2,831 research outputs found
Fortress: Securing IoT Peripherals with Trusted Execution Environments
With the increasing popularity of Internet of Things (IoT) devices, securing
sensitive user data has emerged as a major challenge. These devices often
collect confidential information, such as audio and visual data, through
peripheral inputs like microphones and cameras. Such sensitive information is
then exposed to potential threats, either from malicious software with
high-level access rights or transmitted (sometimes inadvertently) to untrusted
cloud services. In this paper, we propose a generic design to enhance the
privacy in IoT-based systems by isolating peripheral I/O memory regions in a
secure kernel space of a trusted execution environment (TEE). Only a minimal
set of peripheral driver code, resident within the secure kernel, can access
this protected memory area.
This design effectively restricts any unauthorised access by system software,
including the operating system and hypervisor. The sensitive peripheral data is
then securely transferred to a user-space TEE, where obfuscation mechanisms can
be applied before it is relayed to third parties, e.g., the cloud. To validate
our architectural approach, we provide a proof-of-concept implementation of our
design by securing an audio peripheral based on inter-IC sound (I2S), a serial
bus to interconnect audio devices. The experimental results show that our
design offers a robust security solution with an acceptable computational
overhead.Comment: 8 page
Recommended from our members
Energy Information Systems: From the Basement to the Boardroom
A significant buildings energy reduction opportunity exists in the office sector, given that this market segment typically is an early adopter of new technology. There is a rising trend towards smart and connected offices through the internet of things (IoT) that provides new opportunities for operational efficiency and environmental sustainability practices. Leading commercial real estate companies have begun to shift from individual building automation systems (BAS) to partially integrated and automated systems such as energy information systems (EIS). In both the United States and India, organizations are seeking operational excellence, enhanced tenant relationships, and topline growth. Hence it is imperative to engage the executives with decision-making power, by tapping into their interest in sustainability, corporate social responsibility, and innovation. This expansion of interest can enable data-driven decisions, strong energy investments, and deeper energy benefits, and would drive innovation in this field. However, none of this would be possible without robust, consistent building energy information to provide visibility across all the levels of decision making, i.e. from the basement where the facilities staff take operational action to the boardroom where the executives make investment decisions.
Price, security, and ease of use remain barriers to the adoption and pervasive use of promising EIS technologies in commercial office buildings. We believe that these barriers can be addressed through the development of ready, simplified, consistent, commercially available, low-cost EIS-in-a-box packages, that have a pre-defined set of hardware components and software features and functionality that are pertinent to a particular building sector. These simplified, sector-specific EIS packages can help to obviate the need for customization, and enhance ease of use, thereby enabling scale-up, in order to facilitate building energy savings. The EIS-in-a-box are adaptable in both U.S. and Indian office buildings, and potentially beyond these two countries
Security Evaluation of Cyber-Physical Systems in Society- Critical Internet of Things
In this paper, we present evaluation of security
awareness of developers and users of cyber-physical systems. Our
study includes interviews, workshops, surveys and one practical
evaluation. We conducted 15 interviews and conducted survey with
55 respondents coming primarily from industry. Furthermore, we
performed practical evaluation of current state of practice for a
society-critical application, a commercial vehicle, and reconfirmed
our findings discussing an attack vector for an off-line societycritical
facility. More work is necessary to increase usage of security
strategies, available methods, processes and standards. The security
information, currently often insufficient, should be provided in the
user manuals of products and services to protect system users. We
confirmed it lately when we conducted an additional survey of
users, with users feeling as left out in their quest for own security
and privacy. Finally, hardware-related security questions begin to
come up on the agenda, with a general increase of interest and
awareness of hardware contribution to the overall cyber-physical
security. At the end of this paper we discuss possible
countermeasures for dealing with threats in infrastructures,
highlighting the role of authorities in this quest
Connected Bike-smart IoT-based Cycling Training Solution
The Connected Bike project combines several technologies, both hardware and software,
to provide cycling enthusiasts with a modern alternative solution for training. Therefore, a trainer
can monitor online through a Web Application some of the important parameters for training, more
specifically the speed, cadence and power generated by the cyclist. Also, the trainer can see at every
moment where the rider is with the aid of a GPS module. The system is built out of both hardware and
software components. The hardware is in charge of collecting, scaling, converting and sending data
from sensors. On the software side, there is the server, which consists of the Back-End and the MQTT
(Message Queues Telemetry Transport) Broker, as well as the Front-End of the Web Application that
displays and manages data as well as collaboration between cyclists and trainers. Finally, there is the
Android Application that acts like a remote command for the hardware module on the bike, giving
the rider control over how and when the ride is monitored
Development of a smart electric motor testbed for Internet of things and big data technologies
Smart devices and Internet of Things (IoT) technologies are becoming each day more common. At the same
time, besides the exponentially increasing demand to analyze the produced data, there is an evolving trend to perform the data analysis closer to the data sources, particularly at the Fog and Edge levels. In this sense, the development of testbeds that can, e.g., simulate smart devices in IoT environments, are important to explore and develop the technologies to enable the complete realization of such IoT concepts. This paper describes
the digitization of an electric motor, through the incorporation of sensing and an analytical computational environment, towards the development of a testbed for IoT and Big Data technologies.
The smart electric motor testbed provides real-time data streams, enabling a continuous monitoring of its operation along all the device life-cycle through advanced data analytics. Furthermore, the paper discusses how specific data analytics features fit the different IoT layers, while preliminary experiments demonstrate
the testbed potentials.info:eu-repo/semantics/publishedVersio
Novel Attacks and Defenses for Enterprise Internet-of-Things (E-IoT) Systems
This doctoral dissertation expands upon the field of Enterprise Internet-of-Things (E-IoT) systems, one of the most ubiquitous and under-researched fields of smart systems. E-IoT systems are specialty smart systems designed for sophisticated automation applications (e.g., multimedia control, security, lighting control). E-IoT systems are often closed source, costly, require certified installers, and are more robust for their specific applications. This dissertation begins with an analysis of the current E-IoT threat landscape and introduces three novel attacks and defenses under-studied software and protocols heavily linked to E-IoT systems. For each layer, we review the literature for the threats, attacks, and countermeasures. Based on the systematic knowledge we obtain from the literature review, we propose three novel attacks and countermeasures to protect E-IoT systems. In the first attack, we present PoisonIvy, several attacks developed to show that malicious E-IoT drivers can be used to compromise E-IoT. In response to PoisonIvy threats, we describe Ivycide, a machine-learning network-based solution designed to defend E-IoT systems against E-IoT driver threats. As multimedia control is a significant application of E-IoT, we introduce is HDMI-Walk, a novel attack vector designed to demonstrate that HDMI\u27s Consumer Electronics Control (CEC) protocol can be used to compromise multiple devices through a single connection. To defend devices from this threat, we introduce HDMI-Watch, a standalone intrusion detection system (IDS) designed to defend HDMI-enabled devices from HDMI-Walk-style attacks. Finally, this dissertation evaluates the security of E-IoT proprietary protocols with LightingStrike, a series of attacks used to demonstrate that popular E-IoT proprietary communication protocols are insecure. To address LightningStrike threats, we introduce LGuard, a complete defense framework designed to defend E-IoT systems from LightingStrike-style attacks using computer vision, traffic obfuscation, and traffic analysis techniques. For each contribution, all of the defense mechanisms proposed are implemented without any modification to the underlying hardware or software. All attacks and defenses in this dissertation were performed with implementations on widely-used E-IoT devices and systems. We believe that the research presented in this dissertation has notable implications on the security of E-IoT systems by exposing novel threat vectors, raising awareness, and motivating future E-IoT system security research
- …