Establishing Mutually Trusted Channels for Remote Sensing Devices with Trusted Execution Environments. / Shepherd, Carlton; Akram, Raja; Markantonakis, Konstantinos.

12th International Conference on Availability, Reliability and Security (ARES '17). ACM, 2017. p. 1-10.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

Establishing Mutually Trusted Channels for Remote Sensing Devices with Trusted Execution Environments. / Shepherd, Carlton; Akram, Raja; Markantonakis, Konstantinos.

12th International Conference on Availability, Reliability and Security (ARES '17). ACM, 2017. p. 1-10.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Shepherd, C, Akram, R & Markantonakis, K 2017, Establishing Mutually Trusted Channels for Remote Sensing Devices with Trusted Execution Environments. in 12th International Conference on Availability, Reliability and Security (ARES '17). ACM, pp. 1-10, 12th International Conference on Availability, Reliability and Security , Reggio Calabria, Italy, 29/08/17. https://doi.org/10.1145/3098954.3098971

APA

Vancouver

Author

Shepherd, Carlton ; Akram, Raja ; Markantonakis, Konstantinos. / Establishing Mutually Trusted Channels for Remote Sensing Devices with Trusted Execution Environments. 12th International Conference on Availability, Reliability and Security (ARES '17). ACM, 2017. pp. 1-10

BibTeX

@inproceedings{a874a4ec901848b59f2365bc69ffd44a,
title = "Establishing Mutually Trusted Channels for Remote Sensing Devices with Trusted Execution Environments",
abstract = "Remote and largely unattended sensing devices are being deployed rapidly in sensitive environments, such as healthcare, in the home, and on corporate premises. A major challenge, however, is trusting data from such devices to inform critical decision-making using standardised trust mechanisms. Previous attempts have focused heavily on Trusted Platform Modules (TPMs) as a root of trust, but these forgo desirable features of recent developments, namely Trusted Execution Environments (TEEs), such as Intel SGX and the GlobalPlatform TEE. In this paper, we contrast the application of TEEs in trusted sensing devices with TPMs, and raise the challenge of secure TEE-to-TEE communication between remote devices with mutual trust assurances. To this end, we present a novel secure and trusted channel protocol that performs mutual remote attestation in a single run for small-scale devices with TEEs. This is evaluated on two ARM development boards hosting GlobalPlatform-compliant TEEs, yielding approximately four-times overhead versus untrusted world TLS and SSH. Our work provides strong resilience to integrity and confidentiality attacks from untrusted world adversaries, facilitates TEE interoperability, and is subjected to mechanical formal analysis using Scyther.",
author = "Carlton Shepherd and Raja Akram and Konstantinos Markantonakis",
year = "2017",
month = aug,
day = "29",
doi = "10.1145/3098954.3098971",
language = "English",
pages = "1--10",
booktitle = "12th International Conference on Availability, Reliability and Security (ARES '17)",
publisher = "ACM",
note = "12th International Conference on Availability, Reliability and Security , ARES '17 ; Conference date: 29-08-2017 Through 31-08-2017",

}

RIS

TY - GEN

T1 - Establishing Mutually Trusted Channels for Remote Sensing Devices with Trusted Execution Environments

AU - Shepherd, Carlton

AU - Akram, Raja

AU - Markantonakis, Konstantinos

PY - 2017/8/29

Y1 - 2017/8/29

N2 - Remote and largely unattended sensing devices are being deployed rapidly in sensitive environments, such as healthcare, in the home, and on corporate premises. A major challenge, however, is trusting data from such devices to inform critical decision-making using standardised trust mechanisms. Previous attempts have focused heavily on Trusted Platform Modules (TPMs) as a root of trust, but these forgo desirable features of recent developments, namely Trusted Execution Environments (TEEs), such as Intel SGX and the GlobalPlatform TEE. In this paper, we contrast the application of TEEs in trusted sensing devices with TPMs, and raise the challenge of secure TEE-to-TEE communication between remote devices with mutual trust assurances. To this end, we present a novel secure and trusted channel protocol that performs mutual remote attestation in a single run for small-scale devices with TEEs. This is evaluated on two ARM development boards hosting GlobalPlatform-compliant TEEs, yielding approximately four-times overhead versus untrusted world TLS and SSH. Our work provides strong resilience to integrity and confidentiality attacks from untrusted world adversaries, facilitates TEE interoperability, and is subjected to mechanical formal analysis using Scyther.

AB - Remote and largely unattended sensing devices are being deployed rapidly in sensitive environments, such as healthcare, in the home, and on corporate premises. A major challenge, however, is trusting data from such devices to inform critical decision-making using standardised trust mechanisms. Previous attempts have focused heavily on Trusted Platform Modules (TPMs) as a root of trust, but these forgo desirable features of recent developments, namely Trusted Execution Environments (TEEs), such as Intel SGX and the GlobalPlatform TEE. In this paper, we contrast the application of TEEs in trusted sensing devices with TPMs, and raise the challenge of secure TEE-to-TEE communication between remote devices with mutual trust assurances. To this end, we present a novel secure and trusted channel protocol that performs mutual remote attestation in a single run for small-scale devices with TEEs. This is evaluated on two ARM development boards hosting GlobalPlatform-compliant TEEs, yielding approximately four-times overhead versus untrusted world TLS and SSH. Our work provides strong resilience to integrity and confidentiality attacks from untrusted world adversaries, facilitates TEE interoperability, and is subjected to mechanical formal analysis using Scyther.

U2 - 10.1145/3098954.3098971

DO - 10.1145/3098954.3098971

M3 - Conference contribution

SP - 1

EP - 10

BT - 12th International Conference on Availability, Reliability and Security (ARES '17)

PB - ACM

T2 - 12th International Conference on Availability, Reliability and Security

Y2 - 29 August 2017 through 31 August 2017

ER -