Sonia Jahid,Shirin Nilizadeh,Prateek Mittal,Nikita Borisov,Apu Kapadia

DOI: https://doi.org/10.48550/arXiv.1111.5377

2011-12-16

Abstract:A multitude of privacy breaches, both accidental and malicious, have prompted users to distrust centralized providers of online social networks (OSNs) and investigate decentralized solutions. We examine the design of a fully decentralized (peer-to-peer) OSN, with a special focus on privacy and security. In particular, we wish to protect the confidentiality, integrity, and availability of user content and the privacy of user relationships. We propose DECENT, an architecture for OSNs that uses a distributed hash table to store user data, and features cryptographic protections for confidentiality and integrity, as well as support for flexible attribute policies and fast revocation. DECENT ensures that neither data nor social relationships are visible to unauthorized users and provides availability through replication and authentication of updates. We evaluate DECENT through simulation and experiments on the PlanetLab network and show that DECENT is able to replicate the main functionality of current centralized OSNs with manageable overhead.

Cryptography and Security,Networking and Internet Architecture,Social and Information Networks

Tong Sun,Borui Li,Yixiao Teng,Yi Gao,Wei Dong

DOI: https://doi.org/10.1109/ipsn61024.2024.00021

2024-01-01

Abstract:Internet of Things (IoT) applications have recently been widely used in safety-critical scenarios. To prevent sensitive information leaks, IoT device vendors provide hardware-assisted protections, called Trusted Execution Environments (TEEs), like ARM Trust-Zone. Programming a TEE-based application requires separate code for two components, significantly slowing down the development process. Existing solutions tackle this issue by automatic code partition while not successfully applying it in two complicated scenarios: adding trusted logic and interactions with secure peripherals.We propose dTEE, a declarative approach to secure IoT applications based on TrustZone. dTEE proposes a rapid approach that enables developers to declare tiered-sensitive variables and functions of existing applications. Besides, dTEE automatically transforms device drivers into trusted ones. We evaluate dTEE on four real-world IoT applications and seven micro-benchmarks. Results show that dTEE achieves high expressiveness for supporting 50% more applications than existing approaches and reduces 90% of the lines of code against handcrafted development.

Xiaolin Zhang,Kailun Qin,Shipei Qu,Tengfei Wang,Chi Zhang,Dawu Gu

2024-08-09

Abstract:Remote Attestation (RA) enables the integrity and authenticity of applications in Trusted Execution Environment (TEE) to be verified. Existing TEE RA designs employ a centralized trust model where they rely on a single provisioned secret key and a centralized verifier to establish trust for remote parties. This model is however brittle and can be untrusted under advanced attacks nowadays. Besides, most designs only have fixed procedures once deployed, making them hard to adapt to different emerging situations and provide resilient functionalities. Therefore, we propose JANUS, an open and resilient TEE RA scheme. To decentralize trust, we, on one hand, introduce Physically Unclonable Function (PUF) as an intrinsic root of trust (RoT) in TEE to directly provide physical trusted measurements. On the other hand, we design novel decentralized verification functions on smart contract with result audits and RA session snapshot. Furthermore, we design an automated switch mechanism that allows JANUS to remain resilient and offer flexible RA services under various situations. We provide a UC-based security proof and demonstrate the scalability and generality of JANUS by implementing an complete prototype.

Cryptography and Security

Carlton Shepherd,Raja N. Akram,Konstantinos Markantonakis

DOI: https://doi.org/10.48550/arXiv.1804.10707

2018-11-26

Abstract:Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the challenge of remotely managing credentials between TEEs remains largely unaddressed in existing literature. In this work, we present novel protocols using mutual attestation for supporting four aspects of secure remote credential management with TEEs: backups, updates, migration, and revocation. The proposed protocols are agnostic to the underlying TEE implementation and subjected to formal verification using Scyther, which found no attacks.

Cryptography and Security

Fan Zhang,Sai Krishna Deepak Maram,Harjasleen Malvai,Steven Goldfeder,Ari Juels

DOI: https://doi.org/10.1145/3372297.3417239

2024-08-03

Abstract:Thanks to the widespread deployment of TLS, users can access private data over channels with end-to-end confidentiality and integrity. What they cannot do, however, is prove to third parties the {\em provenance} of such data, i.e., that it genuinely came from a particular website. Existing approaches either introduce undesirable trust assumptions or require server-side modifications. As a result, the value of users' private data is locked up in its point of origin. Users cannot export their data with preserved integrity to other applications without help and permission from the current data holder. We propose DECO (short for \underline{dec}entralized \underline{o}racle) to address the above problems. DECO allows users to prove that a piece of data accessed via TLS came from a particular website and optionally prove statements about such data in zero-knowledge, keeping the data itself secret. DECO is the first such system that works without trusted hardware or server-side modifications. DECO can liberate data from centralized web-service silos, making it accessible to a rich spectrum of applications. To demonstrate the power of DECO, we implement three applications that are hard to achieve without it: a private financial instrument using smart contracts, converting legacy credentials to anonymous credentials, and verifiable claims against price discrimination.

Cryptography and Security

Gianluca Scopelliti,Sepideh Pouyanrad,Job Noorman,Fritz Alder,Christoph Baumann,Frank Piessens,Jan Tobias Mühlberg

DOI: https://doi.org/10.1145/3592607

2023-06-29

Abstract:This paper presents an approach to provide strong assurance of the secure execution of distributed event-driven applications on shared infrastructures, while relying on a small Trusted Computing Base. We build upon and extend security primitives provided by Trusted Execution Environments (TEEs) to guarantee authenticity and integrity properties of applications, and to secure control of input and output devices. More specifically, we guarantee that if an output is produced by the application, it was allowed to be produced by the application's source code based on an authentic trace of inputs. We present an integrated open-source framework to develop, deploy, and use such applications across heterogeneous TEEs. Beyond authenticity and integrity, our framework optionally provides confidentiality and a notion of availability, and facilitates software development at a high level of abstraction over the platform-specific TEE layer. We support event-driven programming to develop distributed enclave applications in Rust and C for heterogeneous TEE, including Intel SGX, ARM TrustZone and Sancus. In this article we discuss the workings of our approach, the extensions we made to the Sancus processor, and the integration of our development model with commercial TEEs. Our evaluation of security and performance aspects show that TEEs, together with our programming model, form a basis for powerful security architectures for dependable systems in domains such as Industrial Control Systems and the Internet of Things, illustrating our framework's unique suitability for a broad range of use cases which combine cloud processing, mobile and edge devices, and lightweight sensing and actuation.

Cryptography and Security

Rabimba Karanjai,Rowan Collier,Zhimin Gao,Lin Chen,Xinxin Fan,Taeweon Suh,Weidong Shi,Lei Xu

DOI: https://doi.org/10.1145/3594556.3594626

2023-08-03

Abstract:Trusted execution environment (TEE) technology has found many applications in mitigating various security risks in an efficient manner, which is attractive for critical infrastructure protection. First, the natural of critical infrastructure requires it to be well protected from various cyber attacks. Second, performance is usually important for critical infrastructure and it cannot afford an expensive protection mechanism. While a large number of TEE-based critical infrastructure protection systems have been proposed to address various security challenges (e.g., secure sensing and reliable control), most existing works ignore one important feature, i.e., devices comprised the critical infrastructure may be equipped with multiple incompatible TEE technologies and belongs to different owners. This feature makes it hard for these devices to establish mutual trust and form a unified TEE environment. To address these challenges and fully unleash the potential of TEE technology for critical infrastructure protection, we propose DHTee, a decentralized coordination mechanism. DHTee uses blockchain technology to support key TEE functions in a heterogeneous TEE environment, especially the attestation service. A Device equipped with one TEE can interact securely with the blockchain to verify whether another potential collaborating device claiming to have a different TEE meets the security requirements. DHTee is also flexible and can support new TEE schemes without affecting devices using existing TEEs that have been supported by the system.

Cryptography and Security,Hardware Architecture

Xiaotong Zhou,Debiao He,Jianting Ning,Min Luo,Xinyi Huang

DOI: https://doi.org/10.1109/tifs.2022.3220030

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Edge computing is an emerging distributed computing concept that allows edge servers to provide authorized consumers with various on-demand services. Due to highly dynamic and untrustworthy network environments, various potential security concerns (e.g., unauthorized access, data manipulation, and privacy leakage) have been the critical factors restricting the development of edge computing. A recent heterogeneous framework proposed by Dougherty et al. (CCS’21), named APECS, deploys token-based authorization and multiple attribute-based encryption (MABE) to guarantee access control and data confidentiality. While APECS achieves a secure asynchronous access control without the “always-on” cloud, it suffers from privacy leakage (caused by the public identity information) and fake data spreading issues (due to the data confidentiality). In this paper, we propose an Anonymous and Auditable Distributed Access Control Framework for Edge Computing (AADEC) to relieve these issues. AADEC is based on two building blocks that we designed, namely a conditional anonymous authentication and an auditable MABE with optimized performance. We also define the formal security models and present security proofs for our proposal. The final qualitative comparison and performance benchmark demonstrate that AADEC can achieve a trade-off among anonymity, confidentiality, auditability and efficiency.

Linan Tian,Yunke Shen,Zhiqiang Li

2024-07-04

Abstract:Trusted Execution Environments (TEEs), such as Intel Software Guard Extensions (SGX), ensure the confidentiality and integrity of user applications when using cloud computing resources. However, in the multi-party cloud computing scenario, how to select a Relying Party to verify the TEE of each party and avoid leaking sensitive data to each other remains an open question. In this paper, we propose SRAS, an open self-governed remote attestation scheme with attestation and verification functions for verifying the trustworthiness of TEEs and computing assets, achieving decentralized unified trusted attestation and verification platform for multi-party cloud users. In SRAS, we design a Relying Party enclave, which can form a virtual verifiable network, capable of local verification on behalf of other participants relying parties without leaking sensitive data to others. We provide an open-source prototype implementation of SRAS to facilitate the adoption of this technology by cloud users or developers.

Cryptography and Security

Gabriel P. Fernandez,Andrey Brito,Ardhi Putra Pratama Hartono,Muhammad Usama Sardar,Christof Fetzer

DOI: https://doi.org/10.48550/arXiv.2311.06154

2023-11-11

Abstract:Our objective is to protect the integrity and confidentiality of applications operating in untrusted environments. Trusted Execution Environments (TEEs) are not a panacea. Hardware TEEs fail to protect applications against Sybil, Fork and Rollback Attacks and, consequently, fail to preserve the consistency and integrity of applications. We introduce a novel system, LLD, that enforces the integrity and consistency of applications in a transparent and scalable fashion. Our solution augments TEEs with instantiation control and rollback protection. Instantiation control, enforced with TEE-supported leases, mitigates Sybil/Fork Attacks without incurring the high costs of solving crypto-puzzles. Our rollback detection mechanism does not need excessive replication, nor does it sacrifice durability. We show that implementing these functionalities in the LLD runtime automatically protects applications and services such as a popular DBMS.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Jämes Ménétrey,Aeneas Grüter,Peterson Yuhala,Julius Oeftiger,Pascal Felber,Marcelo Pasin,Valerio Schiavoni

DOI: https://doi.org/10.4230/LIPIcs.OPODIS.2023.23

2023-12-02

Abstract:Publish/subscribe systems play a key role in enabling communication between numerous devices in distributed and large-scale architectures. While widely adopted, securing such systems often trades portability for additional integrity and attestation guarantees. Trusted Execution Environments (TEEs) offer a potential solution with enclaves to enhance security and trust. However, application development for TEEs is complex, and many existing solutions are tied to specific TEE architectures, limiting adaptability. Current communication protocols also inadequately manage attestation proofs or expose essential attestation information. This paper introduces a novel approach using WebAssembly to address these issues, a key enabling technology nowadays capturing academia and industry attention. We present the design of a portable and fully attested publish/subscribe middleware system as a holistic approach for trustworthy and distributed communication between various systems. Based on this proposal, we have implemented and evaluated in-depth a fully-fledged publish/subscribe broker running within Intel SGX, compiled in WebAssembly, and built on top of industry-battled frameworks and standards, i.e., MQTT and TLS protocols. Our extended TLS protocol preserves the privacy of attestation information, among other benefits. Our experimental results showcase most overheads, revealing a 1.55x decrease in message throughput when using a trusted broker. We open-source the contributions of this work to the research community to facilitate experimental reproducibility.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Anjia Yang,Jian Weng,Kan Yang,Cheng Huang,Xuemin Shen

DOI: https://doi.org/10.1109/tits.2020.3024000

IF: 8.5

2020-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Secure and efficient access authentication is one of the most important security requirements for vehicular networks, but it is difficult to fulfill due to potential security attacks and long authentication delay caused by high vehicle mobility, etc. Most of the existing authentication protocols, either do not consider attacks like single point of failure or do not focus on reducing authentication delay. To address these issues, we introduce an edge-assisted decentralized authentication (EADA) architecture, which provides secure and more communication-efficient authentication by enabling an authentication server to delegate its authentication capability to distributed edge nodes (ENs) such as roadside units (RSUs) and base stations (BSs). Under the architecture, we propose a threshold mutual authentication protocol that supports fast handover, which involves two scenarios, Auth-I and Auth-II. Auth-I only happens once when a vehicle tries to access the network for the first time, while Auth-II happens when a vehicle seamlessly roams between two ENs, i.e., handover. Specifically, for Auth-I, each vehicle can be cooperatively authenticated by $t$ out of $n$ ENs with identity-based signature techniques to obtain an authentication token and the involved ENs can be efficiently authenticated in a batch by the vehicle. For Auth-II, the vehicle can utilize the token as its private credential to achieve fast handover based on identity-based signature without interacting with multiple ENs, which further reduces the authentication delay significantly. In addition, we design a flexible method to support dynamic joining and leaving of ENs without the assistance of a trusted center. We demonstrate that the proposed protocol is secure and efficient through security analysis and performance evaluation.

Weili Han,Min Xu,Weidong Zhao,Guofu Li

DOI: https://doi.org/10.1016/j.jnca.2009.12.012

IF: 7.574

2009-01-01

Journal of Network and Computer Applications

Abstract:This paper proposes a trusted decentralized access control (TDAC) framework for the client/server architecture. As the fundamental principle, TDAC enforces access control policies at the client side and protects sensitive objects at the server side by leveraging trusted computing technologies. Compared with the previous work of Sandhu and Zhang (2005), TDAC uses fewer requirements for trusted components. To implement TDAC, we design a private trusted reference monitor that runs at the client side, evaluates an access control request, and signs a temporary access control credential for a client application trustworthily; we also design a master reference monitor that runs at the server side, evaluates the request from the client application only according to the temporary access control credential. As a typical application, TDAC can protect client's private context data in subject-context aware access control.

Mathias Morbitzer

DOI: https://doi.org/10.48550/arXiv.1907.09906

2019-07-23

Abstract:Data hosted in a cloud environment can be subject to attacks from a higher privileged adversary, such as a malicious or compromised cloud provider. To provide confidentiality and integrity even in the presence of such an adversary, a number of Trusted Execution Environments (TEEs) have been developed. A TEE aims to protect data and code within its environment against high privileged adversaries, such as a malicious operating system or hypervisor. While mechanisms exist to attest a TEE's integrity at load time, there are no mechanisms to attest its integrity at runtime. Additionally, work also exists that discusses mechanisms to verify the runtime integrity of programs and system components. However, those verification mechanisms are themselves not protected against attacks from a high privileged adversary. It is therefore desirable to combine the protection mechanisms of TEEs with the ability of application runtime integrity verification. In this paper, we present Scanclave, a lightweight design which achieves three design goals: Trustworthiness of the verifier, a minimal trusted software stack and the possibility to access an application's memory from a TEE. Having achieved our goals, we are able to verify the runtime integrity of applications even in the presence of a high privileged adversary. We refrain from discussing which properties define the runtime integrity of an application, as different applications will require different verification methods. Instead, we show how Scanclave enables a remote verifier to determine the runtime integrity of an application. Afterwards, we perform a security analysis for the different steps of our design. Additionally, we discuss different enclave implementations that might be used for the implementation of Scanclave.

Cryptography and Security

Raymond Cheng,Fan Zhang,Jernej Kos,Warren He,Nicholas Hynes,Noah Johnson,Ari Juels,Andrew Miller,Dawn Song

DOI: https://doi.org/10.48550/arXiv.1804.05141

2018-04-14

Cryptography and Security

Abstract:Smart contracts are applications that execute on blockchains. Today they manage billions of dollars in value and motivate visionary plans for pervasive blockchain deployment. While smart contracts inherit the availability and other security assurances of blockchains, however, they are impeded by blockchains' lack of confidentiality and poor performance. We present Ekiden, a system that addresses these critical gaps by combining blockchains with Trusted Execution Environments (TEEs). Ekiden leverages a novel architecture that separates consensus from execution, enabling efficient TEE-backed confidentiality-preserving smart-contracts and high scalability. Our prototype (with Tendermint as the consensus layer) achieves example performance of 600x more throughput and 400x less latency at 1000x less cost than the Ethereum mainnet. Another contribution of this paper is that we systematically identify and treat the pitfalls arising from harmonizing TEEs and blockchains. Treated separately, both TEEs and blockchains provide powerful guarantees, but hybridized, though, they engender new attacks. For example, in naive designs, privacy in TEE-backed contracts can be jeopardized by forgery of blocks, a seemingly unrelated attack vector. We believe the insights learned from Ekiden will prove to be of broad importance in hybridized TEE-blockchain systems.

Rowdy Chotkan,Bart Cox,Vincent Rahli,Jérémie Decouchant

2024-08-15

Abstract:Reliable communication is a fundamental distributed communication abstraction that allows any two nodes of a network to communicate with each other. It is necessary for more powerful communication primitives, such as broadcast and consensus. Using different authentication models, two classical protocols implement reliable communication in unknown and sufficiently connected networks. In the first one, network links are authenticated, and processes rely on dissemination paths to authenticate messages. In the second one, processes generate digital signatures that are flooded in the network. This work considers the hybrid system model that combines authenticated links and authenticated processes. We additionally aim to leverage the possible presence of trusted nodes and trusted components in networks, which have been assumed in the scientific literature and in practice. We first extend the two classical reliable communication protocols to leverage trusted nodes. We then propose DualRC, a novel algorithm that enables reliable communication in the hybrid authentication model by manipulating both dissemination paths and digital signatures, and leverages the possible presence of trusted nodes (e.g., network gateways) and trusted components (e.g., Intel SGX enclaves). We provide correctness verification algorithms to assess whether our algorithms implement reliable communication for all nodes on a given network.

Distributed, Parallel, and Cluster Computing

Nguyen Truong,Gyu Myoung Lee,Kai Sun,Florian Guitton,YiKe Guo

DOI: https://doi.org/10.1016/j.future.2021.05.025

IF: 7.307

2021-11-01

Future Generation Computer Systems

Abstract:<p>Blockchain technology has been envisaged to commence an era of decentralised applications and services (DApps) without the need for a trusted intermediary. Such DApps open a marketplace in which services are delivered to end-users by contributors which are then incentivised by cryptocurrencies in an automated, peer-to-peer, and trustless fashion. However, blockchain, consolidated by smart contracts, only ensures on-chain data security, autonomy and integrity of the business logic execution defined in smart contracts. It cannot guarantee the quality of service of DApps, which entirely depends on the services' performance. Thus, there is a critical need for a trust system to reduce the risk of dealing with fraudulent counterparts in a blockchain network. These reasons motivate us to develop a fully decentralised trust framework deployed on top of a blockchain platform, operating along with DApps in the marketplace to demoralise deceptive entities while encouraging trustworthy ones. The trust system works as an underlying decentralised service providing a feedback mechanism for end-users and maintaining trust relationships among them in the ecosystem accordingly. We believe this research fortifies the DApps ecosystem by introducing an universal trust middleware for DApps as well as shedding light on the implementation of a decentralised trust system.</p>

Hao Xu,Xun Liu,Qinghai Zeng,Qiang Li,Shibin Ge,Guohua Zhou,Raymond Forbes

2023-03-30

Abstract:Radio Access Network faces challenges from privacy and flexible wide area and local area network access. RAN is limited from providing local service directly due to centralized design of cellular network and concerns of user privacy and data security. DecentRAN or Decentralized Radio Access Network offers an alternative perspective to cope with the emerging demands of 5G Non-public Network and the hybrid deployment of 5GS and Wi-Fi in the campus network. Starting from Public key as an Identity, independent mutual authentication between UE and RAN are made possible in a privacy-preserving manner. With the introduction of decentralized architecture and network functions using blockchain and smart contracts, DecentRAN has ability to provide users with locally managed, end-to-end encrypted 5G NPN and the potential connectivity to Local Area Network via campus routers. Furthermore, the performance regarding throughput and latency are discussed, offering the deployment guidance for DecentRAN.

Cryptography and Security,Networking and Internet Architecture,Systems and Control

Arnab Chatterjee,Yash Pitroda,Manojkumar Parmar

DOI: https://doi.org/10.48550/arXiv.2002.05547

2020-02-13

Cryptography and Security

Abstract:Access control management is an integral part of maintaining the security of an application. Although there has been significant work in the field of cloud access control mechanisms, however, with the advent of Distributed Ledger Technology (DLT), on-chain access control management frameworks hardly exist. Existing access control management mechanisms are tightly coupled with the business logic, resulting in governance issues, non-coherent with existing Identity Management Solutions, low security, and compromised usability. We propose a novel framework to implement dynamic role-based access control for decentralized applications (dApps). The framework allows for managing access control on a dApp, which is completely decoupled from the business application and integrates seamlessly with any dApps. The smart contract architecture allows for the independent management of business logic and execution of access control policies. It also facilitates secure, low cost, and a high degree of flexibility of access control management. The proposed framework promotes decentralized governance of access control policies and efficient smart contract upgrades. We also provide quantitative and qualitative metrics for the efficacy and efficiency of the framework. Any Turing complete smart contract programming language is an excellent fit to implement the framework. We expect this framework to benefit enterprise and non-enterprise dApps and provide greater access control flexibility and effective integration with traditional and state of the art identity management solutions.

Robert Abela,Christian Colombo,Axel Curmi,Mattea Fenech,Mark Vella,Angelo Ferrando

DOI: https://doi.org/10.4204/EPTCS.391.7

2023-10-04

Abstract:Autonomous and robotic systems are increasingly being trusted with sensitive activities with potentially serious consequences if that trust is broken. Runtime verification techniques present a natural source of inspiration for monitoring and enforcing the desirable properties of the communication protocols in place, providing a formal basis and ways to limit intrusiveness. A recently proposed approach, RV-TEE, shows how runtime verification can enhance the level of trust to the Rich Execution Environment (REE), consequently adding a further layer of protection around the Trusted Execution Environment (TEE). By reflecting on the implication of deploying RV in the context of trustworthy computing, we propose practical solutions to two threat models for the RV-TEE monitoring process: one where the adversary has gained access to the system without elevated privileges, and another where the adversary gains all privileges to the host system but fails to steal secrets from the TEE.

Cryptography and Security,Robotics