Skip to main content
main-content

Tipp

Weitere Kapitel dieses Buchs durch Wischen aufrufen

2021 | OriginalPaper | Buchkapitel

KeVlar-Tz: A Secure Cache for Arm TrustZone

(Practical Experience Report)

verfasst von : Oscar Benedito, Ricard Delgado-Gonzalo, Valerio Schiavoni

Erschienen in: Distributed Applications and Interoperable Systems

Verlag: Springer International Publishing

share
TEILEN

Abstract

Edge devices are increasingly in charge of storing privacy-sensitive data, in particular implantables, wearables, and nearables can potentially collect and process high-resolution vital signs 24/7. Storing and performing computations over such data in a privacy-preserving fashion is of paramount importance. We present KeVlar-Tz, an application-level trusted cache designed to leverage Arm TrustZone, a popular trusted execution environment available in consumer-grade devices. To facilitate the integration with existing systems and IoT devices and protocols, KeVlar-Tz exposes a REST-based interface with connection endpoints inside the TrustZone enclave. Furthermore, it exploits the on-device secure persistent storage to guarantee durability of data across reboots. We fully implemented KeVlar-Tz on top of the Op-Tee framework, and experimentally evaluated its performance. Our results showcase performance trade-offs, for instance in terms of throughput and latency, for various workloads, and we believe our results can be useful for practitioners and in general developers of systems for TrustZone. KeVlar-Tz is available as open-source at https://​github.​com/​mqttz/​kevlar-tz/​.
Literatur
10.
Zurück zum Zitat Alves, T., Felton, D.: TrustZone: integrated hardware and software security. ARM Inf. Q. 3(4), 18–24 (2004) Alves, T., Felton, D.: TrustZone: integrated hardware and software security. ARM Inf. Q. 3(4), 18–24 (2004)
12.
Zurück zum Zitat Bennett, T.R., Wu, J., Kehtarnavaz, N., Jafari, R.: Inertial measurement unit-based wearable computers for assisted living applications: a signal processing perspective. IEEE Sig. Process. Mag. 33(2), 28–35 (2016) CrossRef Bennett, T.R., Wu, J., Kehtarnavaz, N., Jafari, R.: Inertial measurement unit-based wearable computers for assisted living applications: a signal processing perspective. IEEE Sig. Process. Mag. 33(2), 28–35 (2016) CrossRef
13.
Zurück zum Zitat Cao, Z., Dong, S., Vemuri, S., Du, D.H.C.: Characterizing, modeling, and benchmarking RocksDB key-value workloads at Facebook. In: Proceedings of USENIX FAST 20, pp. 209–223. USENIX Association (2020) Cao, Z., Dong, S., Vemuri, S., Du, D.H.C.: Characterizing, modeling, and benchmarking RocksDB key-value workloads at Facebook. In: Proceedings of USENIX FAST 20, pp. 209–223. USENIX Association (2020)
15.
Zurück zum Zitat Chételat, O., et al.: Clinical validation of LTMS-S: a wearable system for vital signs monitoring. In: Proceedings of IEEE EMBC 2015, pp. 3125–3128 (2015) Chételat, O., et al.: Clinical validation of LTMS-S: a wearable system for vital signs monitoring. In: Proceedings of IEEE EMBC 2015, pp. 3125–3128 (2015)
16.
Zurück zum Zitat Costan, V., Devadas, S.: IntelSGX explained. IACR Cryptol. ePrint Arch. 2016(86), 1–118 (2016) Costan, V., Devadas, S.: IntelSGX explained. IACR Cryptol. ePrint Arch. 2016(86), 1–118 (2016)
17.
Zurück zum Zitat Coyle, S., Curto, V.F., Benito-Lopez, F., Florea, L., Diamond, D.: Wearable bio and chemical sensors. In: Wearable Sensors, pp. 65–83. Elsevier (2014) Coyle, S., Curto, V.F., Benito-Lopez, F., Florea, L., Diamond, D.: Wearable bio and chemical sensors. In: Wearable Sensors, pp. 65–83. Elsevier (2014)
20.
Zurück zum Zitat Farahani, S.: ZigBee Wireless Networks and Transceivers. Newnes, Oxford (2011) Farahani, S.: ZigBee Wireless Networks and Transceivers. Newnes, Oxford (2011)
21.
Zurück zum Zitat Faraone, A., Delgado-Gonzalo, R.: Convolutional-recurrent neural networks on low-power wearable platforms for cardiac arrhythmia detection. In: Proceedings of IEEE AICAS 2020, pp. 153–157 (2020) Faraone, A., Delgado-Gonzalo, R.: Convolutional-recurrent neural networks on low-power wearable platforms for cardiac arrhythmia detection. In: Proceedings of IEEE AICAS 2020, pp. 153–157 (2020)
22.
Zurück zum Zitat Gentilal, M., Martins, P., Sousa, L.: TrustZone-backed bitcoin wallet. In: Proceedings of CS2 2017, pp. 25–28 (2017) Gentilal, M., Martins, P., Sousa, L.: TrustZone-backed bitcoin wallet. In: Proceedings of CS2 2017, pp. 25–28 (2017)
23.
Zurück zum Zitat Gentry, C., et al.: A Fully Homomorphic Encryption Scheme, vol. 20. Stanford University, Stanford (2009) MATH Gentry, C., et al.: A Fully Homomorphic Encryption Scheme, vol. 20. Stanford University, Stanford (2009) MATH
24.
Zurück zum Zitat Gokhale, S., Agrawal, N., Noonan, S., Ungureanu, C.: KVZone and the search for a write-optimized key-value store. In: HotStorage (2010) Gokhale, S., Agrawal, N., Noonan, S., Ungureanu, C.: KVZone and the search for a write-optimized key-value store. In: HotStorage (2010)
25.
Zurück zum Zitat Göttel, C., et al.: Security, performance and energy trade-offs of hardware-assisted memory protection mechanisms. In: Proceedings of SRDS 2018, pp. 133–142. IEEE (2018) Göttel, C., et al.: Security, performance and energy trade-offs of hardware-assisted memory protection mechanisms. In: Proceedings of SRDS 2018, pp. 133–142. IEEE (2018)
26.
Zurück zum Zitat Halevi, S., Shoup, V.: Design and implementation of a homomorphic-encryption library. IBM Res. (Manuscr.) 6(12–15), 8–36 (2013) Halevi, S., Shoup, V.: Design and implementation of a homomorphic-encryption library. IBM Res. (Manuscr.) 6(12–15), 8–36 (2013)
27.
Zurück zum Zitat Han, J., Haihong, E., Le, G., Du, J.: Survey on NoSQL database. In: Proceedings of PerCom 2011, pp. 363–366. IEEE (2011) Han, J., Haihong, E., Le, G., Du, J.: Survey on NoSQL database. In: Proceedings of PerCom 2011, pp. 363–366. IEEE (2011)
28.
Zurück zum Zitat Havet, A., Pires, R., Felber, P., Pasin, M., Rouvoy, R., Schiavoni, V.: SecureStreams: a reactive middleware framework for secure data stream processing. In: Proceedings of ACM DEBS 2017, DEBS ’17, pp. 124–133. Association for Computing Machinery (2017) Havet, A., Pires, R., Felber, P., Pasin, M., Rouvoy, R., Schiavoni, V.: SecureStreams: a reactive middleware framework for secure data stream processing. In: Proceedings of ACM DEBS 2017, DEBS ’17, pp. 124–133. Association for Computing Machinery (2017)
29.
Zurück zum Zitat Jouppi, N.P.: Cache write policies and performance. ACM SIGARCH Comput. Archit. News 21(2), 191–201 (1993) CrossRef Jouppi, N.P.: Cache write policies and performance. ACM SIGARCH Comput. Archit. News 21(2), 191–201 (1993) CrossRef
30.
Zurück zum Zitat Kaplan, D., Powell, J., Woller, T.: AMD memory encryption. White paper (2016) Kaplan, D., Powell, J., Woller, T.: AMD memory encryption. White paper (2016)
31.
Zurück zum Zitat Lee, D., Kohlbrenner, D., Shinde, S., Asanović, K., Song, D.: Keystone: an open framework for architecting trusted execution environments. In: Proceedings of EuroSys 2020, pp. 1–16 (2020) Lee, D., Kohlbrenner, D., Shinde, S., Asanović, K., Song, D.: Keystone: an open framework for architecting trusted execution environments. In: Proceedings of EuroSys 2020, pp. 1–16 (2020)
32.
Zurück zum Zitat Lee, W.S., Hong, S.H.: Implementation of a KNX-ZigBee gateway for home automation. In: Proceedings of IEEE ICCE 2009, ISCE’09, pp. 545–549. IEEE (2009) Lee, W.S., Hong, S.H.: Implementation of a KNX-ZigBee gateway for home automation. In: Proceedings of IEEE ICCE 2009, ISCE’09, pp. 545–549. IEEE (2009)
33.
Zurück zum Zitat Li, Y., Hong, S.H.: BACnet-EnOcean smart grid gateway and its application to demand response in buildings. Energy Build. 78, 183–191 (2014) CrossRef Li, Y., Hong, S.H.: BACnet-EnOcean smart grid gateway and its application to demand response in buildings. Energy Build. 78, 183–191 (2014) CrossRef
34.
Zurück zum Zitat Lin, H., Bergmann, N.W.: IoT privacy and security challenges for smart home environments. Information 7(3), 44 (2016) CrossRef Lin, H., Bergmann, N.W.: IoT privacy and security challenges for smart home environments. Information 7(3), 44 (2016) CrossRef
35.
Zurück zum Zitat Padalalu, P., Mahajan, S., Dabir, K., Mitkar, S., Javale, D.: Smart water dripping system for agriculture/farming. In: Proceedings of I2CT 2017, pp. 659–662. IEEE (2017) Padalalu, P., Mahajan, S., Dabir, K., Mitkar, S., Javale, D.: Smart water dripping system for agriculture/farming. In: Proceedings of I2CT 2017, pp. 659–662. IEEE (2017)
36.
Zurück zum Zitat Park, H., Zhai, S., Lu, L., Lin, F.X.: StreamBox-TZ: secure stream analytics at the edge with TrustZone. In: Proceedings of USENIX ATC 2019, pp. 537–554. USENIX Association (2019) Park, H., Zhai, S., Lu, L., Lin, F.X.: StreamBox-TZ: secure stream analytics at the edge with TrustZone. In: Proceedings of USENIX ATC 2019, pp. 537–554. USENIX Association (2019)
37.
Zurück zum Zitat Pinto, S., Santos, N.: Demystifying arm TrustZone: a comprehensive survey. ACM Comput. Surv. (CSUR) 51(6), 1–36 (2019) CrossRef Pinto, S., Santos, N.: Demystifying arm TrustZone: a comprehensive survey. ACM Comput. Surv. (CSUR) 51(6), 1–36 (2019) CrossRef
38.
Zurück zum Zitat Reddy, A.K., Paramasivam, P., Vemula, P.B.: Mobile secure data protection using eMMC RPMB partition. In: Proceedings of CoCoNet 2015, pp. 946–950. IEEE (2015) Reddy, A.K., Paramasivam, P., Vemula, P.B.: Mobile secure data protection using eMMC RPMB partition. In: Proceedings of CoCoNet 2015, pp. 946–950. IEEE (2015)
39.
Zurück zum Zitat Sasaki, T., Tomita, K., Hayaki, Y., Liew, S.P., Yamagaki, N.: Secure IoT device architecture using TrustZone. In: Proceedings of IEEE SECON 2020, pp. 1–6 (2020) Sasaki, T., Tomita, K., Hayaki, Y., Liew, S.P., Yamagaki, N.: Secure IoT device architecture using TrustZone. In: Proceedings of IEEE SECON 2020, pp. 1–6 (2020)
40.
Zurück zum Zitat Segarra, C., Delgado-Gonzalo, R., Schiavoni, V.: MQT-TZ: hardening IoT brokers using ARM TrustZone. In: Proceedings of SRDS 2020 (2020) Segarra, C., Delgado-Gonzalo, R., Schiavoni, V.: MQT-TZ: hardening IoT brokers using ARM TrustZone. In: Proceedings of SRDS 2020 (2020)
42.
Zurück zum Zitat Tamura, T., Maeda, Y., Sekine, M., Yoshida, M.: Wearable photoplethysmographic sensors–past and present. Electronics 3(2), 282–302 (2014) CrossRef Tamura, T., Maeda, Y., Sekine, M., Yoshida, M.: Wearable photoplethysmographic sensors–past and present. Electronics 3(2), 282–302 (2014) CrossRef
43.
Zurück zum Zitat Wan, S., Sun, M., Sun, K., Zhang, N., He, X.: RusTEE: developing memory-safe ARM TrustZone applications. In: Proceedings of ACSAC 2020, ACSAC ’20, pp. 442–453. Association for Computing Machinery (2020) Wan, S., Sun, M., Sun, K., Zhang, N., He, X.: RusTEE: developing memory-safe ARM TrustZone applications. In: Proceedings of ACSAC 2020, ACSAC ’20, pp. 442–453. Association for Computing Machinery (2020)
44.
Zurück zum Zitat Zhang, N., Sun, K., Lou, W., Hou, Y.T.: CaSE: cache-assisted secure execution on ARM processors. In: Proceedings of IEEE SP 2016, pp. 72–90 (2016) Zhang, N., Sun, K., Lou, W., Hou, Y.T.: CaSE: cache-assisted secure execution on ARM processors. In: Proceedings of IEEE SP 2016, pp. 72–90 (2016)
Metadaten
Titel
KeVlar-Tz: A Secure Cache for Arm TrustZone
verfasst von
Oscar Benedito
Ricard Delgado-Gonzalo
Valerio Schiavoni
Copyright-Jahr
2021
DOI
https://doi.org/10.1007/978-3-030-78198-9_8

Premium Partner