MQT-TZ: Hardening IoT Brokers Using ARM TrustZone : (Practical Experience Report)

Segarra, Carlos; Delgado-Gonzalo, Ricard; Schiavoni, Valerio

doi:10.1109/srds51746.2020.00033

Cited by 11 publications

(13 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A benefit to OSCORE is that it has low overhead compared to DTLS [34,35] and there remain unaddressed issues with multiple DTLS implementations [30]; however, OSCORE does not provide forward secrecy, and additional standards (such as EDHOC [62]) would be required to set up security contexts to do so. Other approaches can involve trusted execution environments such as ARM TrustZone [60].…”

Section: Related Workmentioning

confidence: 99%

Threat-modeling-guided Trust-based Task Offloading for Resource-constrained Internet of Things

Bradbury

Jhumka

Watson

et al. 2022

ACM Trans. Sen. Netw.

View full text Add to dashboard Cite

There is an increasing demand for Internet of Things (IoT) networks consisting of resource-constrained devices executing increasingly complex applications. Due to these resource constraints, IoT devices will not be able to execute expensive tasks. One solution is to offload expensive tasks to resource-rich edge nodes, which requires a framework that facilitates the selection of suitable edge nodes to perform task offloading. Therefore, in this article, we present a novel trust-model-driven system architecture , based on behavioral evidence , that is suitable for resource-constrained IoT devices and supports computation offloading. We demonstrate the viability of the proposed architecture with an example deployment of the Beta Reputation System trust model on real hardware to capture node behaviors. The open environment of edge-based IoT networks means that threats against edge nodes can lead to deviation from expected behavior. Hence, we perform a threat modeling to identify such threats. The proposed system architecture includes threat handling mechanisms that provide security properties such as confidentiality, authentication, and non-repudiation of messages in required scenarios and operate within the resource constraints. We evaluate the efficacy of the threat handling mechanisms and identify future work for the standards used.

show abstract

Section: Related Workmentioning

confidence: 99%

Threat-modeling-guided Trust-based Task Offloading for Resource-constrained Internet of Things

Bradbury

Jhumka

Watson

et al. 2022

ACM Trans. Sen. Netw.

View full text Add to dashboard Cite

show abstract

“…A benefit to OSCORE is that it has low overhead compared to DTLS [18,19] and there remain unaddressed issues with multiple DTLS implementations [17], however, OSCORE does not provide forward secrecy. Other approaches can involve trusted execution environments such as ARM TrustZone [27].…”

Section: Related Workmentioning

confidence: 99%

Trust assessment in 32 KiB of RAM

Bradbury

Jhumka

Watson

2021

Proceedings of the 36th Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

There is an increasing demand for Internet of Things (IoT) systems comprised of resource-constrained sensor and actuator nodes executing increasingly complex applications, possibly simultaneously. IoT devices will not be able to execute computationally expensive tasks and will require more powerful computing nodes, called edge nodes, for such execution, in a process called computation offloading. When multiple powerful nodes are available, a selection problem arises: which edge node should a task be submitted to? This problem is even more acute when the system is subjected to attacks, such as DoS, or network perturbations such as system overload.In this paper, we present a trust model-based system architecture for computation offloading, based on behavioural evidence. The system architecture provides confidentiality, authentication and non-repudiation of messages in required scenarios and will operate within the resource constraints of embedded IoT nodes. We demonstrate the viability of the architecture with an example deployment of Beta Reputation System trust model on real hardware. CCS CONCEPTS• Computer systems organization → Sensor networks; • Security and privacy → Trust frameworks.

show abstract

“…-Query a cache, to fetch the value associated to a given key. For instance, when using MQT-TZ [40], for a given ID, the cache will return the corresponding encryption key.…”

Section: Architecturementioning

confidence: 99%

“…The TEE and REE are two different systems and, as such, programs can't communicate (i.e., share data) between each other as if they where running on the same machine. However, KEVLAR-TZ can be useful as a secure cache service to an application running in the normal world (e.g., in the MQT-TZ broker scenario [40]). To expose KEVLAR-TZ to the normal world, we designed and implemented a TCP interface, protected by TRUSTZONE, that allows to communicate KEVLAR-TZ with any other application reachable on the network.…”

Section: Architecturementioning

confidence: 99%

See 1 more Smart Citation

KEVLAR-TZ: A Secure Cache for ARM TrustZone

Benedito¹,

Delgado-Gonzalo²,

Schiavoni³

2021

Preprint

Self Cite

View full text Add to dashboard Cite

Edge devices are increasingly in charge of storing privacy-sensitive data, in particular implantables, wearables, and nearables can potentially collect and process high-resolution vital signs 24/7. Storing and performing computations over such data in a privacy-preserving fashion is of paramount importance. We present KEVLAR-TZ, an application-level trusted cache designed to leverage ARM TRUSTZONE, a popular trusted execution environment available in consumer-grade devices. To facilitate the integration with existing systems and IoT devices and protocols, KEVLAR-TZ exposes a REST-based interface with connection endpoints inside the TRUSTZONE enclave. Furthermore, it exploits the on-device secure persistent storage to guarantee durability of data across reboots. We fully implemented KEVLAR-TZ on top of the OP-TEE framework, and experimentally evaluated its performance. Our results showcase performance trade-offs, for instance in terms of throughput and latency, for various workloads, and we believe our results can be useful for practitioners and in general developers of systems for TRUSTZONE. KEVLAR-TZ is available as open-source at https://github.com/mqttz/kevlar-tz/.

show abstract

MQT-TZ: Hardening IoT Brokers Using ARM TrustZone : (Practical Experience Report)

Cited by 11 publications

References 30 publications

Threat-modeling-guided Trust-based Task Offloading for Resource-constrained Internet of Things

Threat-modeling-guided Trust-based Task Offloading for Resource-constrained Internet of Things

Trust assessment in 32 KiB of RAM

KEVLAR-TZ: A Secure Cache for ARM TrustZone

Contact Info

Product

Resources

About