Secure Edge Computing with Lightweight Control-Flow Property-based Attestation

Koutroumpouchos, Nikolaos; Ntantogian, Christoforos; Menesidou, Sofia Anna; Liang, Kaitai; Gouvas, Panagiotis; Xenakis, Christos; Giannetsos, Thanassis

doi:10.1109/netsoft.2019.8806658

Cited by 14 publications

(14 citation statements)

References 34 publications

(32 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although, standard classification algorithms are not designed with such requirement in mind, in this paper we assessed their accuracy in presence of data infected with adversarial samples. We strongly believe that this work can be the basis of future research that will attempt to address two main challenges within the IoT security and privacy field: (a) accuracy, in the context of concept drift, of IoT data and how this can be balanced with computational complexity; and (b) near real-time performance of any proposed data trustworthiness framework in the presence of vast volume of IoT data processed; e.g., in the cloud in the form of big data or at the edge of a network Speaking about improving data verification, future work in the field can be geared towards proposing a combination of machine learning techniques to enhance classification accuracy within the investigated model with other advanced data verification approaches [35]. One shall use ensemble learning to utilize multiple classifiers so that they can leverage their advantages and enhance the overall accuracy of IoT data verification [36].…”

Section: Road-map and Future Prospectsmentioning

confidence: 99%

Orchestrating SDN Control Plane towards Enhanced IoT Security

Hasan

Akhunzada

Giannetsos

et al. 2020

2020 6th IEEE Conference on Network Softwarization (NetSoft)

Self Cite

View full text Add to dashboard Cite

The Internet of Things (IoT) is rapidly evolving, while introducing several new challenges regarding security, resilience and operational assurance. In the face of an increasing attack landscape, it is necessary to cater for the provision of efficient mechanisms to collectively detect sophisticated malware resulting in undesirable (run-time) device and network modifications. This is not an easy task considering the dynamic and heterogeneous nature of IoT environments; i.e., different operating systems, varied connected networks and a wide gamut of underlying protocols and devices. Malicious IoT nodes or gateways can potentially lead to the compromise of the whole IoT network infrastructure. On the other hand, the SDN control plane has the capability to be orchestrated towards providing enhanced security services to all layers of the IoT networking stack. In this paper, we propose an SDN-enabled control plane based orchestration that leverages emerging Long Short-Term Memory (LSTM) classification models; a Deep Learning (DL) based architecture to combat malicious IoT nodes. It is a first step towards a new line of security mechanisms that enables the provision of scalable AI-based intrusion detection focusing on the operational assurance of only those specific, critical infrastructure components,thus, allowing for a much more efficient security solution. The proposed mechanism has been evaluated with current state of the art datasets (i.e., N BaIoT 2018) using standard performance evaluation metrics. Our preliminary results show an outstanding detection accuracy (i.e., 99.9%) which significantly outperforms state-of-the-art approaches. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that security does not hinder the deployment of intelligent IoT-based computing systems.

show abstract

Section: Road-map and Future Prospectsmentioning

confidence: 99%

Orchestrating SDN Control Plane towards Enhanced IoT Security

Hasan

Akhunzada

Giannetsos

et al. 2020

2020 6th IEEE Conference on Network Softwarization (NetSoft)

Self Cite

View full text Add to dashboard Cite

show abstract

“…In the context of CloudVaults, a detailed dynamic tracing of the kernel shared libraries, low-level code, etc., and an in-depth investigation of the VF's configuration is performed to detect any cheating attempts or integrity violations. Such a T rce can be realized either as: (i ) a static binary analyzer for extracting hashed binary data measurements (i.e., digests) [1], or (ii ) a general, lightweight tracer with kernel-based code monitoring capabilities based on the use of "execution hooks" (e.g., extended Berkeley Filters) [15].…”

Section: Configmentioning

confidence: 99%

“…However, if this were to be possible, then we could never trust the measurements in T C. The enforcement of P-4 and P-5 on a VF overcomes such attacks. P-4 ensures that Adv cannot tamper with the execution of T rce, and can in practice be achieved using more complicated (and resource-heavy) attestation methods, such as Control Flow Attestation (CFA) [15]. The latter, P-5, requires that a VF always enforces the LTL invariant given in Eq.…”

Section: Game 1 (Update Measurements) Notationmentioning

confidence: 99%

CloudVaults: Integrating Trust Extensions into System Integrity Verification for Cloud-Based Environments

2020

Self Cite

View full text Add to dashboard Cite

“…Utilizing the above core capabilities, TrustZone TEEs can provide a wide range of functionalities such as: verification of kernel integrity, access to secure credential generation, secure storage (Android Keystore, dm-verity), secure element emulation for secure mobile payments, enforcement of corporate policies, implementation and verification of secure boot, content protection, digital rights management solutions (PlayReady, Widevine, etc.) and device integrity attestation in the scope of IoT and ARM Cortex-M; although its performance could be optimized for low powered devices with novel attestation schemes [ 54 ].…”

Section: Introductionmentioning

confidence: 99%

Building Trust for Smart Connected Devices: The Challenges and Pitfalls of TrustZone

Koutroumpouchos

Ntantogian

Xenakis

2021

Sensors

Self Cite

View full text Add to dashboard Cite

TrustZone-based Trusted Execution Environments (TEEs) have been utilized extensively for the implementation of security-oriented solutions for several smart intra and inter-connected devices. Although TEEs have been promoted as the starting point for establishing a device root of trust, a number of published attacks against the most broadly utilized TEE implementations request a second view on their security. The aim of this research is to provide an analytical and educational exploration of TrustZone-based TEE vulnerabilities with the goal of pinpointing design and implementation flaws. To this end, we provide a taxonomy of TrustZone attacks, analyze them, and more importantly derive a set of critical observations regarding their nature. We perform a critical appraisal of the vulnerabilities to shed light on their underlying causes and we deduce that their manifestation is the joint effect of several parameters that lead to this situation. The most important ones are the closed implementations, the lack of security mechanisms, the shared resource architecture, and the absence of tools to audit trusted applications. Finally, given the severity of the identified issues, we propose possible improvements that could be adopted by TEE implementers to remedy and improve the security posture of TrustZone and future research directions.

show abstract

Secure Edge Computing with Lightweight Control-Flow Property-based Attestation

Cited by 14 publications

References 34 publications

Orchestrating SDN Control Plane towards Enhanced IoT Security

Orchestrating SDN Control Plane towards Enhanced IoT Security

CloudVaults: Integrating Trust Extensions into System Integrity Verification for Cloud-Based Environments

Building Trust for Smart Connected Devices: The Challenges and Pitfalls of TrustZone

Contact Info

Product

Resources

About