Due to the concern on cloud security, digital encryption is applied before outsourcing data to the cloud for utilization. This introduces a challenge about how to efficiently perform queries over ciphertexts. Crypto-based solutions currently suffer from limited operation support, high computational complexity, weak generality, and poor verifiability. An alternative method that utilizes hardware-assisted Trusted Execution Environment (TEE), i.e., Intel SGX, has emerged to offer high computational efficiency, generality and flexibility. However, SGX-based solutions lack support on multi-user query control and suffer from security compromises caused by untrustworthy TEE function invocation, e.g., key revocation failure, incorrect query results, and sensitive information leakage. In this article, we leverage SGX and propose a secure and efficient SQL-style query framework named QShield. Notably, we propose a novel lightweight secret sharing scheme in QShield to enable multi-user query control; it effectively circumvents key revocation and avoids cumbersome remote attestation for authentication. We further embed a trust-proof mechanism into QShield to guarantee the trustworthiness of TEE function invocation; it ensures the correctness of query results and alleviates side-channel attacks. Through formal security analysis, proof-of-concept implementation and performance evaluation, we show that QShield can securely query over outsourced data with high efficiency and scalable multi-user support.
Authored by Yaxing Chen, Qinghua Zheng, Zheng Yan, Dan Liu
One of the important characteristics envisioned for 6G is security function virtualization (SFV). Similar to network function virtualization (NFV) in 5G networks, SFV provides new opportunities for improving security while reducing the security overhead. In particular, it provides an attractive way of solving compatibility issues related to security. Malware in Internet of Things (IoT) systems is gaining popularity among cyber-criminals because of the expected number of IoT devices in 5G and 6G networks. To solve this issue, this article proposes a security framework that exploits softwarization of security functions via SFV to improve trust in IoT systems and contain the propagation of malware. IoT devices are categorized into trusted, vulnerable, and compromised levels using remote attestation. To isolate the devices in the three distinct categories, NFV is used to create separate networks for each category, and a distributed ledger is used to store the state of each device. Virtualized remote attestation routines are employed to avoid any compatibility issues among heterogeneous IoT devices and effectively contain malware propagation. The results show that the proposed framework can reduce the number of infected devices by 66 percent in only 10 seconds.
Authored by Muhammad Aman, Uzair Javaid, Biplab Sikdar
Advances in wireless networking, such as 5G, continue to enable the vision of the Internet of Things (IoT), where everything is connected, and much data is collected by IoT devices and made available to interested parties (i.e., application servers). However, events such as botnet attacks (e.g., [1]) demonstrate that there are important challenges in this evolution.
Authored by David Shur, Giovanni Di Crescenzo, Qinqing Zhang, Ta Chen, Rajesh Krishnan, Yow-Jian Lin, Zahir Patni, Scott Alexander, Gene Tsudik
The releases of Intel SGX and AMD SEV mark the transition of hardware-based enclaves from research prototypes to mainstream products. These two paradigms of secure enclaves are attractive to both the cloud providers and tenants, since security is one of the key pillars of cloud computing. However, it is found that current hardware-defined enclaves are not flexible and efficient enough for the cloud. For example, although SGX can provide strong memory protection with both confidentiality and integrity, the size of secure memory is tightly restricted. On the contrary, SEV enables enclaves to use more memory but has critical security flaws due to no memory integrity protection. Meanwhile, both types of enclaves have relatively long booting latency, which makes them not suitable for short-term tasks like serverless workloads. After an in-depth analysis, we find that there are some intrinsic tradeoffs between security and performance due to the limitation of architectural designs. In this article, we investigate a novel hardware-software co-design of enclaves to meet the requirements of cloud by placing a part of the logic of the enclave mechanism into a lightweight software layer, named Enclavisor, to achieve a balance between security, performance, and flexibility. Specifically, our implementation is based on AMD’s SEV and, Enclavisor is placed in the guest kernel mode of SEV’s secure virtual machines. Enclavisor inherently supports memory encryption with no memory limitation and also achieves efficient booting, multiple enclave granularities, and post-launch remote attestation. Meanwhile, we also propose hardware/ software solutions to mitigate the security flaws caused by the lack of memory integrity. We implement a prototype of Enclavisor on an AMD SEV server. The experiments on both micro-benchmarks and application benchmarks show that enclaves on Enclavisor can have close-to-native performance.
Authored by Jinyu Gu, Xinyu Wu, Bojun Zhu, Yubin Xia, Binyu Zang, Haibing Guan, Haibo Chen
In the face of an increasing attack landscape, it is necessary to cater for efficient mechanisms to verify software and device integrity for detecting run-time modifications in next-generation systems-of-systems. In this context, remote attestation is a promising defense mechanism that allows a third party, the verifier, to ensure a remote device’s configuration integrity and behavioural execution correctness. However, most of the existing families of attestation solutions suffer from the lack of software-based mechanisms for the efficient extraction of rigid control-flow information. This limits their applicability to only those cyber-physical systems equipped with additional hardware support. This paper proposes a multi-level execution tracing framework capitalizing on recent software features, namely the extended Berkeley Packet Filter and Intel Processor Trace technologies, that can efficiently capture the entire platform configuration and control-flow stacks, thus, enabling wide attestation coverage capabilities that can be applied on both resource-constrained devices and cloud services. Our goal is to enhance run-time software integrity and trustworthiness with a scalable tracing solution eliminating the need for federated infrastructure trust.
Authored by Dimitrios Papamartzivanos, Sofia Menesidou, Panagiotis Gouvas, Thanassis Giannetsos
Embedded systems that make up the Internet of Things (IoT), Supervisory Control and Data Acquisition (SCADA) networks, and Smart Grid applications are coming under increasing scrutiny in the security field. Remote Attestation (RA) is a security mechanism that allows a trusted device, the verifier, to determine the trustworthiness of an untrusted device, the prover. RA has become an area of high interest in academia and industry and many research works on RA have been published in recent years. This paper reviewed the published RA research works from 2003-2020. Our contributions are fourfold. First, we have re-framed the problem of RA into 5 smaller problems: root of trust, evidence type, evidence gathering, packaging and verification, and scalability. We have provided a holistic review of RA by discussing the relationships between these problems and the various solutions that exist in modern RA research. Second, we have presented an enhanced threat model that allows for a greater understanding of the security benefits of a given RA scheme. Third, we have proposed a taxonomy to classify and analyze RA research works and use it to categorize 58 RA schemes reported in literature. Fourth, we have provided cost benefit analysis details of each RA scheme surveyed such that security professionals may perform a cost benefit analysis in the context of their own challenges. Our classification and analysis has revealed areas of future research that have not been addressed by researchers rigorously.
Authored by William Johnson, Sheikh Ghafoor, Stacy Prowell
Remote Attestation (RA) is a security service by which a Verifier (Vrf) can verify the platform state of a remote Prover (Prv). However, in most existing RA schemes, the Prv might be vulnerable to denial of service (DoS) attacks due to the interactive challenge-response methodology while there is no authentication about the challenge. Worse, many schemes cannot effectively detect mobile malware that can be inactive during the on-demand attestation launched by the Vrf. In this paper, we propose a self-measurement RA for SGX-based platforms, which can effectively mitigate DoS attacks and defend against mobile malware. To this end, a two-way identity authentication is first enforced between the Prv and Vrf with the help of a blockchain system, in which a shared session key is also generated. Secondly, trigger conditions of measurements on the Prv’s side are time points generated by the Prv self instead of Vrf’s requests. The Vrf can retrieve multiple selfmeasurement results during one execution of the protocol to monitor the Prv’s platform over a period of time continuously, which can detect mobile malware effectively. Our scheme utilizes SGX to provide the runtime protection for sensitive information such as session key, self-measurement code, time points of self-measurements, and self-measurement results, making a higher security guarantee. In addition, the session key, time points of self-measurements, and self-measurement code can be changed or upgraded, making our scheme more flexible and scalable. The simulation implementation and results show that our scheme is feasible and practical.
Authored by Zhengwei Ren, Xueting Li, Li Deng, Yan Tong, Shiwei Xu, Jinshan Tang
Trusted data transmission is the foundation of the Internet of Things (IoT) security, so in the process of data transmission, the trust of IoT nodes needs to be confirmed in real time, and the real-time tracking of node trust is also expected. Yet, modern IoT devices provide limited security capabilities, forming a new attack focus. Remote attestation is a kind of technology to detect network threats by remotely checking the internal situation of terminal devices by a trusted entity. Multidevice attestation is rarely studied although the ongoing single device attestation techniques lack scalability in the application of IoT. In this article, we present a lightweight attestation protocol based on an IoT system under an ideal physical unclonable functions environment. Our protocol can resilient against any strong adversary who physically accesses IoT devices. Simulation results show that our protocol is scalable and can be applied to dynamic networks.
Authored by Xinyin Xiang, Jin Cao, Weiguo Fan
Due to the concern on cloud security, digital encryption is applied before outsourcing data to the cloud for utilization. This introduces a challenge about how to efficiently perform queries over ciphertexts. Crypto-based solutions currently suffer from limited operation support, high computational complexity, weak generality, and poor verifiability. An alternative method that utilizes hardware-assisted Trusted Execution Environment (TEE), i.e., Intel SGX, has emerged to offer high computational efficiency, generality and flexibility. However, SGX-based solutions lack support on multi-user query control and suffer from security compromises caused by untrustworthy TEE function invocation, e.g., key revocation failure, incorrect query results, and sensitive information leakage. In this article, we leverage SGX and propose a secure and efficient SQL-style query framework named QShield. Notably, we propose a novel lightweight secret sharing scheme in QShield to enable multi-user query control; it effectively circumvents key revocation and avoids cumbersome remote attestation for authentication. We further embed a trust-proof mechanism into QShield to guarantee the trustworthiness of TEE function invocation; it ensures the correctness of query results and alleviates side-channel attacks. Through formal security analysis, proof-of-concept implementation and performance evaluation, we show that QShield can securely query over outsourced data with high efficiency and scalable multi-user support.
Authored by Yaxing Chen, Qinghua Zheng, Zheng Yan, Dan Liu
One of the important characteristics envisioned for 6G is security function virtualization (SFV). Similar to network function virtualization (NFV) in 5G networks, SFV provides new opportunities for improving security while reducing the security overhead. In particular, it provides an attractive way of solving compatibility issues related to security. Malware in Internet of Things (IoT) systems is gaining popularity among cyber-criminals because of the expected number of IoT devices in 5G and 6G networks. To solve this issue, this article proposes a security framework that exploits softwarization of security functions via SFV to improve trust in IoT systems and contain the propagation of malware. IoT devices are categorized into trusted, vulnerable, and compromised levels using remote attestation. To isolate the devices in the three distinct categories, NFV is used to create separate networks for each category, and a distributed ledger is used to store the state of each device. Virtualized remote attestation routines are employed to avoid any compatibility issues among heterogeneous IoT devices and effectively contain malware propagation. The results show that the proposed framework can reduce the number of infected devices by 66 percent in only 10 seconds.
Authored by Muhammad Aman, Uzair Javaid, Biplab Sikdar
The releases of Intel SGX and AMD SEV mark the transition of hardware-based enclaves from research prototypes to mainstream products. These two paradigms of secure enclaves are attractive to both the cloud providers and tenants, since security is one of the key pillars of cloud computing. However, it is found that current hardware-defined enclaves are not flexible and efficient enough for the cloud. For example, although SGX can provide strong memory protection with both confidentiality and integrity, the size of secure memory is tightly restricted. On the contrary, SEV enables enclaves to use more memory but has critical security flaws due to no memory integrity protection. Meanwhile, both types of enclaves have relatively long booting latency, which makes them not suitable for short-term tasks like serverless workloads. After an in-depth analysis, we find that there are some intrinsic tradeoffs between security and performance due to the limitation of architectural designs. In this article, we investigate a novel hardware-software co-design of enclaves to meet the requirements of cloud by placing a part of the logic of the enclave mechanism into a lightweight software layer, named Enclavisor, to achieve a balance between security, performance, and flexibility. Specifically, our implementation is based on AMD’s SEV and, Enclavisor is placed in the guest kernel mode of SEV’s secure virtual machines. Enclavisor inherently supports memory encryption with no memory limitation and also achieves efficient booting, multiple enclave granularities, and post-launch remote attestation. Meanwhile, we also propose hardware/ software solutions to mitigate the security flaws caused by the lack of memory integrity. We implement a prototype of Enclavisor on an AMD SEV server. The experiments on both micro-benchmarks and application benchmarks show that enclaves on Enclavisor can have close-to-native performance.
Authored by Jinyu Gu, Xinyu Wu, Bojun Zhu, Yubin Xia, Binyu Zang, Haibing Guan, Haibo Chen
In the face of an increasing attack landscape, it is necessary to cater for efficient mechanisms to verify software and device integrity for detecting run-time modifications in next-generation systems-of-systems. In this context, remote attestation is a promising defense mechanism that allows a third party, the verifier, to ensure a remote device’s configuration integrity and behavioural execution correctness. However, most of the existing families of attestation solutions suffer from the lack of software-based mechanisms for the efficient extraction of rigid control-flow information. This limits their applicability to only those cyber-physical systems equipped with additional hardware support. This paper proposes a multi-level execution tracing framework capitalizing on recent software features, namely the extended Berkeley Packet Filter and Intel Processor Trace technologies, that can efficiently capture the entire platform configuration and control-flow stacks, thus, enabling wide attestation coverage capabilities that can be applied on both resource-constrained devices and cloud services. Our goal is to enhance run-time software integrity and trustworthiness with a scalable tracing solution eliminating the need for federated infrastructure trust.
Authored by Dimitrios Papamartzivanos, Sofia Menesidou, Panagiotis Gouvas, Thanassis Giannetsos
Embedded systems that make up the Internet of Things (IoT), Supervisory Control and Data Acquisition (SCADA) networks, and Smart Grid applications are coming under increasing scrutiny in the security field. Remote Attestation (RA) is a security mechanism that allows a trusted device, the verifier, to determine the trustworthiness of an untrusted device, the prover. RA has become an area of high interest in academia and industry and many research works on RA have been published in recent years. This paper reviewed the published RA research works from 2003-2020. Our contributions are fourfold. First, we have re-framed the problem of RA into 5 smaller problems: root of trust, evidence type, evidence gathering, packaging and verification, and scalability. We have provided a holistic review of RA by discussing the relationships between these problems and the various solutions that exist in modern RA research. Second, we have presented an enhanced threat model that allows for a greater understanding of the security benefits of a given RA scheme. Third, we have proposed a taxonomy to classify and analyze RA research works and use it to categorize 58 RA schemes reported in literature. Fourth, we have provided cost benefit analysis details of each RA scheme surveyed such that security professionals may perform a cost benefit analysis in the context of their own challenges. Our classification and analysis has revealed areas of future research that have not been addressed by researchers rigorously.
Authored by William Johnson, Sheikh Ghafoor, Stacy Prowell
Remote Attestation (RA) is a security service by which a Verifier (Vrf) can verify the platform state of a remote Prover (Prv). However, in most existing RA schemes, the Prv might be vulnerable to denial of service (DoS) attacks due to the interactive challenge-response methodology while there is no authentication about the challenge. Worse, many schemes cannot effectively detect mobile malware that can be inactive during the on-demand attestation launched by the Vrf. In this paper, we propose a self-measurement RA for SGX-based platforms, which can effectively mitigate DoS attacks and defend against mobile malware. To this end, a two-way identity authentication is first enforced between the Prv and Vrf with the help of a blockchain system, in which a shared session key is also generated. Secondly, trigger conditions of measurements on the Prv’s side are time points generated by the Prv self instead of Vrf’s requests. The Vrf can retrieve multiple selfmeasurement results during one execution of the protocol to monitor the Prv’s platform over a period of time continuously, which can detect mobile malware effectively. Our scheme utilizes SGX to provide the runtime protection for sensitive information such as session key, self-measurement code, time points of self-measurements, and self-measurement results, making a higher security guarantee. In addition, the session key, time points of self-measurements, and self-measurement code can be changed or upgraded, making our scheme more flexible and scalable. The simulation implementation and results show that our scheme is feasible and practical.
Authored by Zhengwei Ren, Xueting Li, Li Deng, Yan Tong, Shiwei Xu, Jinshan Tang
Trusted data transmission is the foundation of the Internet of Things (IoT) security, so in the process of data transmission, the trust of IoT nodes needs to be confirmed in real time, and the real-time tracking of node trust is also expected. Yet, modern IoT devices provide limited security capabilities, forming a new attack focus. Remote attestation is a kind of technology to detect network threats by remotely checking the internal situation of terminal devices by a trusted entity. Multidevice attestation is rarely studied although the ongoing single device attestation techniques lack scalability in the application of IoT. In this article, we present a lightweight attestation protocol based on an IoT system under an ideal physical unclonable functions environment. Our protocol can resilient against any strong adversary who physically accesses IoT devices. Simulation results show that our protocol is scalable and can be applied to dynamic networks.
Authored by Xinyin Xiang, Jin Cao, Weiguo Fan
Due to recent notorious security threats, like Miraibotnet, it is challenging to perform efficient data communication and routing in low power and lossy networks (LLNs) such as Internet of Things (IoT), in which huge data collection and processing are predictable. The Routing Protocol for low power and Lossy networks (RPL) is recently standardized as a routing protocol for LLNs. However, the lack of scalability and the vulnerabilities towards various security threats still pose a significant challenge in the broader adoption of RPL in LLNs.
Authored by Mauro Conti, Pallavi Kaliyar, Md Rabbani, Silvio Ranise
Authored by Anna Fritz
The edge computing-based Internet of Things (IoT) offers benefits in terms of efficiency, low latency, security, and privacy. However, programming models and platforms for this edge-based IoT are still an open problem, particularly regarding security and privacy. This paper proposes concrete and realizable ideas for building a secure programming platform called Secure Swarm Programming Platform (SSPP) to ensure platform-level security for the edge-based IoT while utilizing existing systemlevel security mechanisms. SSPP’s easy-to-use software components can enable static and dynamic security analysis of IoT applications, preventing vulnerabilities and detecting intrusions. Software deployed through SSPP can be remotely attested by a verifier on the edge, ensuring it remains untampered with. This paper also plans out future research and evaluation of SSPP’s programmability, security, and remote attestation.
Authored by Hokeun Kim
In the context of cloud environments, data providers entrust their data to data consumers in order to allow further computing on their own IT infrastructure. Usage control measures allow the data provider to restrict the usage of its data even on the data consumer’s system. Two of these restrictions can be the geographic location and time limitations. Current solutions that could be used to enforce such constraints can be easily manipulated. These include solutions based on the system time, organizational agreements, GPS-based techniques or simple delay measurements to derive the distance to known reference servers.
Authored by Hendrik Felde, Jean-Luc Reding, Michael Lux
Confidential computing services enable users to run or use applications in Trusted Execution Environments (TEEs) leveraging secure hardware, like Intel SGX or AMD SEV, and verify them by performing remote attestation. Typically this process is very rigid and not always aligned with the trust assumptions of the users regarding the hardware identities, stakeholders and software that are considered trusted. In our work, we enable the users to tailor their trust boundaries according to their security concerns and remotely attest the different TEEs specifically based on those.
Authored by Anna Galanou
With the development of cloud computing and edge computing, data sharing and collaboration have become increasing between cloud edge and end. Under the assistance of edge cloud, end users can access the data stored in the cloud by data owners. However, in an unprotected cloud-edge-end network environment, data sharing is vulnerable to security threats from malicious users, and data confidentiality cannot be guaranteed. Most of the existing data sharing approaches use the identity authentication mechanism to resist unauthorized accessed by illegal end users, but the mechanism cannot guarantee the credibility of the end user’s network environment. Therefore, this article proposes an approach for trusted sharing of data under cloud-edge-end collaboration (TSDCEE), in which we verify the trustworthiness of the data requester’s network environment based on the mechanism of attribute remote attestation. Finally, this article uses model checking Spin method to formally analyze TSDCEE, and verifies the security properties of TSDCEE.
Authored by Xuejian Li, Mingguang Wang
With the proliferation of IoT devices, the number of devices connected to the Internet has been rapidly increasing. An edge computing platform must flexible and efficient data control. Also, edge nodes are not always reliable. Edge node administrators can leak data through intentional mishandling. In this paper, we propose an edge computing platform on modular architecture that protects data and processing from interception and a processing flow based on data characteristics using Intel SGX and multi-authority attribute-based encryption. In addition, we report a performance evaluation of our method.
Authored by Yuma Nishihira, Takuya Ishibashi, Yoshio Kakizaki, Toshihiro Ohigashi, Hidenobu Watanabe, Tohru Kondo, Reiji Aibara
Authored by Liquan Chen, Yiwen Miao, Chen Yu, Suhui Liu
The wide adoption of IoT gadgets and CyberPhysical Systems (CPS) makes embedded devices increasingly important. While some of these devices perform mission-critical tasks, they are usually implemented using Micro-Controller Units (MCUs) that lack security mechanisms on par with those available to general-purpose computers, making them more susceptible to remote exploits that could corrupt their software integrity. Motivated by this problem, prior work has proposed techniques to remotely assess the trustworthiness of embedded MCU software. Among them, Control Flow Attestation (CFA) enables remote detection of runtime abuses that illegally modify the program’s control flow during execution (e.g., control flow hijacking and code reuse attacks).
Authored by Antonio Neto, Ivan Nunes
The continuing integration of decentralized energy generators requires a more flexible power grid, which necessitates the use of stronger automation and more communication technologies between the control systems. This is accompanied by an increase in the attack surface of the power grid, such as attacks on firmware of intelligent electronic devices. This publication aims to secure intelligent electronic devices by monitoring their firmware. To achieve this aim, Trusted Computing technology such as remote attestation are integrated into the power grid domain specific communication standards to improve security in the current power grid architecture. The outcome is an appropriate conceptual information model for the IEC 61850 standard in order to be qualified to transfer remote attestation information and exchange them with the control centre. Such a solution is perfectly designed for automatic remote monitoring.
Authored by Bastian Fraune, Torben Woltjen, Björn Siemers, Richard Sethmann