175 research outputs found
A Manifest-Based Framework for Organizing the Management of Personal Data at the Edge of the Network
Smart disclosure initiatives and new regulations such as GDPR allow individuals to get the control back on their data by gathering their entire digital life in a Personal Data Management Systems (PDMS). Multiple PDMS architectures exist, from centralized web hosting solutions to self-data hosting at home. These solutions strongly differ on their ability to preserve data privacy and to perform collective computations crossing data of multiple individuals (e.g., epidemiological or social studies) but none of them satisfy both objectives. The emergence of Trusted Execution Environments (TEE) changes the game. We propose a solution called Trusted PDMS, combining the TEE and PDMS properties to manage the data of each individual, and a Manifest-based framework to securely execute collective computation on top of them. We demonstrate the practicality of the solution through a real case-study being conducted over 10.000 patients in the healthcare field
Let It TEE: Asynchronous Byzantine Atomic Broadcast with n ≥ 2f + 1
Asynchronous Byzantine Atomic Broadcast (ABAB) promises, in comparison to partially synchronous approaches, simplicity in implementation, increased performance, and increased robustness. For partially synchronous approaches, it is well-known that small Trusted Execution Environments (TEE), e.g., MinBFT\u27s unique sequential identifier generator (USIG), are capable of reducing the communication effort while increasing the fault tolerance. For ABAB, the research community assumes that the use of TEEs increases performance and robustness. However, despite the existence of a fault-model compiler, a concrete TEE-based approach is not directly available yet. In this brief announcement, we show that the recently proposed DAG-Rider approach can be transformed to provide ABAB with processes, of which are faulty. We leverage MinBFT\u27s USIG to implement Reliable Broadcast with processes and show that the quorum-critical proofs of DAG-Rider still hold when adapting the quorum size to
Security by design for IoT devices
Unprotected IoT devices are an easy target for cyber-attacks. This white paper shows the application of a systematic development process to identify threats, derive security requirements and implement effective protection measures. The example of a simple WiFi-based sensor illustrates the design process and adequate protection measures. The latest generation of Secure Microcontrollers featuring Trusted Execution Environments (TEE) as well as Secure Elements both provide options to store key material securely and perform cryptographic operations in an energy-efficient way. The interaction of these hardware components together with dedicated firmware and a Public Key Infrastructure (PKI) enables a low-power sensor to connect securely to the cloud
Trusted Execution Environments in Protecting Machine Learning Models
The adaptation and application of machine learning (ML) has grown extensively in recent years, and has awakened concern about the safety of intellectual property (IP) related to the machine learning models. The training of machine learning models is a time-consuming and expensive task, that has increased the demand of better solutions to protect the intellectual property of the machine learning models. This thesis explores the promising potential of Trusted Execution Environments (TEE) like Intel's Software Guard Extensions (Intel SGX), in protecting intellectual property related to machine learning models. The concern of ML model safety arises especially when the software solution needs to be distributed to clients or machine learning operations needs to be done in an untrusted environment. The main focus of this thesis is on Intel's SGX, which is one of the most used TEE implementations. This thesis tries to answer to the questions on how TEEs can be used to protect IP of the ML models, what aspects need to be considered and what limitations may arise
Remote attestation of SEV-SNP confidential VMs using e-vTPMs
Departing from "your data is safe with us" model where the cloud
infrastructure is trusted, cloud tenants are shifting towards a model in which
the cloud provider is not part of the trust domain. Both silicon and cloud
vendors are trying to address this shift by introducing confidential computing
- an umbrella term that provides mechanisms for protecting the data in-use
through encryption below the hardware boundary of the CPU, e.g., Intel Software
Guard Extensions (SGX), AMD secure encrypted virtualization (SEV), Intel trust
domain extensions (TDX), etc.
In this work, we design and implement a virtual trusted platform module
(vTPM) that virtualizes the hardware root-of-trust without requiring to trust
the cloud provider. To ensure the security of a vTPM in a provider-controlled
environment, we leverage unique isolation properties of the SEV-SNP hardware
and a novel approach to ephemeral TPM state management. Specifically, we
develop a stateless ephemeral vTPM that supports remote attestation without
persistent state. This allows us to pair each confidential VM with a private
instance of a vTPM that is completely isolated from the provider-controlled
environment and other VMs. We built our prototype entirely on open-source
components - Qemu, Linux, and Keylime. Though our work is AMD-specific, a
similar approach could be used to build remote attestation protocol on other
trusted execution environments (TEE).Comment: 12 pages, 4 figure
On Monetizing Personal Wearable Devices Data: A Blockchain-based Marketplace for Data Crowdsourcing and Federated Machine Learning in Healthcare
Machine learning advancements in healthcare have made data collected through smartphones and wearable devices a vital source of public health and medical insights. While wearable device data helps to monitor, detect, and predict diseases and health conditions, some data owners hesitate to share such sensitive data with companies or researchers due to privacy concerns. Moreover, wearable devices have been recently available as commercial products;Â thus large, diverse, and representative datasets are not available to most researchers. In this article, we propose an open marketplace where wearable device users securely monetize their wearable device records by sharing data with consumers (e.g., researchers) to make wearable device data more available to healthcare researchers. To secure the data transactions in a privacy-preserving manner, we use a decentralized approach using Blockchain and Non-Fungible Tokens (NFTs). To ensure data originality and integrity with secure validation, our marketplace uses Trusted Execution Environments (TEE) in wearable devices to verify the correctness of health data. The marketplace also allows researchers to train models using Federated Learning with a TEE-backed secure aggregation of data users may not be willing to share. To ensure user participation, we model incentive mechanisms for the Federated Learning-based and anonymized data-sharing approaches using NFTs. We also propose using payment channels and batching to reduce smart contact gas fees and optimize user profits. If widely adopted, we believe that TEE and Blockchain-based incentives will promote the ethical use of machine learning with validated wearable device data in healthcare and improve user participation due to incentives.
MicroTEE: Designing TEE OS Based on the Microkernel Architecture
ARM TrustZone technology is widely used to provide Trusted Execution
Environments (TEE) for mobile devices. However, most TEE OSes are implemented
as monolithic kernels. In such designs, device drivers, kernel services and
kernel modules all run in the kernel, which results in large size of the
kernel. It is difficult to guarantee that all components of the kernel have no
security vulnerabilities in the monolithic kernel architecture, such as the
integer overflow vulnerability in Qualcomm QSEE TrustZone and the TZDriver
vulnerability in HUAWEI Hisilicon TEE architecture. This paper presents
MicroTEE, a TEE OS based on the microkernel architecture. In MicroTEE, the
microkernel provides strong isolation for TEE OS's basic services, such as
crypto service and platform key management service. The kernel is only
responsible for providing core services such as address space management,
thread management, and inter-process communication. Other fundamental services,
such as crypto service and platform key management service are implemented as
applications at the user layer. Crypto Services and Key Management are used to
provide Trusted Applications (TAs) with sensitive information encryption, data
signing, and platform attestation functions. Our design avoids the compromise
of the whole TEE OS if only one kernel service is vulnerable. A monitor has
also been added to perform the switch between the secure world and the normal
world. Finally, we implemented a MicroTEE prototype on the Freescale i.MX6Q
Sabre Lite development board and tested its performance. Evaluation results
show that the performance of cryptographic operations in MicroTEE is better
than it in Linux when the size of data is small.Comment: 8 pages, 8 figure
- …