trusted execution environment
Recently Published Documents


TOTAL DOCUMENTS

104
(FIVE YEARS 81)

H-INDEX

6
(FIVE YEARS 2)

2022 ◽  
Vol 8 (2) ◽  
pp. 1-35
Author(s):  
Fumiyuki Kato ◽  
Yang Cao ◽  
Mastoshi Yoshikawa

Existing Bluetooth-based private contact tracing (PCT) systems can privately detect whether people have come into direct contact with patients with COVID-19. However, we find that the existing systems lack functionality and flexibility , which may hurt the success of contact tracing. Specifically, they cannot detect indirect contact (e.g., people may be exposed to COVID-19 by using a contaminated sheet at a restaurant without making direct contact with the infected individual); they also cannot flexibly change the rules of “risky contact,” such as the duration of exposure or the distance (both spatially and temporally) from a patient with COVID-19 that is considered to result in a risk of exposure, which may vary with the environmental situation. In this article, we propose an efficient and secure contact tracing system that enables us to trace both direct contact and indirect contact. To address the above problems, we need to utilize users’ trajectory data for PCT, which we call trajectory-based PCT . We formalize this problem as a spatiotemporal private set intersection that satisfies both the security and efficiency requirements. By analyzing different approaches such as homomorphic encryption, which could be extended to solve this problem, we identify the trusted execution environment (TEE) as a candidate method to achieve our requirements. The major challenge is how to design algorithms for a spatiotemporal private set intersection under the limited secure memory of the TEE. To this end, we design a TEE-based system with flexible trajectory data encoding algorithms. Our experiments on real-world data show that the proposed system can process hundreds of queries on tens of millions of records of trajectory data within a few seconds.


2022 ◽  
Vol 15 (1) ◽  
pp. 1-26
Author(s):  
Mathieu Gross ◽  
Konrad Hohentanner ◽  
Stefan Wiehler ◽  
Georg Sigl

Isolated execution is a concept commonly used for increasing the security of a computer system. In the embedded world, ARM TrustZone technology enables this goal and is currently used on mobile devices for applications such as secure payment or biometric authentication. In this work, we investigate the security benefits achievable through the usage of ARM TrustZone on FPGA-SoCs. We first adapt Microsoft’s implementation of a firmware Trusted Platform Module (fTPM) running inside ARM TrustZone for the Zynq UltraScale+ platform. This adaptation consists in integrating hardware accelerators available on the device to fTPM’s implementation and to enhance fTPM with an entropy source derived from on-chip SRAM start-up patterns. With our approach, we transform a software implementation of a TPM into a hybrid hardware/software design that could address some of the security drawbacks of the original implementation while keeping its flexibility. To demonstrate the security gains obtained via the usage of ARM TrustZone and our hybrid-TPM on FPGA-SoCs, we propose a framework that combines them for enabling a secure remote bitstream loading. The approach consists in preventing the insecure usages of a bitstream reconfiguration interface that are made possible by the manufacturer and to integrate the interface inside a Trusted Execution Environment.


Author(s):  
Ron Stajnrod ◽  
Raz Ben Yehuda ◽  
Nezer Jacob Zaidenberg

AbstractARM TrustZone offers a Trusted Execution Environment (TEE) embedded into the processor cores. Some vendors offer ARM modules that do not fully comply with TrustZone specifications, which may lead to vulnerabilities in the system. In this paper, we present a DMA attack tutorial from the insecure world onto the secure world, and the design and implementation of this attack in a real insecure hardware.


Author(s):  
Shoei Nashimoto ◽  
Daisuke Suzuki ◽  
Rei Ueno ◽  
Naofumi Homma

RISC-V is equipped with physical memory protection (PMP) to prevent malicious software from accessing protected memory regions. PMP provides a trusted execution environment (TEE) that isolates secure and insecure applications. In this study, we propose a side-channel-assisted fault-injection attack to bypass isolation based on PMP. The proposed attack scheme involves extracting successful glitch parameters for fault injection from side-channel information under crossdevice conditions. A proof-of-concept TEE compatible with PMP in RISC-V was implemented, and the feasibility and effectiveness of the proposed attack scheme was validated through experiments in TEEs. The results indicate that an attacker can bypass the isolation of the TEE and read data from the protected memory region In addition, we experimentally demonstrate that the proposed attack applies to a real-world TEE, Keystone. Furthermore, we propose a software-based countermeasure that prevents the proposed attack.


2021 ◽  
Vol 3 (1) ◽  
Author(s):  
Luigi Coppolino ◽  
Luigi Sgaglione ◽  
Salvatore D’Antonio ◽  
Mario Magliulo ◽  
Luigi Romano ◽  
...  

AbstractThe approach presented in this paper provides effective protection of critical business processes by applying advanced SIEM technology in a rigorous fashion, based on the results of accurate risk assessment. The proposed SIEM tool advances the State of The Art of the technology along two axes, specifically: privacy and integrity. The advancements are achieved via combined use of two of the most promising technologies for trusted computing, namely: Trusted Execution Environment (TTE) and Homomorphic Encryption (HE). The approach is validated with respect to a real use case of a Smart Hospital (i.e., one where IT is massively used), with challenging security requirements. The use case is contributed by one of the major public hospitals in Italy. Experiments demonstrate that, by relying on continuous monitoring of security relevant events and advanced correlation techniques, the SIEM solution proposed in this work effectively protects the critical workflows of the hospital business processes from cyber-attacks with high impact (specifically: serious harm to or even death of the patient).


2021 ◽  
Author(s):  
Luyi Kang ◽  
Yuqi Xue ◽  
Weiwei Jia ◽  
Xiaohao Wang ◽  
Jongryool Kim ◽  
...  

Sign in / Sign up

Export Citation Format

Share Document