PubSub-SGX: Exploiting Trusted Execution Environments for Privacy-Preserving Publish/Subscribe Systems

Arnautov, Sergei; Brito, Andrey; Felber, Pascal; Fetzer, Christof; Gregor, Franz; Krahn, Robert; Ozga, Wojciech; Martin, André; Schiavoni, Valerio; Silva, Fábio; Tenorio, Marcus; Thummel, Nikolaus

doi:10.1109/srds.2018.00023

Cited by 14 publications

(2 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…PubSub-SGX [10] is a content-based publish/subscribe framework on top of SCONE [11], a compilation tool chain to securely run Linux containers inside SGX enclaves. PubSub-SGX is implemented in Python.…”

Section: Related Workmentioning

confidence: 99%

MQT-TZ: Hardening IoT Brokers Using ARM TrustZone

Segarra,

Delgado-Gonzalo,

Schiavoni

2020

Preprint

Self Cite

View full text Add to dashboard Cite

The publish-subscribe paradigm is an efficient communication scheme with strong decoupling between the nodes, that is especially fit for large-scale deployments. It adapts natively to very dynamic settings and it is used in a diversity of real-world scenarios, including finance, smart cities, medical environments, or IoT sensors. Several of the mentioned application scenarios require increasingly stringent security guarantees due to the sensitive nature of the exchanged messages as well as the privacy demands of the clients/stakeholders/receivers. MQTT is a lightweight topic-based publish-subscribe protocol popular in edge and IoT settings, a de-facto standard widely adopted nowadays by the industry and researchers. However, MQTT brokers must process data in clear, hence exposing a large attack surface. This paper presents MQT-TZ, a secure MQTT broker leveraging ARM TRUSTZONE, a trusted execution environment (TEE) commonly found even on inexpensive devices largely available on the market (such as Raspberry Pi units). We define a mutual TLS-based handshake and a two-layer encryption for end-to-end security using the TEE as a trusted proxy. The experimental evaluation of our fully implemented prototype with micro-, macro-benchmarks, as well as with real-world industrial workloads from a MedTech use-case, highlights several tradeoffs using TRUSTZONE TEE. We report several lessons learned while building and evaluating our system. We release MQT-TZ as open-source.

show abstract

Section: Related Workmentioning

confidence: 99%

MQT-TZ: Hardening IoT Brokers Using ARM TrustZone

Segarra,

Delgado-Gonzalo,

Schiavoni

2020

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Our experimental evaluation shows that SGX adds only limited overhead to insecure plaintext matching outside secure enclaves while providing much better performance and more powerful filtering capabilities than alternative software-only solutions. Since its publication [10], further research explored our scheme [95] or proposed alternatives [96].…”

Section: Communication and Data Processingmentioning

confidence: 99%

Distributed systems and trusted execution environments : trade-offs and challenges

Pires¹

View full text Add to dashboard Cite

Security and privacy concerns in computer systems have grown in importance with the ubiquity of connected devices. Additionally, cloud computing boosts such distress as private data is stored and processed in multi-tenant infrastructure providers. In recent years, trusted execution environments (TEEs) have caught the attention of scientific and industry communities as they became largely available in user-and server-class machines. TEEs provide security guarantees based on cryptographic constructs built in hardware. Since silicon chips are difficult to probe or reverse engineer, they can offer stronger protection against remote or even physical attacks when compared to their software counterparts. Intel software guard extensions (SGX), in particular, implements powerful mechanisms that can shield sensitive data even from privileged users with full control of system software. Designing secure distributed systems is a notably daunting task, since they involve many coordinated processes running in geographically-distant nodes, therefore having numerous points of attack. In this work, we essentially explore some of these challenges by using Intel SGX as a crucial tool. We do so by designing and experimentally evaluating several elementary systems ranging from communication and processing middleware to a peer-to-peer privacy-preserving solution. We start with support systems that naturally fit cloud deployment scenarios, namely content-based routing, batching and stream processing frameworks. Our communication middleware protects the most critical stage of matching subscriptions against publications inside secure enclaves and achieves substantial performance gains in comparison to traditional software-based equivalents. The processing platforms, in turn, receive encrypted data and code to be executed within the trusted environment. Our prototypes are then used to analyse the manifested memory usage issues intrinsic to SGX. Next, we aim at protecting very sensitive data: cryptographic keys. By leveraging TEEs, we design protocols for group data sharing that have lower computational complexity than legacy methods. As a bonus, our proposals allow large savings on metadata volume and processing time of cryptographic operations, all with equivalent security guarantees. Finally, we focus our attention on privacy-preserving systems. After all, users cannot modify some existing systems like web-search engines, and the providers of these services may keep individual profiles containing sensitive private information about them. We aim at achieving indistinguishability and unlinkability properties by employing techniques like sensitivity analysis, query obfuscation and leveraging relay nodes. Our evaluation shows that we propose the most robust system in comparison to existing solutions with regard to user re-identification rates and results' accuracy in a scalable way. All in all, this thesis proposes new mechanisms that take advantage of TEEs for distributed system architectures. We show through an empirical approach on top of...

show abstract