Establishing Mutually Trusted Channels for Remote Sensing Devices with Trusted Execution Environments

Carlton Shepherd, Raja Akram, Konstantinos Markantonakis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

Remote and largely unattended sensing devices are being deployed rapidly in sensitive environments, such as healthcare, in the home, and on corporate premises. A major challenge, however, is trusting data from such devices to inform critical decision-making using standardised trust mechanisms. Previous attempts have focused heavily on Trusted Platform Modules (TPMs) as a root of trust, but these forgo desirable features of recent developments, namely Trusted Execution Environments (TEEs), such as Intel SGX and the GlobalPlatform TEE. In this paper, we contrast the application of TEEs in trusted sensing devices with TPMs, and raise the challenge of secure TEE-to-TEE communication between remote devices with mutual trust assurances. To this end, we present a novel secure and trusted channel protocol that performs mutual remote attestation in a single run for small-scale devices with TEEs. This is evaluated on two ARM development boards hosting GlobalPlatform-compliant TEEs, yielding approximately four-times overhead versus untrusted world TLS and SSH. Our work provides strong resilience to integrity and confidentiality attacks from untrusted world adversaries, facilitates TEE interoperability, and is subjected to mechanical formal analysis using Scyther.
Original languageEnglish
Title of host publicationARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security
PublisherACM
Pages1-10
Number of pages10
DOIs
Publication statusPublished - 29 Aug 2017

Fingerprint

Dive into the research topics of 'Establishing Mutually Trusted Channels for Remote Sensing Devices with Trusted Execution Environments'. Together they form a unique fingerprint.

Cite this