Abstract
Edge devices are increasingly in charge of storing privacy-sensitive data, in particular implantables, wearables, and nearables can potentially collect and process high-resolution vital signs 24/7. Storing and performing computations over such data in a privacy-preserving fashion is of paramount importance. We present KeVlar-Tz, an application-level trusted cache designed to leverage Arm TrustZone, a popular trusted execution environment available in consumer-grade devices. To facilitate the integration with existing systems and IoT devices and protocols, KeVlar-Tz exposes a REST-based interface with connection endpoints inside the TrustZone enclave. Furthermore, it exploits the on-device secure persistent storage to guarantee durability of data across reboots. We fully implemented KeVlar-Tz on top of the Op-Tee framework, and experimentally evaluated its performance. Our results showcase performance trade-offs, for instance in terms of throughput and latency, for various workloads, and we believe our results can be useful for practitioners and in general developers of systems for TrustZone. KeVlar-Tz is available as open-source at https://github.com/mqttz/kevlar-tz/.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
ARM TrustZone Developer. https://developer.arm.com/technologies/trustzone. Accessed 15 Feb 2021
TEE Client API Specification v1.0 (GPD\_SPE\_007). https://globalplatform.org/specs-library/tee-client-api-specification/. Accessed 15 Feb 2021
TEE Internal Core API Specification v1.2.1 (GPD\_SPE\_010). https://globalplatform.wpengine.com/specs-library/tee-internal-core-api-specification-v1-2/. Accessed 15 Feb 2021
Digital impact how technology is accelerating global problem solving (2018). https://www.cisco.com/c/dam/assets/csr/pdf/Digital-Impact-Playbook.pdf
AWS Nitro Enclaves (2021). https://aws.amazon.com/ec2/nitro/nitro-enclaves/
Confidential VM and Compute Engine (2021). https://cloud.google.com/compute/confidential-vm/docs/about-cvm
Global platform (2021). http://www.globalplatform.org
OP-TEE Secure Storage API (2021). https://optee.readthedocs.io/en/latest/architecture/secure_storage.html
Wearable computing devices market - growth, trends, COVID-19 impact, and forecasts (2021–2026) (2021). https://www.researchandmarkets.com/reports/4787502/wearable-computing-devices-market-growth
Alves, T., Felton, D.: TrustZone: integrated hardware and software security. ARM Inf. Q. 3(4), 18–24 (2004)
Amacher, J., Schiavoni, V.: On the performance of ARM TrustZone. In: Pereira, J., Ricci, L. (eds.) DAIS 2019. LNCS, vol. 11534, pp. 133–151. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22496-7_9
Bennett, T.R., Wu, J., Kehtarnavaz, N., Jafari, R.: Inertial measurement unit-based wearable computers for assisted living applications: a signal processing perspective. IEEE Sig. Process. Mag. 33(2), 28–35 (2016)
Cao, Z., Dong, S., Vemuri, S., Du, D.H.C.: Characterizing, modeling, and benchmarking RocksDB key-value workloads at Facebook. In: Proceedings of USENIX FAST 20, pp. 209–223. USENIX Association (2020)
Chaudhuri, S., Pawar, T.D., Duttagupta, S.: Ambulation Analysis in Wearable ECG. Springer, Heidelberg (2009). https://doi.org/10.1007/978-1-4419-0724-0
Chételat, O., et al.: Clinical validation of LTMS-S: a wearable system for vital signs monitoring. In: Proceedings of IEEE EMBC 2015, pp. 3125–3128 (2015)
Costan, V., Devadas, S.: IntelSGX explained. IACR Cryptol. ePrint Arch. 2016(86), 1–118 (2016)
Coyle, S., Curto, V.F., Benito-Lopez, F., Florea, L., Diamond, D.: Wearable bio and chemical sensors. In: Wearable Sensors, pp. 65–83. Elsevier (2014)
Delgado-Gonzalo, R., et al.: Human energy expenditure models: beyond state-of-the-art commercialized embedded algorithms. In: Duffy, V.G. (ed.) DHM 2014. LNCS, vol. 8529, pp. 3–14. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07725-3_1
Delgado-Gonzalo, R., et al.: Physical activity. In: Tamura, T., Chen, W. (eds.) Seamless Healthcare Monitoring, pp. 413–455. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-69362-0_14
Farahani, S.: ZigBee Wireless Networks and Transceivers. Newnes, Oxford (2011)
Faraone, A., Delgado-Gonzalo, R.: Convolutional-recurrent neural networks on low-power wearable platforms for cardiac arrhythmia detection. In: Proceedings of IEEE AICAS 2020, pp. 153–157 (2020)
Gentilal, M., Martins, P., Sousa, L.: TrustZone-backed bitcoin wallet. In: Proceedings of CS2 2017, pp. 25–28 (2017)
Gentry, C., et al.: A Fully Homomorphic Encryption Scheme, vol. 20. Stanford University, Stanford (2009)
Gokhale, S., Agrawal, N., Noonan, S., Ungureanu, C.: KVZone and the search for a write-optimized key-value store. In: HotStorage (2010)
Göttel, C., et al.: Security, performance and energy trade-offs of hardware-assisted memory protection mechanisms. In: Proceedings of SRDS 2018, pp. 133–142. IEEE (2018)
Halevi, S., Shoup, V.: Design and implementation of a homomorphic-encryption library. IBM Res. (Manuscr.) 6(12–15), 8–36 (2013)
Han, J., Haihong, E., Le, G., Du, J.: Survey on NoSQL database. In: Proceedings of PerCom 2011, pp. 363–366. IEEE (2011)
Havet, A., Pires, R., Felber, P., Pasin, M., Rouvoy, R., Schiavoni, V.: SecureStreams: a reactive middleware framework for secure data stream processing. In: Proceedings of ACM DEBS 2017, DEBS ’17, pp. 124–133. Association for Computing Machinery (2017)
Jouppi, N.P.: Cache write policies and performance. ACM SIGARCH Comput. Archit. News 21(2), 191–201 (1993)
Kaplan, D., Powell, J., Woller, T.: AMD memory encryption. White paper (2016)
Lee, D., Kohlbrenner, D., Shinde, S., Asanović, K., Song, D.: Keystone: an open framework for architecting trusted execution environments. In: Proceedings of EuroSys 2020, pp. 1–16 (2020)
Lee, W.S., Hong, S.H.: Implementation of a KNX-ZigBee gateway for home automation. In: Proceedings of IEEE ICCE 2009, ISCE’09, pp. 545–549. IEEE (2009)
Li, Y., Hong, S.H.: BACnet-EnOcean smart grid gateway and its application to demand response in buildings. Energy Build. 78, 183–191 (2014)
Lin, H., Bergmann, N.W.: IoT privacy and security challenges for smart home environments. Information 7(3), 44 (2016)
Padalalu, P., Mahajan, S., Dabir, K., Mitkar, S., Javale, D.: Smart water dripping system for agriculture/farming. In: Proceedings of I2CT 2017, pp. 659–662. IEEE (2017)
Park, H., Zhai, S., Lu, L., Lin, F.X.: StreamBox-TZ: secure stream analytics at the edge with TrustZone. In: Proceedings of USENIX ATC 2019, pp. 537–554. USENIX Association (2019)
Pinto, S., Santos, N.: Demystifying arm TrustZone: a comprehensive survey. ACM Comput. Surv. (CSUR) 51(6), 1–36 (2019)
Reddy, A.K., Paramasivam, P., Vemula, P.B.: Mobile secure data protection using eMMC RPMB partition. In: Proceedings of CoCoNet 2015, pp. 946–950. IEEE (2015)
Sasaki, T., Tomita, K., Hayaki, Y., Liew, S.P., Yamagaki, N.: Secure IoT device architecture using TrustZone. In: Proceedings of IEEE SECON 2020, pp. 1–6 (2020)
Segarra, C., Delgado-Gonzalo, R., Schiavoni, V.: MQT-TZ: hardening IoT brokers using ARM TrustZone. In: Proceedings of SRDS 2020 (2020)
Segarra, C., Delgado-Gonzalo, R., Lemay, M., Aublin, P.-L., Pietzuch, P., Schiavoni, V.: Using trusted execution environments for secure stream processing of medical data. In: Pereira, J., Ricci, L. (eds.) DAIS 2019. LNCS, vol. 11534, pp. 91–107. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22496-7_6
Tamura, T., Maeda, Y., Sekine, M., Yoshida, M.: Wearable photoplethysmographic sensors–past and present. Electronics 3(2), 282–302 (2014)
Wan, S., Sun, M., Sun, K., Zhang, N., He, X.: RusTEE: developing memory-safe ARM TrustZone applications. In: Proceedings of ACSAC 2020, ACSAC ’20, pp. 442–453. Association for Computing Machinery (2020)
Zhang, N., Sun, K., Lou, W., Hou, Y.T.: CaSE: cache-assisted secure execution on ARM processors. In: Proceedings of IEEE SP 2016, pp. 72–90 (2016)
Acknowledgements
This work is supported in part by Moore4Medical, which has received funding within the Electronic Components and Systems for European Leadership Joint Undertaking (ECSEL JU) in collaboration with the European Union’s H2020 framework Programme (H2020/2014-2020) and National Authorities, under grant agreement H2020-ECSEL-2019-IA-876190. Moreover, this project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 766733.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 IFIP International Federation for Information Processing
About this paper
Cite this paper
Benedito, O., Delgado-Gonzalo, R., Schiavoni, V. (2021). KeVlar-Tz: A Secure Cache for Arm TrustZone. In: Matos, M., Greve, F. (eds) Distributed Applications and Interoperable Systems. DAIS 2021. Lecture Notes in Computer Science(), vol 12718. Springer, Cham. https://doi.org/10.1007/978-3-030-78198-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-78198-9_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-78197-2
Online ISBN: 978-3-030-78198-9
eBook Packages: Computer ScienceComputer Science (R0)
