Achieving Data Dissemination with Security using FIWARE and Intel Software Guard Extensions (SGX)

Valadares, Dalton Cézane Gomes; Silva, Matteus Sthefano Leite da; Brito, Andrey; Salvador, Ewerton Monteiro

doi:10.1109/iscc.2018.8538590

Cited by 17 publications

(10 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Crocker and Querido [20] proposed an approach that uses a hardware token and the OAuth 2.0 protocol to build a two-factor encryption architecture, which can be used with any cloud storage provider. Valadares et al [56] proposed an architecture that requires TEEs to decrypt and compute the sensitive data, in cloud/fog-based IoT applications, and applies authentication and authorization for the participants, increasing the security and privacy of the data.…”

Section: Cloud Storage Security and Privacymentioning

confidence: 99%

Trusted Client-Side Encryption for Cloud Storage

Rocha

Valadares

Perkusich

et al. 2021

Communications in Computer and Information Science

View full text Add to dashboard Cite

Nowadays, users are delegating the data storage to cloud services, due to the virtually unlimited storage, change history, broadband connection, and high availability. Despite the benefits and facilities, it is necessary to pay extra attention to data confidentiality and users' privacy, as numerous threats aim to collect such information in an unauthorized manner. An approach to ensure data confidentiality is the use of client-side encryption, with the user taking control of the encryption keys and defining which files or data will be encrypted. This scheme is already explored by many applications on personal computers and also as a native feature in some smartphone operating systems, but are still susceptible to certain types of attacks. Aiming to improve the security of the client-side encryption approach, we propose to apply the Intel Software Guard Extensions (SGX) to perform data sealing, creating a secure vault that can be synchronized with any cloud storage service, while relying on the SGX to protect the key handling. To validate our proposal, we build a proof of concept based on the Cryptomator application, an open-source client-side encryption tool specially designed for cloud storage services. Our results show an overall performance better than the original Cryptomator application, with stronger security premises. Thus, our solution proved to be feasible and can be expanded and refined for practical use and integration with cloud synchronization services.

show abstract

Section: Cloud Storage Security and Privacymentioning

confidence: 99%

Trusted Client-Side Encryption for Cloud Storage

Rocha

Valadares

Perkusich

et al. 2021

Communications in Computer and Information Science

View full text Add to dashboard Cite

show abstract

“…In [31], Trusted Execution Environments (TEEs) are proposed to increase the security and privacy of data storage and processing in cloud/fog-based IoT applications. The authors propose an architecture that applies authentication and authorization for the participants, and cryptography for the generated data.…”

Section: A Cloud Storage Security and Privacymentioning

confidence: 99%

Secure Cloud Storage with Client-Side Encryption Using a Trusted Execution Environment

da Rocha,

Valadares,

Perkusich

et al. 2020

Preprint

View full text Add to dashboard Cite

With the evolution of computer systems, the amount of sensitive data to be stored as well as the number of threats on these data grow up, making the data confidentiality increasingly important to computer users. Currently, with devices always connected to the Internet, the use of cloud data storage services has become practical and common, allowing quick access to such data wherever the user is. Such practicality brings with it a concern, precisely the confidentiality of the data which is delivered to third parties for storage. In the home environment, disk encryption tools have gained special attention from users, being used on personal computers and also having native options in some smartphone operating systems. The present work uses the data sealing, feature provided by the Intel Software Guard Extensions (Intel SGX) technology, for file encryption. A virtual file system is created in which applications can store their data, keeping the security guarantees provided by the Intel SGX technology, before send the data to a storage provider. This way, even if the storage provider is compromised, the data are safe. To validate the proposal, the Cryptomator software, which is a free client-side encryption tool for cloud files, was integrated with an Intel SGX application (enclave) for data sealing. The results demonstrate that the solution is feasible, in terms of performance and security, and can be expanded and refined for practical use and integration with cloud synchronization services.

show abstract

“…Fiware [13] provides secure key management through key vault running in SGX. However, [12], [13] cannot verify any sensor data. Also, in [12], [13], if data-capture rules are mis-notified to the user, SGX cannot detect any inconsistency.…”

Section: Comparison With Existing Workmentioning

confidence: 99%

“…However, [12], [13] cannot verify any sensor data. Also, in [12], [13], if data-capture rules are mis-notified to the user, SGX cannot detect any inconsistency. In contrast, IOT NOTARY does not deal with attacks on sensors, as well as, a specific key management protocol.…”

Section: Comparison With Existing Workmentioning

confidence: 99%

IoT Notary: Sensor Data Attestation in Smart Environment

Panwar

Sharma

Wang

et al. 2019

2019 IEEE 18th International Symposium on Network Computing and Applications (NCA)

View full text Add to dashboard Cite

Contemporary IoT environments, such as smart buildings, require end-users to trust data-capturing rules published by the systems. There are several reasons why such a trust is misplaced -IoT systems may violate the rules deliberately or IoT devices may transfer user data to a malicious third-party due to cyberattacks, leading to the loss of individuals' privacy or service integrity. To address such concerns, we propose IOT NOTARY, a framework to ensure trust in IoT systems and applications. IOT NOTARY provides secure log sealing on live sensor data to produce a verifiable 'proof-of-integrity,' based on which a verifier can attest that captured sensor data adheres to the published data-capturing rules. IOT NOTARY is an integral part of TIPPERS, a smart space system that has been deployed at UCI to provide various real-time location-based services in the campus. IOT NOTARY imposes nominal overheads for verification, thereby users can verify their data of one day in less than two seconds. Use-case: University WiFi data collection. In our on-going project, entitled TIPPERS [1], we have developed a variety of location-based services based on WiFi connectivity dataset. At UC Irvine, more than 2000 WiFi access-points and four WLAN controllers (managed by the university IT department) provide campus-wide wireless network coverage. Whenever a device connects to the campus WiFi network (through an access-point), the access-point generates Simple Network Management Protocol (SNMP) trap for this association event. Each association event contains access-point-id, s i , user device MAC address, d j , and the time of the association, t k . All SNMP traps s i , d j , t k are sent to access-point's controllers in Accepted in IEEE International Symposium on Network Computing and Applications (NCA), 2019. For the final version, please refer to the conference proceeding.

show abstract

Achieving Data Dissemination with Security using FIWARE and Intel Software Guard Extensions (SGX)

Cited by 17 publications

References 14 publications

Trusted Client-Side Encryption for Cloud Storage

Trusted Client-Side Encryption for Cloud Storage

Secure Cloud Storage with Client-Side Encryption Using a Trusted Execution Environment

IoT Notary: Sensor Data Attestation in Smart Environment

Contact Info

Product

Resources

About