Privacy-Preserving with Intel SGX
Keywords: Secure computing, Privacy, Trusted Execution, Intel SGX (Software Guard Extensions)
Introduction:
In the last few years, the usage of smart devices has been increased, these smart devices which are also known as the Internet of Things (IoT) give solutions and used for communication protocols towards a range of more open systems. As it becomes more famous various development introduced in the field of IoT, numerous IoT middleware solutions are now available, with the vision of binding together and coordinating a wide diversity of sensors and actuators. All these systems are not only allied but also offer various features. An IoT thing sends an event to the system, which triggers some action depending on predefined conditions. All such functions require a large amount of well-trained data and it comes under deep learning. Deep learning is extensively used at learning non-learning features from complex data and widely used in image recognition, feature extraction, classification, and prediction. Yet these opportunities come with some challenges related to data security and privacy. Security and privacy concerns are growing because of the accessibility of big data; the collection of heterogeneous data is more convenient nowadays. [1] Yet these opportunities come with some challenges related to data security and privacy. The challenges come with the lack of effective tools and approaches for securing the large datasets. Leakage of private data is caused by network attacks or eavesdropping tricks yet these opportunities come with some challenges related to data security and privacy. [2] Although there is numerous research has been done in this context, trust is not adequate, more research is requiring in this topic. Encryption algorithms play an essential role in information security systems. For security, several techniques have been introduced to solve the problem, Intel added a set of CPU instructions called SGX to their processors based on skylake microarchitecture the creation of a TEE, called an enclave. In my recent article we explained about the one of the type on Homomorphic encryption called FHM fully homomorphic encryption, in this article we will try to cover a privacy preserving technique Intel SGX, used for secure computation in cloud computing and also in Iot devices.
In SGX it is a set of security-related code in which it instructs to allow the so-called enclaves, which is consist of encrypted memory. All the code and data inside an enclave are secured and cannot be accessed by other third party processors. SGX is the latest technology that gives secure computation on untrusted, remote platforms. SGX gives a secure computation during execution include VC3, which is a secure scheme for distributed MapReduce computations. To use the SGX feature user must need to turn on through their motherboard settings on a supported system. In SGX no mechanism to execute the containing the enclave. The secret must be created and loaded into the enclave. The requests from an enclave are made by using a method known as bridge functions. Such functions are publically available, so the enclave code needs to verify any data it receives and also the validity of a data, thus it is known as Trusted Computing Base (TCB). After a built of the enclave, TCB is generated for a unique key to perform. This unique key will perform encryption on sensitive enclave data which is available on a disk. Intel SGX also offers remote assistance which allows to establish a secure communication network between enclaves and clients. There are also few limitations in SGX and face a series of challenges from software seclusion thought on which tool is based. Such limitations are due to the usage of dynamic libraries and the incompetence to perform system calls such as input-output operations. To overcome such a problem must use the bridge functions. Nowadays many software are taking advantage of using the SGX technique, which includes [3] data analytics, [4] network routing, and [5] application containerization. To make it more understandable we will use fig 2 to explain the mechanism of intel SGX and compare with AMD SEV.
[7] In fig 2 left side shows the mechanism of Intel SGX, it allows the software to access the confidential data inside the enclave. There is no chance for an attacker to get physical access to the machine that cannot interfere with the application data without being noticed. The CPU package represents a security boundary.
Conclusion
In this article, we focused on Operating system based technique known as Intel SGX, whereas we discussed the security issues and limitation of its model, also IoT middleware using Intel SGX. Such type of systems can solve important security issues inherent to cloud computing. In last part we discussed the limitation and also discussed to overcome such problems.
Reference:
[1] Zheng Yan, Peng Zhang, and Athanasios V Vasilakos. 2014. A survey on trust management for Internet of Things. Journal of network and computer applications 42 (2014), 120–134.
[2] Alessio Botta, Walter De Donato, Valerio Persico, and Antonio Pescapé. 2016. Integration of cloud computing and internet of things: a survey. Future Generation Computer Systems 56 (2016), 684–700
[3] Rafael Pires, Daniel Gavril, Pascal Felber, Emanuel Onica, and Marcelo Pasin. 2017. A lightweight MapReduce framework for secure processing with SGX. In Proceedings of the 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid ’17). IEEE Press, Piscataway, NJ, USA, 1100–1107. https://doi.org/10.1109/CCGRID.2017.129
[4] Ben Francis. 2019. Web Thing API. Retrieved August 29, 2019 from https: //iot.mozilla.org/wot/..
[5] Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’Keeffe, Mark L. Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16). USENIX Association, Savannah, GA, 689–703. https://doi.org/10.5281/zenodo. 163059
[6] Joseph Sobchuk, Sean R. O’Melia, Roger I. Khazan Published 2018,Computer Science,2018 IEEE 17th International Symposium on Network Computing and Applications (NCA)
[7] Göttel, Christian, et al. “Security, performance and energy trade-offs of hardware-assisted memory protection mechanisms.” 2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS). IEEE, 2018.
[8] Gremaud, Pascal, Arnaud Durand, and Jacques Pasquier. “Privacy-Preserving IoT Cloud Data Processing Using SGX.” Proceedings of the 9th International Conference on the Internet of Things. 2019.
[9] Gremaud, Pascal, Arnaud Durand, and Jacques Pasquier. “A secure, privacy-preserving IoT middleware using intel SGX.” Proceedings of the Seventh International Conference on the Internet of Things. 2017.
