Smaug: A TEE-Assisted Secured SQLite for Embedded Systems

Lu, Di; Shi, Minqiang; Ma, Xindi; Liu, Ximeng; Guo, Rui; Zheng, Tianfang; Shen, Yulong; Dong, Xuewen; Ma, Jianfeng

doi:10.1109/tdsc.2022.3216020

Cited by 4 publications

(7 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Note that though SII is presented to the user, it runs in a secure OS, and an attacker cannot compromise it to obtain plaintext data. SELECT: In order to achieve secure data retrieval, a CA invokes the TA to generate and execute SELECT statements via sending predefined REE-side database operation commands (RDOC, proposed in Section IV-B of literature [5]). RDOCs are a set of commands composed of a few keywords and symbols, and each command is mapped to a specific SQL statement.…”

Section: Insertmentioning

confidence: 99%

“…This will violate the system real-time requirements and even make the system unavailable. Moreover, in some recent work, Trusted Execution Environment (TEE) is also adopted to protect critical database components [5], [6], [7], [8], such as encryption proxy, from threats of system vulnerabilities and attackers. Unfortunately, due to the lack of specific design and optimizations, these TEEassisted schemes do not have high performance or usability in embedded systems.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

BiTDB: Constructing A Built-in TEE Secure Database for Embedded Systems

Ma,

Lu,

et al. 2024

IEEE Trans. Knowl. Data Eng.

View full text Add to dashboard Cite

In this paper, we propose BiTDB, a built-in Trusted Execution Environment (TEE) database for embedded systems, to realize higher system availability while ensuring data confidentiality. With BiTDB, dilemmas the state-of-the-art research work on secure embedded databases has to face can be significantly reduced and eliminated, including (i) complicated research and realization on searchable encryption algorithms (SEA), (ii) limited support to all database operations, and (iii) almost none of specific design and optimizations toward build-in TEE embedded databases. Through BiTDB, all database operations can process plaintext in TEE instead of retrieving on ciphertext by developing complicated SEAs. To enable BiTDB to handle database files in Rich Execution Environmen (REE) as local ones, we extend the TEE OS with generic file I/O libraries. Then, we contribute three critical optimizations to significantly reduce redundant memory and file operations between TEE and REE, and BiTDB achieve better system performance and availability in embedded systems. Finally, we have implemented the prototype system based on OP-TEE and SQLite for several typical platforms, including virtualization and hardware environments. The TPC-H test shows BiTDB can achieve 85% (on average) of the original database performance while guaranteeing data confidentiality and integrity. Our project repository is at https://github.com/CharlieMCY/BiTDB.

show abstract

Section: Insertmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

BiTDB: Constructing A Built-in TEE Secure Database for Embedded Systems

Ma,

Lu,

et al. 2024

IEEE Trans. Knowl. Data Eng.

View full text Add to dashboard Cite

show abstract

“…Using the Hikey development board, they designed and implemented a prototype system to show how TrustZone can be incorporated with Android and used to secure SQLite data. Moreover, authors in [36] proposed Smaug, a secure scheme to ensure the confidentiality and integrity of SQLite databases in embedded systems. They used TrustZone-based TEE to target most embedded systems; while the use of TPM module is to add a solid root-of-trust (RoT) to the system.…”

Section: Related Workmentioning

confidence: 99%

“…Larger programs may cause higher memory consumption, leading to slower performance. It indicates that measuring the memory usage overhead of any developed system is essential to evaluate its overall performance [50], [36]. Figure 11 illustrates the memory consumption overhead of our parallel SQLite-XTS system.…”

Section: Measuring Memory Overheadmentioning

confidence: 99%

Embedded Devices Security: Design and Implementation of a Light RDBMS Encryption Utilizing Multi-Core Processors

et al. 2023

View full text Add to dashboard Cite

The pervasive proliferation of embedded, mobile, and IoT devices continue to change our lifestyle dramatically. However, the huge increase in these devices has come with critical breaches to data resting inside them. Many types of such data are considered to be sensitive and confidential. Because the most sensitive data of such devices are resting in databases, focusing on encrypting SQLite databases will be more efficient than full disk encryption (FDE). While SQLite is a very popular, lightweight, and easy-to-use relational database suitable for embedded and mobile devices, its stored data suffers serious security risks. If an attacker can gain access to higher system privileges or find a way to access the database plain file, he can tamper with the database files and user-sensitive data, which breaches the security CIA triad of SQLite. To ensure data confidentiality in SQLite databases of embedded devices, we present a design and implementation of a parallel database encryption system, called SQLite-XTS. The developed system encrypts the database pages on-the-fly in a transparent manner without user intervention. Because performance is a critical issue, SQLite-XTS utilizes multi-core processors coming with most current mobile and embedded devices. The developed parallel SQLite-XTS was successfully implemented and integrated into a testbed device. To assess the performance and feasibility of this system, it was compared to three other SQLite implementations: plain SQLite, serial XTS SQLite, and SQLCipher-CBC. The results show that SQLite-XTS reduces the overhead of database encryption from 30.8% with serial implementation to 17.8% when SQLite-XTS is used. This provides the developed system with an efficiency of 73% compared with its serial counterpart. The results clarify that SQLite-XTS introduces significant performance improvements compared to other implementations. Experiments also show that the system has a very low impact on the memory of these resource-limited devices.

show abstract

“…Recently, an attribute-based encryption method was proposed to support fine-grained access control of EDR data [10]. In addition, D. Lu et al proposed TEE-based SQLite for embedded systems [28]. The system utilizes TEE to encrypt sensitive data and safely perform sensitive operations by isolating them from unreliable environments.…”

Section: B Related Workmentioning

confidence: 99%

TB-Logger: Secure Vehicle Data Logging Method Using Trusted Execution Environment and Blockchain

Kang

2023

IEEE Access

View full text Add to dashboard Cite

With the development of IT technologies, event data recorder (EDR) devices are now installed in modern vehicles to record and analyze vehicle-related events. As data recorded in EDRs began to be used as conclusive proof in courts, many researchers turned their to focus on developing methodologies that can protect data recorded in EDRs from data forgery attacks. In general, these existing methods generate verification values for EDR data by using a digital signature algorithm. However, these methods do not provide a way to protect the data stored in an EDR from data forgery attacks in the event of an emergency, such as a car accident, and it is not possible to properly create a verification value for the EDR data due to unexpected and sudden events like a power supply problem. Thus, in this paper, we propose TB-Logger, a novel method that protects EDR data even when there is an emergency situation. TB-Logger relies on the trusted execution environment (TEE) to protect EDR data from data forgery attacks, which ultimately result in data modification, reordering, and deletion. In addition, in the event of an emergency, TB-Logger utilizes a blockchain system to store verification values and publicly verify the data generated during the event. We evaluated the practicality of TB-Logger using two real vehicles: the Hyundai Avante CN7 and the Tesla Model 3. Through these tests, we confirmed that TB-Logger can generate verification values for EDR data without incurring any data loss.

show abstract

Smaug: A TEE-Assisted Secured SQLite for Embedded Systems

Cited by 4 publications

References 37 publications

BiTDB: Constructing A Built-in TEE Secure Database for Embedded Systems

BiTDB: Constructing A Built-in TEE Secure Database for Embedded Systems

Embedded Devices Security: Design and Implementation of a Light RDBMS Encryption Utilizing Multi-Core Processors

TB-Logger: Secure Vehicle Data Logging Method Using Trusted Execution Environment and Blockchain

Contact Info

Product

Resources

About