EmLog: Tamper-Resistant System Logging for Constrained Devices with TEEs

Carlton Shepherd, Raja Naeem Akram, Konstantinos Markantonakis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Remote mobile and embedded devices are used to deliver increasingly impactful services, such as medical rehabilitation and assistive technologies. Secure system logging is beneficial in these scenarios to aid audit and forensic investigations particularly if devices bring harm to end-users. Logs should be tamper-resistant in storage, during execution, and when retrieved by a trusted remote verifier. In recent years, Trusted Execution Environments (TEEs) have emerged as the go-to root of trust on constrained devices for isolated execution of sensitive applications. Existing TEE-based logging systems, however, focus largely on protecting server-side logs and offer little protection to constrained source devices. In this paper, we introduce EmLog – a tamper-resistant logging system for constrained devices using the GlobalPlatform TEE. EmLog provides protection against complex software adversaries and offers several additional security properties over past schemes. The system is evaluated across three log datasets using an off-the-shelf ARM development board running an open-source, GlobalPlatform-compliant TEE. On average, EmLog runs with low run-time memory overhead (1MB heap and stack), 430–625 logs/second throughput, and five-times persistent storage overhead versus unprotected logs.
Original languageEnglish
Title of host publicationInformation Security Theory and Practice
Subtitle of host publicationWISTP 2017
EditorsG Hancke , E Damiani
PublisherSpringer
Pages75-92
Number of pages18
ISBN (Electronic)978-3-319-93524-9
ISBN (Print)978-3-319-93523-2
DOIs
Publication statusPublished - 21 Jun 2018
EventIFIP International Conference on Information Security Theory and Practice: WISTP 2017 - Heraklion, Greece
Duration: 28 Sep 201729 Sep 2017

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume10741
ISSN (Print)0302-9743

Conference

ConferenceIFIP International Conference on Information Security Theory and Practice
CountryGreece
CityHeraklion
Period28/09/1729/09/17

Keywords

  • system logging
  • embedded security
  • trusted computing

Fingerprint Dive into the research topics of 'EmLog: Tamper-Resistant System Logging for Constrained Devices with TEEs'. Together they form a unique fingerprint.

  • Cite this

    Shepherd, C., Akram, R. N., & Markantonakis, K. (2018). EmLog: Tamper-Resistant System Logging for Constrained Devices with TEEs. In G. Hancke , & E. Damiani (Eds.), Information Security Theory and Practice: WISTP 2017 (pp. 75-92). (Lecture Notes in Computer Science; Vol. 10741). Springer . https://doi.org/10.1007/978-3-319-93524-9_5