang Tan, and Fei Qiao. "Fine-grained access control based on Trusted Execution Environment." Future Generation Computer Systems 109 (August 2020): 551–61. http://dx.doi.org/10.1016/j.future.2018.05.062.
Full text
44
Oh, Hyunyoung, Kevin Nam, Seongil Jeon, Yeongpil Cho, and Yunheung Paek. "MeetGo: A Trusted Execution Environment for Remote Applications on FPGA." IEEE Access 9 (2021): 51313–24. http://dx.doi.org/10.1109/access.2021.3069223.
Full text
45
Liang, Yihuai, Yan Li, and Byeong-Seok Shin. "FairCs—Blockchain-Based Fair Crowdsensing Scheme using Trusted Execution Environment." Sensors 20, no. 11 (2020): 3172. http://dx.doi.org/10.3390/s20113172.
Full textAbstract:
Crowdsensing applications provide platforms for sharing sensing data collected by mobile devices. A blockchain system has the potential to replace a traditional centralized trusted third party for crowdsensing services to perform operations that involve evaluating the quality of sensing data, finishing payment, and storing sensing data and so forth. The requirements which are codified as smart contracts are executed to evaluate the quality of sensing data in a blockchain. However, regardless of the fact that the quality of sensing data may actually be sufficient, one key challenge is that malicious requesters can deliberately publish abnormal requirements that cause failure to occur in the quality evaluation process. If requesters control a miner node or full node, they can access the data without making payment; this is because of the transparency of data stored in the blockchain. This issue promotes unfair dealing and severely lowers the motivation of workers to participate in crowdsensing tasks. We (i) propose a novel crowdsensing scheme to address this issue using Trusted Execution Environments; (ii) offer a solution for the confidentiality and integrity of sensing data, which is only accessible by the worker and corresponding requester; (iii) and finally, report on the implementation of a prototype and evaluate its performance. Our results demonstrate that the proposed solution can guarantee fairness without a significant increase in overhead.
46
Sun, Haiyong, and Hang Lei. "A Design and Verification Methodology for a TrustZone Trusted Execution Environment." IEEE Access 8 (2020): 33870–83. http://dx.doi.org/10.1109/access.2020.2974487.
Full text
47
Pinto, Sandro, Tiago Gomes, Jorge Pereira, Jorge Cabral, and Adriano Tavares. "IIoTEED: An Enhanced, Trusted Execution Environment for Industrial IoT Edge Devices." IEEE Internet Computing 21, no. 1 (2017): 40–47. http://dx.doi.org/10.1109/mic.2017.17.
Full text
48
Dai, Weiqi, Hai Jin, Deqing Zou, et al. "TEE: A virtual DRTM based execution environment for secure cloud-end computing." Future Generation Computer Systems 49 (August 2015): 47–57. http://dx.doi.org/10.1016/j.future.2014.08.005.
Full text
49
Wang, Hai, Lu Cai, Xuan Hao, Jie Ren, and Yuhui Ma. "ETS-TEE: An Energy-Efficient Task Scheduling Strategy in a Mobile Trusted Computing Environment." Tsinghua Science and Technology 28, no. 1 (2023): 105–16. http://dx.doi.org/10.26599/tst.2021.9010088.
Full text
50
Huang, Qi-Xian, Min-Yi Chiu, Chi-Shen Yeh, and Hung-Min Sun. "STBEAT: Software Update on Trusted Environment Based on ARM TrustZone." Sustainability 14, no. 20 (2022): 13660. http://dx.doi.org/10.3390/su142013660.
Full textAbstract:
In recent years, since edge computing has become more and more popular, its security issues have become apparent and have received unprecedented attention. Thus, the current research concentrates on security not only regarding devices such as PCs, smartphones, tablets, and IoTs, but also the automobile industry. However, since attack vectors have become more sophisticated than ever, we cannot just protect the zone above the system software layer in a certain operating system, such as Linux, for example. In addition, the challenges in IoT devices, such as power consumption, performance efficiency, and authentication management, still need to be solved. Since most IoT devices are controlled remotely, the security regarding system maintenance and upgrades has become a big issue. Therefore, a mechanism that can maintain IoT devices within a trusted environment based on localhost or over-the-air (OTA) will be a viable solution. We propose a mechanism called STBEAT, integrating an open-source project with ARM TrustZone to solve the challenges of upgrading the IoT system and updating system files more safely. This paper focuses on the ARMv7 architecture and utilizes the security stack from TrustZone to OP-TEE under the STM32 board package, and finally obtains the security key from the trusted application, which is used to conduct the cryptographic operations and then install the newer image on the MMC interface. To sum up, we propose a novel software update strategy and integrated ARM TrustZone security extension to beef up the embedded ecosystem.