Conference PaperPDF Available

Decentralized IoT Data Management Using BlockChain and Trusted Execution Environment

Authors:

Abstract and Figures

Due to the centralization of authority in the management of data generated by IoT devices, there is a lack of transparency in how user data is being shared among third party entities. With the popularity of adoption of blockchain technology, which provide decentralized management of assets such as currency as seen in Bitcoin, we propose a decentralized system of data management for IoT devices where all data access permission is enforced using smart contracts and the audit trail of data access is stored in the blockchain. With smart contracts applications, multiple parties can specify rules to govern their interactions which is independently enforced in the blockchain without the need for a centralized system. We provide a framework that store the hash of the data in the blockchain and store the raw data in a secure storage platform using trusted execution environment (TEE). In particular, we consider Intel SGX as a part of TEE that ensure data security and privacy for sensitive part of the application (code and data). Keywords-IoT; Blockchain; SGX; P
Content may be subject to copyright.
Decentralized IoT Data Management Using BlockChain and Trusted Execution
Environment
Gbadebo Ayoade, Vishal Karande, Latifur Khan, and Kevin Hamlen
Department of Computer Science
University of Texas at Dallas, Richardson, Texas 75080
Email: (gbadebo.ayoade,vishal.karande,lkhan, hamlen)@utdallas.edu
Abstract
Due to the centralization of authority in the manage-
ment of data generated by IoT devices, there is a lack
of transparency in how user data is being shared among
third party entities. With the popularity of adoption of
blockchain technology, which provide decentralized man-
agement of assets such as currency as seen in Bitcoin,
we propose a decentralized system of data management
for IoT devices where all data access permission is en-
forced using smart contracts and the audit trail of data
access is stored in the blockchain. With smart contracts
applications, multiple parties can specify rules to govern
their interactions which is independently enforced in the
blockchain without the need for a centralized system. We
provide a framework that store the hash of the data in
the blockchain and store the raw data in a secure storage
platform using trusted execution environment (TEE). In
particular, we consider Intel SGX as a part of TEE that
ensure data security and privacy for sensitive part of the
application (code and data).
Keywords-IoT; Blockchain; SGX; Privacy
I. Introduction
With the advancement in embedded processors, actu-
ators, sensors and communication systems, everyday de-
vices are retrofitted with capabilities to communicate, com-
pute and complete automated tasks [1], [2]. For instance,
many of our everyday appliances have been retrofitted
with capabilities to connect to the Internet [3]. Such IoT
devices include smart pacemakers, heart rate monitors,
smart refrigerators, smart coffee makers, smart television,
smart home assistants, and smart door locks. By equipping
these devices with computational and communication ca-
pabilities, these devices collect and transmit large amount
of privacy related data [4]. For example, IoT devices such
as smart cameras, smart health monitoring devices [5] such
as heart rate monitors,glucose level monitors can reveal
privacy information about the users .
Due to the limited processing capabilities of IoT de-
vices [6], [7], IoT devices usually leverage externally con-
trolled third party service providers to perform additional
data processing. By transmitting sensitive user data to third
party services providers [1], users are forced to trust ser-
vice providers to enforce data protection and provide data
privacy guarantee. Unfortunately, service providers often
violate data privacy policies by using data collected from
users for unauthorized purposes [8]. This undue advantage
by service providers is based on centralized architecture
where trust in a third party system as a central authority
is required to manage user data. In order to eliminate
these imbalance in data access policy enforcement between
service providers and users, we propose a system of
decentralized data management using decentralized asset
management system based on Blockchain [9] and smart
contract technology [10].
With the advent of decentralized asset management sys-
tems as seen in finance sector which leverage blockchain
technology such as seen in Bitcoin [9], electronic fund
transfer can occur without the need for centralized elec-
tronic fund management system. With this technology,
money transfer can occur across international boundaries
without the bureaucracy of of centralized authorities. Due
to the decentralized nature of blockchain technology, pro-
posed applications [10] in various fields include automated
insurance management, supply chain management, decen-
tralized commercial data storage as seen in Filecoin [11].
For instance, Slock It [12] uses blockchain to provide
automated device sharing platform for IoT devices such
as smart locks.
By leveraging this decentralized architecture, we pro-
pose a system that limits the authority of centralized
data management systems. Blockchain technology [9] and
smart contracts [10] allow decentralized management of
data among untrusted parties called miners. Blockchain [9]
is a distributed ledger where transaction state integrity is
enforced by distributed consensus among decentralized un-
trusted parties. To enforce the integrity of the blockchain,
each current block generated by the miners must contain
a hash of the previous block in the blockchain Figure 2,
making it difficult to modify the transactions recorded in
the blockchain.
Smart contracts [13] are autonomous applications that
run within the blockchain. With smart contracts, we
provide a system where rules that govern interactions
among interested parties is enforced autonomously in the
blockchain network without a centralized trust. By leverag-
ing this capability, we can equip the users with the capacity
to control how their data is accessed and used since
smart contract provides them with equal data management
privilege. Furthermore, smart contracts executes in isolated
virtual machines on the miners infrastructure. By using
isolated virtual machines to run these smart contracts,
miners cannot modify application outcomes. With smart
contract and blockchain, we can provide data access audit
system to track data usage among the interested parties
leading to proper data access accountability.
All data stored in the blockchain has to be public for the
miners to be able to verify transactions [14]. Our proposed
system overcomes these challenge by storing the hash
of the encrypted data in the blockchain, while the main
data is encrypted and stored using trusted computing. By
leveraging trusted computing, we can verify the integrity
of the system used in our data storage. In our case,
we use trusted computing as implemented by Intel SGX
architecture.
By leveraging trusted execution environment based on
Intel SGX, we provide data protection from unauthorized
access from powerful adversaries. SGX offers hardware
level protection of user data by enforcing process isola-
tion by executing the programs in secure enclaves and
protecting the enclave’s memory pages by the CPU hard-
ware. These secure containers called enclaves are protected
from operating system, other processes and hypervisor
processes [15].
In this work, we make the following contribution.
We leverage blockchain platform to provide decen-
tralized IoT data access management.
We leverage smart contracts to provide equal data
access management privilege among IoT users and
IoT service providers.
We provide data storage using trusted execution en-
vironment(Intel SGX) for secure data storage.
We provide a full system implementation on real
blockchain platform using Ethereum smart contracts.
Sealed
IoT Data
Third Party
Application
Untrusted
Module
Trusted
Module
IoT Gateway
IoT Devices SGX Enabled Storage Platform
Smart
Contract
Distributed Hash Platform
BC: Block Chain BC1
BC2
Figure 1: A Simplified Architecture of IOT SM ARTCON-
TR ACT
The rest of the paper is organized as follows. §II
provides background on Blockchain, SGX and IoT system.
§III discusses the scope, case for blockchain and SGX and
challenges and solutions encountered in deploying SGX
based system. §IV provides the architecture of our system.
In §V, we describe our implementation approach and §VI
provides the evaluation of our approach. §VII and §VIII
provide discussion and related work respectively. Finally,
§IX concludes.
II. Background
A. Overview of Architecture
In this section, we discuss a brief overview of our
system components as shown in Figure 1. To provide de-
centralized management of data generated by IoT devices,
we store the hash of the encrypted data generated in the
blockchain and then store the data itself in an SGX enabled
storage system. As a result, the blockchain manages the
data access policy through the smart contract.
To access data, third party users will request permission
to access data from the blockchain by utilizing the smart
contract API. If request is granted, the hash of the data is
returned and used to retrieve data from the SGX platform.
Before the SGX platform retrieves that data from secure
storage, it will independently recheck the blockchain for
access permission before returning the data needed to the
third party user. The intuition for these two step check is to
ensure all access permission policy and authority is man-
aged by the smart contract executing in the blockchain. The
access check does not incur much overhead since access
check is a read operation which has a fast execution time
on the blockchain as we will later show in our evaluation
section. In this section, we provide more background on
the components of our IOT SM ARTCONTRACT system.
Block 1 Transactions
Tx root
Hash of Previous
Block header
Block 1 header
Block 2 Transactions
Tx root
Hash of Previous
Block header
Block 2 header
Block 3 Transactions
Tx root
Hash of Previous
Block header
Block 3 header
Figure 2: A BlockChain Data Structure
B. Internet of Things
With the increase in computational and communica-
tion capabilities and technological advancement in device
miniaturization, every day devices are granted capabili-
ties to sense and react to the environment through the
use of sensors and actuators. A typical IoT architecture
comprises of devices, sensors, actuators, IoT Hubs, IoT
Gateway and a cloud service provider.IoT devices are
devices with capability to sense and collect data which
can be transmitted on a connected network for storage or
further processing. IoT devices includes light bulbs, heart
rate monitors, smart cameras and many more. With the
IoT hub, different devices with disparate communication
protocol such zigbee or bluetooth can connect to the IoT
network. IoT networks includes IoT gateway which helps
to provide data aggregation on the client network. To
process the huge amount of data transmitted by the IoT
devices, cloud services are used to store and further process
the data.
C. BlockChain
Blockchain is a distributed ledger where the state of
its transactions is maintained by a distributed consensus
among untrusted entities without the need for a centralized
trusted third party authority. These decentralized entities
are called miners [16], [9]. By providing a proof of work,
the miners bundle confirmed transaction in blocks by
generating a hash of the current block which includes the
hash previous block as seen Figure 2. These proof of work
generation requires high computational CPU power, there-
fore protecting the blockchain from adversarial attacks.
The blockchain can store data and perform computa-
tions that can be executed by these decentralized entities
to determine the state of the blockchain in an autonomous
manner. These autonomous computations are called smart
contracts. By leveraging smart contracts, we provide a
system where decentralized data access policy control is
enforced without relying on third party service providers,
therefore ensuring continuous service delivery for IoT
system users. We implemented the smart contract using
Ethereum blockchain platform.
The Ethereum [10] smart contract is an implementation
of the smart contract with Turing complete computation.
The Ethereum smart contract is deployed in the blockchain
and can be executed by the miners to determine the state
of the program. By generating blocks, the miners can
autonomously ensure that the state of integrity of the
contract program.
In order to allow miners to run a deployed smart
contract, the contract owner will pay the miners some
fee called Ethereum gas. The higher the gas paid, the
faster the speed of getting the contract to execute and
generate confirmations on the blockchain. Because the
smart contracts also store data, contract owners will need
to provide gas for storage on the blockchain. In our case,
we limited the data stored on the blockchain by storing
only the the hash of the data and then encrypting the data
and storing on another system.
To interact with a smart contract, each smart contract
has a unique address in the blockchain. The address can be
used to retrieve the contract and then get the ABI (Abstract
Binary interface ) which provides the API of the contract.
By getting the smart contract API, a user can execute the
smart contract API to perform some computation.
D. Trusted Execution Environment
Recent advancements in embedded hardware technol-
ogy to support trusted execution environment (TEE) (e.g.,
TPM , ARM Trust Zone [17], AMD SVM [18]), Intel
SGX [19]) allow service providers to ensure confidential-
ity and integrity of data and computations by protecting
code and data within a secure region of computation.
Intel SGX is a trusted computing architecture intro-
duced in the new Intel Skylake processors. By providing a
new set of instructions which extends the X86 and X86 64
architectures, user level applications can provide confiden-
tiality and integrity without the trust of the underlying
Operating System. With these instructions, application
developers can create a secure and isolated containers
called enclave to protect security sensitive computations.
In particular, the memory content of an enclave is stored
inside a hardware protected memory region called as
Enclave Page Cache (EPC). By leveraging the Memory
Encryption Engine (MEE), all EPC pages are encrypted
and any access to them is restricted by the hardware.
Therefore, with SGX, applications can protect sensitive
and secret data and computations from attacks from high
privilege applications like the Operating system, hyper-
visors and System Management Mode.
III. Overview
A. Scope and Assumptions
The scope of this paper considers decentralization of
data access management using blockchain and data privacy
protection using Intel SGX. The main challenge is how to
establish trust between IoT service providers and the users
of IoT services. By leveraging smart contracts, we provide
a data access management system where users have equal
privilege in controlling how their data is shared or used.
With smart contracts, we can specify data access rules that
are autonomously enforced by untrusted third party entities
on the blockchain network. For our platform, we assume
all data is encrypted before transmission and all key
exchange is performed using asymmetric cryptographic
protocols [20]. In this paper we do not consider replay
attacks and denial of service attacks.
B. Threat Model
For our threat model, we consider the IoT data man-
agement service providers as untrusted entities since they
have full control over user data, which give them undue
advantage in how they use data or share user data with
other third party entities.
Furthermore, we consider all third party users who
request access to data to be untrusted. We assume all
non data owner may leak data or use it for unauthorized
purposes such as user’s email for direct marketing.
We consider adversaries that seek to compromise the
data storage cloud services by obtaining root privilege
access to low level system resources such as memory, hard
drives and Input/Output systems. These attackers employ
techniques that compromise highly privilege applications
such as Operating System and hyper-visors.
C. The Case of Using Blockchain for IoT data
management
Decentralized Trust. As users become more knowledge-
able of data privacy leakage and its consequences, users
may demand more control over how there data is being
used. By leveraging blockchain, IoT vendors and service
providers can provide services that users can trust since
the data management system is done in publicly verifiable
smart contracts program that run in the blockchain.
SmartContract Enforced Accountability. With smart
contracts, we can provide autonomous applications that
enforce interaction rules among the system users without
the need of centralized authority. Smart contracts allow
individual entities with varied interest to generate rules
IoT
Devices
IoT
Devices
IoT Gateway
SGX Enabled Storage Platform
Remote
Attestation
server
Sealed IoT
Data
Third Party
Application
Data
Communicator
Ecall/Ocall
Wrapper
Remote
attestation
Untrusted
Module
Trusted Module
Data sealing and
Unsealing
Key Manager
Integrity Checker
Contract Address
IoT Smart Contract
Blockchain
Write Hash of Data
to blockchain
Write (Encrypted
Data,Hash(Data))
Figure 3: A IOT SM ARTCONTRACT Architecture
that satisfy each participants interest. The rules are then
programmed into smart contracts which is then enforced
by the miners by independently verifying the state of
the contract. For example, in centralized access policy
management such Smartthings [1], [21], if a user grants
access or revoke access to their data, the user has to trust
the third party service provider to comply and enforce his
data restriction. With smart contracts, the users have equal
privilege on how the policy is enforced since the policy
enforcement is done by the miners on the blockchain
network.
Audit Trail Enforcement. By leveraging immutability of
blockchain ledger [9], we can provide immutable data
access history of users’ data. Since all entries in the
blockchain is cryptographically linked to previous blocks
generated on the blockchain, it is difficult for malicious
attackers to modify the blockchain entries.
IV. Architecture
As shown in Figure 3, IOTSMA RTCONTRACT consists
of three main components which includes the IoT client
network, the smart contract and the secure SGX module.
The Client IoT network consist of all the IoT devices, the
IoT gateway which connects the devices to the external
network.
A. Smart Contract Component
As shown in algorithm 1, The Smart contract provides
the decentralized access control policy to user data in form
of Ethereum smart contract that executes in the blockchain.
As a result of the limited data storage and fees required
to store data in the smart contract, the smart contract only
stores the hash of the data in the blockchain. The main
data is encrypted and stored on the SGX module. The
smart contract includes the user registration module, device
Algorithm 1: Smart Contract Pseudo-code
1: HashMap deviceRegistry(key:ownerAddress,value:List[DeviceIds])
2: HashMap deviceData(key:(ownerAddress,deviceId), value:List[DataHash])
3: HashMap
DataAccessRegistry(key:(ownerAddresss,thirdpartyAddress,deviceId),value:
bool isAllowed)
4: function REGISTERDEVICE(ownerAddress,deviceID)
5: InsertToHashMap(deviceRegistry)
6: end function
7: function WRIT EDATA(ownerAddress,deviceID,Data)
8: if owner == ownerAddr ess
9: deviceData[owner,deviceID].List.InsertData(hash(Data))
10: end function
11: function READ DATA(ownerAddress,thirdPartyAddress,deviceID)
12: if DataAccessRegistry(thirdPartyAddress) == true
13: return deviceData[hash(ownerAddress,deviceID])
14: end function
15: function GRAN TACCES S(ownerAddress,thirdPartyAddress,deviceID)
16: if owner == ownerAddr ess
17: DataAccessRegistry[hash(ownerAddress,thirdPartyAddress,deviceID)] =
true
18: end function
19: function REVO KEACC ESS(ownerAddress,thirdPartyAddress,deviceID)
20: if owner == ownerAddr ess
21: DataAccessRegistry[hash(ownerAddress,thirdPartyAddress,deviceID)]
=false
22: end function
registration, read and policy access module for hash data
storage.
User Registration. This module leverages the user regis-
tration system on Ethereum network. Each user joins the
Ethereum network by generating a public private key pair
which uniquely identifies the user. The private key can
then be used to interact with the smart contract to perform
functions such as device registration and data access.
Device Registration. Each authenticated user can register
their IoT devices by providing the identifier for the device.
In the smart contract, we provide a hash map that maps
the devices owned by a user to the owners address on the
blockchain as denoted mapping (address = list of owners
deviceids)
Data Write Access Policy. For a device to write data
to the blockchain, the device will provide the owners
address and the device id with the data to be written.
By using the combination of the owner address and the
device id as the key in a hash map, we can uniquely
store all data that corresponds to all devices separately as
denoted ((owner address,device id) = list of device data).
The value of the hash map is a list of hashes of the data
written by the device. Before the smart contract allows data
to be written to the contract, the smart contract will check
if the owner address correspond to the device ID, so as to
ensure only a device owner can execute write operation.
Device Data Read Access Policy. For data access, a third
party user who needs access to a device data from another
user will request for permission to read the data. The
requesting user will provide the address of the owner of
the device and the device ID of the device. A hash map
that contains the device owner and address and the device
Third Party
Applications
IoT
device
Data
Sealing
Secure Data
Storage
Data
Communicator
Data
Unsealing
Information
Extraction
2
456
8
10
8
9
5
1
Data
Communicator
IoT Gateway
Remote
Attestation server
1
Encrypted connection
Ecall/Ocall
Wrapper
7
Integrity
Checker
6
Ecall/Ocall
Wrapper
37
Integrity
Checker
Blockchain
Smart Contract
Interfaces
Register Device()
AllowAccess()
RevokeAccess()
ReadData()
WriteData()
3
2<Data>
<ID>
WRITE
READ
4
Figure 4: Illustration of the Data Flow in IOTSMARTCO N-
TR ACT
id as key with the list of the third party users as values is
maintained within the smart contract. This is denoted as
((owner,device id,third party user address) = bool access).
Before access is granted to the data, this hash map is
checked to see if a requesting user can access the data
by ensuring only registered third party users can access
the device data.
B. IOTSMARTCONTRACT Detailed DataFlow
In Figure 4, we show a detailed data flow diagram of
IOTSMARTCONTRACT. For a device to write or read data,
first, the device communicates with the IoT gateway in
Step Âto register itself with the blockchain. For the IoT
gateway to trust the SGX platform, it performs remote
attestation as shown in Step À. To perform data write,
the device communicates with the IoT gateway in Step
Á. The gateway then retrieves the smart contract address
in Step Â. The gateway will then encrypt and hash the
data. The hashed data will be written to the blockchain
using the writedata function in the smart contract. The
raw encrypted data is then written to the SGX platform in
Step Ã. By using the Ecall/Ocall wrapper, the untrusted
module in the SGX application communicates with the
trusted module as shown in Step Ä. In Step Å, the In-
tegrity Checker module calculates the hash-based message
authentication code(HMAC) of the data and appends the
HMAC of the data before the data is sealed and written to
disk in Step Æand Step Ç.
For the read operation, the user must register third
party users with the smart contract by using the
allowAccess method. To revoke access, the user calls
the revokeAccess function. The third party user com-
municates with the smart contract as shown in Step Ê
to obtain the hash of the data generated by the device
by supplying the device Id. The smart contract checks if
the third party user can access the data from the device
using the device Id and the address of the third party user,
if permission is granted, the hash of the data is returned
and can be used to access the data from the SGX storage
platform. In Step Í, the SGX application rechecks with
the smart-contract using READDATA API to determine if
the third party user can access the data hash identifier
supplied by the third party request. If access is allowed,
the SGX application retrieves the data from secure storage
Step Î. Note that the overhead for read operation from
the blockchain is insignificant as we will show in the
evaluation section in Table I. The data is then unsealed
in Step Ïand the Integrity Check Step Ðrecalculates the
HMAC of the data which is then compared with the stored
HMAC. If the HMAC is unmodified the data is read and
returned the the user as shown in Step Òand Step Ó.
V. Implementation
We used five real IoT devices and a mobile phone
to evaluate IOTSMA RTCONTRACT. The devices includes
Philip Hue Hub with Zigbee light bulb, Samsung Smart-
things Hub with Motion/Proximity sensor, Belkin Wemo
Switch, Wemo Wall socket and a heart rate monitor mobile
application on android.
A. Ethereum Smart Contract
We implemented the IOTSMART CONTRACT smart con-
tract component using the Ethereum blockchain. Our
implementation consists of 50 lines of code in solidity
programming language. The code footprint needs to be
concise so as to limit the amount of Ethereum gas needed
to run a smart contract transaction. To limit storage space
needed to store data in the blockchain, we only store the
hash of the data. We ran the smart contract on the Rinkeby
Ethereum test network for evaluation.
We implemented the following interfaces
registerDevice,allowAccess,writeData,
readData and revokeAccess that enable the IoT
devices to interact with the smart contract . By using the
geth Ethereum client, we can retrieve the smart contract
address in the blockchain and performed operations such
register devices, write data, read data, write and read
access policy update and revoke access policy.
VI. Evaluation
Table I shows our evaluation result for each smart
contract operation in gas used by the miners to complete
an operation call. To confirm a transaction, the transaction
must be included in a generated block. The data payload
size for device 1 is 27 bytes, device 2, 47 bytes, device
3, 132 bytes, device 4 and 5, 127 bytes respectively
Smart Contract Interface Parameters Gas Used
registerDevice Device ID 47543
allowAccess Device ID, ThirdParty Address 29517
writeData Device ID, DataHash 51049
readData Device ID, ThirdParty Address
revokeAccess Device ID, ThirdParty Address 14792
Table I: Efficiency of Smart Contract Application based on
Gas usage
while the hash length is 256 bits. As seen in Table I,
registerDevice uses 47,543 gas to complete its oper-
ation, allowAccess required 29,517 gas, writeData
required 51,049 gas and revokeAccess required 14,792
gas. readData did not use any gas since reading from a
smart contract is done on the local blockchain which does
not require any mining.
In Figure 5, we compared the efficiency in gas usage
required by miners to complete write operation in the
blockchain. We compared two scenarios where the whole
data which is encrypted from the devices is written to
the blockchain versus writing only the hash of data. By
considering 5 device types, we show that device 1 used
59,846 gas for hashed data compared to 159,234 gas
required for raw data write which is a reduction of 169%.
Device 2 used 53,454 gas for hashed data and 92,926 gas
for raw write which gives a reduction of 73%. Device 3
and 4 used 58,974 gas for hashed data while 159,000 gas
is required to write raw data which gives a reduction of
138%.
In Figure 6, we show the impact of increasing write
workload on the blockchain. By increasing the write work-
load between 500 write requests to 2000 write requests,
we measure the transaction throughput per second on the
blockchain. Without hashing, For 500 write workload, the
write transaction throughput is 10.56 writes per second. For
1500, it is 9.26 and for 2000 writes, the write throughput
is 8.6 writes per second. With hashing, for 500 write
workload, the write transaction throughput is 8.8 writes
per second. For 1500, it is 7.9 and for 2000 writes,
the write throughput is 7.2 writes per second. The write
throughput decreases with increasing write workload. The
write throughput also decreases with hashing enabled.
Even though from Figure 5, the gas used with hashing
enabled is constant because the hashing function produces
256 bit data for storage on the blockchain, the write
throughput is lower because of the hashing process before
writing the data to the blockchain.
A. Sealing and Unsealing Overhead
In Figure 7, we show overhead for sealing and the
unsealing operation on the SGX platform. The x-axis
represents the block size and the y-axis represents the CPU
cost in milliseconds. By using a block size of 1,024 bytes,
dev1 dev2 dev3 dev4 dev5
80
120
160
200 ·105
Device Type
Gas used (thousands)
With Hashing
No Hashing
Figure 5: Gas utilization for Write
Operation on SmartContract.
500 1000 1500 2000
0
2
4
8
10
12
Number of Write Workload
Throughput( write tx/s)
With Hashing
No Hashing
Figure 6: Throughput based on In-
creasing Write Workload
256 512 768 1024 1280 1536
0
500
1000
1500
2000
2500
Block Size (KB)
CPU time (milliseconds)
Sealing
Unsealing
Figure 7: Avg Seal and Unseal time
the average time it takes to seal a single batch record of 2.8
MB is 400 milliseconds compared to 2,000 milliseconds
when using 32 bytes block size. With increasing block size,
the time to seal and and unseal data reduces. This is as a
result of reduction in frequency of number of blocks of
data between the enclave and the untrusted module of the
application.
VII. Limitations and Future Work
In this work, we leveraged the immutability of the
blockchain network to store audit information on how IoT
data is stored and read by users. One of the main limita-
tion of using blockchain is the scalability problem. This
limitation is not pertinent to our solution, since the data
is not always needed immediately and all pending writes
and read can be processed and committed to the blockchain
at a later time. In addition, this limitation does not apply
to read operation as shown in the evaluation. One way
to overcome this limitation is to use private blockchains.
By using private blockchains, we can eliminate the time
used to mine block since all participants in the network is
permissioned or known.
VIII. Related Work
In this section, first, we provide discussion on related
work on blockchain, and IoT system.
Blockchain. With the increase in adoption of blockchain
technology, various researchers have proposed different use
cases for the new technology. Zyskind et al. [13] proposed
using blockchain to decentralize storage of data. Our work
differs from theirs, since we provide a full implementation
that leveraged SGX secure computing to store raw data
in order to defeat malicious attackers. Dorri et al. [22]
proposed using blockchain to manage IoT network. By
providing a light weight blockchain consensus system,
devices with low processing power can run blockchain
independently. Various works exist on how to improve the
performance of blockchain technology as seen in [23].
IoT System and Applications. In previous work by Ear-
lence et al. [1], they show how a smart lock can be com-
promised by attacking the Samsung Smart Application.
They demonstrated an attack that requested limited access
permission to only perform lock action on a smart lock,
but instead gained full control privilege to also perform
unlock action. Vijay et al. [24] show how they capture non
encrypted network traffic from Wemo device to perform a
replay attack on the device.
IX. Conclusion
As adoption of IoT device usage increases, proper
data access audit, data usage transparency and data pri-
vacy is very critical due to the vast amount of data
generated by these devices. This paper introduces IOTS-
MA RTCONTRACT that offers decentralized data access
control policy system, data security and data integrity by
leveraging recent advances in blockchain technology and
trusted computing using Intel SGX. Our approach utilizes
the blockchain to manage data access to IoT data in a
decentralized way and stores the raw encrypted data in
SGX enabled platform by ensuring all data processing
and storage is done in the secure enclaves. Our platform
utilizes real blockchain platform Ethereum to evaluate our
approach. We used real Intel SGX platform to evaluate our
secure storage platform.
X. Acknowledgement
This work was supported in part by NSF award
#1513704, AFOSR award FA9550-14-1-0173, ONR
awards N00014-14-1-0030 and N00014-17-1-2295, an
award from Lockheed-Martin. and NSA.
References
[1] E. Fernandes, J. Jung, and A. Prakash, “Security Analysis
of Emerging Smart Home Applications,” in Proceedings of
the 37th IEEE Symposium on Security and Privacy, May
2016.
[2] Y. J. Jia, Q. A. Chen, S. Wang, A. Rahmati, E. Fernandes,
Z. M. Mao, and A. Prakash, “ContexIoT: Towards Providing
Contextual Integrity to Appified IoT Platforms,” in Proceed-
ings of the 21st Network and Distributed System Security
Symposium (NDSS’17), San Diego, CA, February 2017.
[3] J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami,
“Internet of things (iot): A vision, architectural elements,
and future directions,” Future generation computer systems,
vol. 29, no. 7, pp. 1645–1660, 2013.
[4] E. Bertino, “Data privacy for iot systems: Concepts, ap-
proaches, and research directions,” in Big Data (Big Data),
2016 IEEE International Conference on. IEEE, 2016, pp.
3645–3647.
[5] P. A. H. Williams and V. McCauley, “Always connected:
The security challenges of the healthcare internet of things,”
in 2016 IEEE 3rd World Forum on Internet of Things (WF-
IoT), Dec 2016, pp. 30–35.
[6] N. M. Gonzalez, W. A. Goya, R. de Fatima Pereira,
K. Langona, E. A. Silva, T. C. M. de Brito Carvalho,
C. C. Miers, J. E. Mngs, and A. Sefidcon, “Fog computing:
Data analytics and cloud distributed processing on the
network edges,” in 2016 35th International Conference of
the Chilean Computer Science Society (SCCC), Oct 2016,
pp. 1–9.
[7] M. M. Masud, L. Khan, and B. Thuraisingham, “A
scalable multi-level feature extraction technique to detect
malicious executables,Information Systems Frontiers,
vol. 10, no. 1, pp. 33–45, Mar. 2008. [Online]. Available:
http://dx.doi.org/10.1007/s10796-007-9054-3
[8] H. Hu, G.-J. Ahn, and J. Jorgensen, “Detecting and
resolving privacy conflicts for collaborative data sharing
in online social networks,” in Proceedings of the 27th
Annual Computer Security Applications Conference, ser.
ACSAC ’11. New York, NY, USA: ACM, 2011, pp.
103–112. [Online]. Available: http://doi.acm.org/10.1145/
2076732.2076747
[9] S. Nakamoto, “A peer-to-peer electronic cash system,”
bitcoin.org, 2009, (Accessed on 08/09/2017).
[10] E. Foundation, “Ethereums white paper.https://github.
com/ethereum/wiki/wiki/White-Paper, 2014, (Accessed on
08/09/2017).
[11] Filecoin, “Filecoin: A decentralized storage network.” https:
//filecoin.io/filecoin.pdf, 2017, (Accessed on 08/09/2017).
[12] slock, “Initial coin offering market,” https://slock.it/, 2017,
(Accessed on 08/09/2017).
[13] G. Zyskind, O. Nathan et al., “Decentralizing privacy:
Using blockchain to protect personal data,” in Security and
Privacy Workshops (SPW), 2015 IEEE. IEEE, 2015, pp.
180–184.
[14] A. Kosba, A. Miller, E. Shi, Z. Wen, and C. Papamanthou,
“Hawk: The blockchain model of cryptography and privacy-
preserving smart contracts,” in Security and Privacy (SP),
2016 IEEE Symposium on. IEEE, 2016, pp. 839–858.
[15] V. Costan and S. Devadas, “Intel SGX explained,IACR
Cryptology ePrint Archive, vol. 2016, p. 86, 2016. [Online].
Available: http://eprint.iacr.org/2016/086
[16] M. Crosby, P. Pattanayak, and S. Verma, “Blockchain
technology: Beyond bitcoin,” 2016.
[17] N. Santos, H. Raj, S. Saroiu, and A. Wolman, “Using arm
trustzone to build a trusted language runtime for mobile
applications,” in ACM SIGARCH Computer Architecture
News, vol. 42, no. 1. ACM, 2014, pp. 67–80.
[18] L. Van Doorn, “Hardware virtualization trends,” in
ACM/Usenix International Conference On Virtual Execution
Environments: Proceedings of the 2 nd international con-
ference on Virtual execution environments, vol. 14, no. 16,
2006, pp. 45–45.
[19] V. Karande, E. Bauman, Z. Lin, and L. Khan, “Sgx-
log: Securing system logs with sgx,” in Proceedings of
the 2017 ACM on Asia Conference on Computer and
Communications Security, ser. ASIA CCS ’17. New York,
NY, USA: ACM, 2017, pp. 19–30. [Online]. Available:
http://doi.acm.org/10.1145/3052973.3053034
[20] R. L. Rivest, A. Shamir, and L. Adleman,
“A method for obtaining digital signatures and
public-key cryptosystems,Commun. ACM, vol. 21,
no. 2, pp. 120–126, Feb. 1978. [Online]. Available:
http://doi.acm.org/10.1145/359340.359342
[21] P. Hue, “Philip hue iot portal,http://www2.meethue.com/
en-us/, 2017, (Accessed on 08/09/2017).
[22] A. Dorri, S. S. Kanhere, and R. Jurdak, “Towards an
optimized blockchain for iot,” in Proceedings of the
Second International Conference on Internet-of-Things
Design and Implementation, ser. IoTDI ’17. New York,
NY, USA: ACM, 2017, pp. 173–178. [Online]. Available:
http://doi.acm.org/10.1145/3054977.3055003
[23] I. Eyal, A. E. Gencer, E. G. Sirer, and R. Van Renesse,
“Bitcoin-ng: A scalable blockchain protocol.” in NSDI,
2016, pp. 45–59.
[24] V. Sivaraman, D. Chan, D. Earl, and R. Boreli, “Smart-
phones attacking smart-homes,” in Proceedings of the 9th
ACM Conference on Security &#38; Privacy in Wireless
and Mobile Networks, ser. WiSec ’16. New York, NY,
USA: ACM, 2016, pp. 195–200. [Online]. Available:
http://doi.acm.org/10.1145/2939918.2939925
... Whilst IoT both defines and manages the data for its devices (e.g. user information), the way these data are shared remains unclear [31]. For instance, some IoT data are not easily manipulable and are highly time sensitive, thereby necessitating a more careful treatment. ...
... Given their ability to control smart contracts, blockchains also prevent the privacy of individuals from being compromised by controlling uninterrupted operations independently, thereby reducing network traffic and ensuring continuous operations. Deploying such technology in IoT can also prevent the loss of private information and allow users to send their data directly to the network [31]. Privacy is an unignorable principle in IoT. ...
Article
Full-text available
After a long period of development, blockchain innovation has received much attention from scholars and industry practitioners alike. This innovation allows the issuance of smart contracts, which are utilised to automate and execute deals amongst clients. Blockchain is also being used nowadays by a few IT applications as a specialised foundation. This technology also prevents the duplication of information similar to what is being done with Bitcoin and other cryptocurrencies. Specifically, Bitcoin records are virtually impossible to alter as this cryptocurrency is being traded amongst hundreds of thousands of servers. Therefore, to launch a successful attack, the aggressor should change the Bitcoin records of 51% of these servers simultaneously. The cost of such effort significantly exceeds the potential payoff. Meanwhile, private data that are stored on single servers, such as Amazon and Google, are prone to malicious attacks. Therefore, in this paper, we propose the use of blockchain to solve the security issues in the Internet of Things (IOT). We initially identify and categorise the prevalent security issues, particularly data privacy, being faced in IoT in expansion to conventions utilized for organizing, communication, and administration. Afterwards, we formulate some security measures for IoT and illustrate scenarios where blockchain is being used in IoT applications.
... Nonetheless, we followed standard practice and restricted ourselves to workloads that have been used by highly cited works on SGX in the recent past. We found the following workloads: blockchain related [12,14,15,55,78], protecting key-value pairs [25,43,44,52], securing databases [34,64,77,84], protecting keys [18,21], securing a machine learning models [11,42,47], protecting network routing tables [63], securing communication [54], graph traversals [27,41], protecting web-servers [68,80], and HPC workloads [81]. The next task was to refine the set of workloads and choose an appropriate set. ...
Preprint
Full-text available
Trusted execution environments (TEEs) such as \intelsgx facilitate the secure execution of an application on untrusted machines. Sadly, such environments suffer from serious limitations and performance overheads in terms of writing back data to the main memory, their interaction with the OS, and the ability to issue I/O instructions. There is thus a plethora of work that focuses on improving the performance of such environments -- this necessitates the need for a standard, widely accepted benchmark suite (something similar to SPEC and PARSEC). To the best of our knowledge, such a suite does not exist. Our suite, SGXGauge, contains a diverse set of workloads such as blockchain codes, secure machine learning algorithms, lightweight web servers, secure key-value stores, etc. We thoroughly characterizes the behavior of the benchmark suite on a native platform and on a platform that uses a library OS-based shimming layer (GrapheneSGX). We observe that the most important metrics of interest are performance counters related to paging, memory, and TLB accesses. There is an abrupt change in performance when the memory footprint starts to exceed the size of the EPC size in Intel SGX, and the library OS does not add a significant overhead (~ +- 10%).
... Feng et al. [248] studied a novel secure gradient boosting machines model (SecureGBM) to enable federated learning in such settings. In addition to tackling the privacy and security issues in a distributed manner, data federation with trusted execution environments (TEE) [249]- [252] is yet another way to perform data aggregation and machine learning using trustworthy infrastructures. • Privacy and Security Enhancements for IoT Systems using Data Analytics and Machine Learning. ...
Article
Full-text available
Over the last decade, machine learning (ML) and deep learning (DL) algorithms have significantly evolved and been employed in diverse applications such as computer vision, natural language processing, automated speech recognition, etc. Real-time safety-critical embedded and IoT systems such as autonomous driving systems, UAVs, drones, security robots, etc.,heavily rely on ML/DL-based technologies, accelerated with the improvement of hardware technologies. The cost of a dead-line (required time constraint) missed by ML/DL algorithmswould be catastrophic in these safety-critical systems. However,ML/DL algorithm-based applications have more concerns about accuracy than strict time requirements. Accordingly, researchers from the real-time systems community address the strict timing requirements of ML/DL technologies to include in real-time systems. This paper will rigorously explore the state-of-the-art results emphasizing the strengths and weaknesses in ML/DL-based scheduling techniques, accuracy vs. execution time trade-off policies of ML algorithms, and security & privacy of learning-based algorithms in real-time IoT systems.
... A natural solution to avoid the need for a TTP is the decentralization of its role. In this direction, several approaches [9,10] raised in the last decade using Blockchain technologies to connect devices, skipping the need for a TTP in many use cases. In the same context, new digital services have appeared in the market, changing the way how users interact with them. ...
Preprint
Full-text available
Nowadays, there is a plethora of services that are provided and paid for online, like video streaming subscriptions, car or parking sharing, purchasing tickets for events, etc. Online services usually issue tokens directly related to the identities of their users after signing up into their platform, and the users need to authenticate using the same credentials each time they are willing to use the service. Likewise, when using in-person services like going to a concert, after paying for this service the user usually gets a ticket which proves that he/she has the right to use that service. In both scenarios, the main concerns are the centralization of the systems, and that they do not ensure customers' privacy. The involved Service Providers are Trusted Third Parties, authorities that offer services and handle private data about users. In this paper, we design and implement FORT, a decentralized system that allows customers to prove their right to use specific services (either online or in-person) without revealing sensitive information. To achieve decentralization we propose a solution where all the data is handled by a Blockchain. We describe and uniquely identify users' rights using Non-Fungible Tokens (NFTs), and possession of these rights is demonstrated by using Zero-Knowledge Proofs, cryptographic primitives that allow us to guarantee customers' privacy. Furthermore, we provide benchmarks of FORT which show that our protocol is efficient enough to be used in devices with low computing resources, like smartphones or smartwatches, which are the kind of devices commonly used in our use case scenario.
... One natural solution to avoid the need for a TTP involves the decentralization of its role. In this direction, several approaches [9,10] were explored in the last decade, involving the use of blockchain technologies to connect devices, skipping the need for a TTP in many cases. In the same context, new digital services have appeared on the market, changing how users interact with them. ...
Article
Full-text available
Nowadays, there are a plethora of services that are provided and paid for online, such as video streaming subscriptions, car-share, vehicle parking, purchasing tickets for events, etc. Online services usually issue tokens that are directly related to the identities of their users after they sign up to a platform; users need to authenticate themselves by using the same credentials each time they use the service. Likewise, when using in-person services, such as going to a concert, after paying for this service, the user usually receives a ticket, which proves that he/she has the right to use that service. In both scenarios, the main concerns surround the centralization of these systems and that they do not ensure customers’ privacy. The involved service providers are trusted third parties—authorities that offer services and handle private data about users. In this paper, we designed and implemented FORT, a decentralized system that allows customers to prove their rights to use specific services (either online or in-person) without revealing sensitive information. To achieve decentralization, we proposed a solution where all of the data are handled by a blockchain. We describe and uniquely identify users’ rights using non-fungible tokens (NFTs), and possession of these rights is demonstrated by using zero-knowledge proofs—cryptographic primitives that allow us to guarantee customers’ privacy. Furthermore, we provide benchmarks of FORT, which show that our protocol is efficient enough to be used in devices with low computing resources, such as smartphones or smartwatches, which are devices commonly used in our use case scenario.
... Ayoade et al. [5] introduced a decentralized system for data management in IoT applications using blockchain and TEE technologies. The idea is to impose access control by using blockchain smart contracts and storing only data hashes in the blockchain while keeping raw data in a TEE application. ...
Article
Full-text available
Internet of Things (IoT) devices are increasingly present in people's daily lives, collecting different types of data about the environment, user behavior, medical data, and others. Due to limited processing power, such devices share the collected data with cloud/fog environments, which raises concerns about users' privacy. To ensure privacy and confidentiality guarantees, many cloud/fog-enhanced IoT applications use Trusted Execution Environments, such as ARM TrustZone and Intel SGX, which are the basis for Confidential Computing. Confidential Computing aims at protecting data during processing, besides transit and rest. This paper presents a review regarding TEEs’ adoption to protect data in cloud/fog-based IoT applications, focusing on the two aforementioned technologies. We highlight the challenges in adopting these technologies and discuss the vulnerabilities present in both Intel SGX and ARM TrustZone.
Article
Full-text available
As emerging next-generation information technologies, blockchains have unique advantages in information transparency and transaction security. They have attracted great attentions in social and financial fields. However, the rapid development of quantum computation and the impending realization of quantum supremacy have had significant impacts on the advantages of traditional blockchain based on traditional cryptography. Here, we propose a blockchain algorithm based on asymmetric quantum encryption and a stake vote consensus algorithm. The algorithm combines a consensus algorithm based on the delegated proof of stake with node behaviour and Borda count (DPoSB) and quantum digital signature technology based on quantum state computational distinguishability with a fully flipped permutation ( $${\text{QSC}}{\text{D}}_{\text{ff}}$$ QSCD ff ) problem. DPoSB is used to generate blocks by voting, while the quantum signature applies quantum one-way functions to guarantee the security of transactions. The analysis shows that this combination offers better protection than other existing quantum-resistant blockchains. The combination can effectively resist the threat of quantum computation on blockchain technology and provide a new platform to ensure the security of blockchain.
Article
Computer node security is the source and foundation of information system security. Trusted computing dual system architecture is an important implementation method to solve the security assurance by establishing the dual system of computing nodes, on the one hand, to achieve isolation on the other hand to achieve the active metrics of the system. This article systematically analyzes the dual architecture of trusted computing, summarizes the security assurance implementation of the dual architecture of trusted computing as the problem of trusted platform control module (TPCM) trusted root parallel access bus, and designs and implements it using ARM multi‐core CPU architecture, and designs the basic hardware security assurance capabilities such as TPCM resource isolation, active metrics, secure communication and other key components of trusted cryptography module and trusted software base based on it, thus implementing the two core mechanisms of trustworthy computing, namely, trust chain construction and dynamic metrics, are implemented. The design of system integration in computing node devices based on this ARM multi‐core CPU architecture is proposed, and the related design and implementation methods are proposed, and finally, the prototype implementation and test verification are performed on the Phytium CPU platform.
Chapter
Blockchain is proven to support businesses in traceability, data reliability, and data retrieval in all the steps of the supply chain, but still has limited use in the food sector. Through the EU-Horizon 2020-backed example of an Italian regional milk value chain, the chapter describes a real case toward the implementation of such technology in the food sector for the benefit of multiple stakeholders. The case sheds light on the gathering of information concerning the milk production through a network of advanced internet of things sensors, the output of which is employed both for data-driven decision-making and for information certification through blockchain. This trustable and certified information could be shared and employed by other stakeholders to get informed about the status of the production process and, in turn, to potentially deliver an enlarged set of details about the product, progressively up to the end consumers, with implications of technology adoption for food tech-firms and on related impacts on a circular economy.
Conference Paper
Full-text available
There has been increasing interest in adopting BlockChain (BC), that underpins the crypto-currency Bitcoin, in Internet of ings (IoT) for security and privacy. However, BCs are computation-ally expensive and involve high bandwidth overhead and delays, which are not suitable for most IoT devices. is paper proposes a lightweight BC-based architecture for IoT that virtually eliminates the overheads of classic BC, while maintaining most of its security and privacy beneets. IoT devices beneet from a private immutable ledger, that acts similar to BC but is managed centrally, to optimize energy consumption. High resource devices create an overlay network to implement a publicly accessible distributed BC that ensures end-to-end security and privacy. e proposed architecture uses distributed trust to reduce the block validation processing time. We explore our approach in a smart home seeing as a representative case study for broader IoT applications. ali-tative evaluation of the architecture under common threat models highlights its eeectiveness in providing security and privacy for IoT applications. Simulations demonstrate that our method decreases packet and processing overhead signiicantly compared to the BC implementation used in Bitcoin.
Technical Report
Full-text available
Cryptocurrencies, based on and led by Bitcoin, have shown promise as infrastructure for pseudonymous online payments, cheap remittance, trustless digital asset exchange, and smart contracts. However, Bitcoin-derived blockchain protocols have inherent scalability limits that trade-off between throughput and latency and withhold the realization of this potential. This paper presents Bitcoin-NG, a new blockchain protocol designed to scale. Based on Bitcoin's blockchain protocol, Bitcoin-NG is Byzantine fault tolerant, is robust to extreme churn, and shares the same trust model obviating qualitative changes to the ecosystem. In addition to Bitcoin-NG, we introduce several novel metrics of interest in quantifying the security and efficiency of Bitcoin-like blockchain protocols. We implement Bitcoin-NG and perform large-scale experiments at 15% the size of the operational Bitcoin system, using unchanged clients of both protocols. These experiments demonstrate that Bitcoin-NG scales optimally, with bandwidth limited only by the capacity of the individual nodes and latency limited only by the propagation time of the network.
Article
This paper presents the design, implementation, and evaluation of the Trusted Language Runtime (TLR), a system that protects the confidentiality and integrity of .NET mobile applications from OS security breaches. TLR enables separating an application's security-sensitive logic from the rest of the application, and isolates it from the OS and other apps. TLR provides runtime support for the secure component based on a .NET implementation for embedded devices. TLR reduces the TCB of an open source .NET implementation by a factor of $78$ with a tolerable performance cost. The main benefit of the TLR is to bring the developer benefits of managed code to trusted computing. With the TLR, developers can build their trusted components with the productivity benefits of modern high level languages, such as strong typing and garbage collection.
Conference Paper
System logs are the greatest forensics assets that capture how an operating system or a program behaves. System logs are often the next immediate attack target once a system is compromised, and it is thus paramount to protect them. This paper introduces SGX-Log, a new logging system that ensures the integrity and confidentiality of log data. The key idea is to redesign a logging system by leveraging a recent hardware extension, called Intel SGX, which provides a secure enclave with sealing and unsealing primitives to protect program code and data in both memory and disk from being modified in an unauthorized manner even from high privilege code. We have implemented SGX-Log atop the recent Ubuntu 14.04 for secure logging using real SGX hardware. Our evaluation shows that SGX-Log introduces no observable performance overhead to the programs that generate the log requests, and it also imposes very small overhead to the log daemons.
Conference Paper
Data are today an asset more critical than ever for all organizations we may think of. Recent advances and trends, such as sensor systems, IoT, cloud computing, and data analytics, are making possible to pervasively, efficiently, and effectively collect data. However such pervasive data collection and the lack of security for IoT devices increase data privacy concerns. In this paper, we discuss relevant concepts and approaches for data privacy in IoT, and identify research challenges that must be addressed by comprehensive solutions to data privacy.
Conference Paper
The term fog computing was coined in 2012. However, the concept of pushing data and application logic to the network edges is not a novelty. Similar proposals were observed with edge computing, from the early 2000s, and cloudlets, from 2009. In fact, the cloudlet concept is a subset of edge computing applied to mobile networks and the fog concept is a subset of edge computing applied to Internet of Things (IoT). This paper demystifies these concepts and provides a comprehensive survey of references from academia and industry. It analyzes the terminology and dimensions of performance, security, and governance, based on a taxonomy proposed and presented in the paper. In addition we provide a thorough analysis of related topics, identifying the main research areas correlated to edge computing. Finally, we draw conclusions regarding the state of the art and the future of edge computing.
Conference Paper
The explosion in Internet-connected household devices, such as light-bulbs, smoke-alarms, power-switches, and webcams, is creating new vectors for attacking "smart-homes" at an unprecedented scale. Common perception is that smart-home IoT devices are protected from Internet attacks by the perimeter security offered by home routers. In this paper we demonstrate how an attacker can infiltrate the home network via a doctored smart-phone app. Unbeknownst to the user, this app scouts for vulnerable IoT devices within the home, reports them to an external entity, and modifies the firewall to allow the external entity to directly attack the IoT device. The ability to infiltrate smart-homes via doctored smart-phone apps demonstrates that home routers are poor protection against Internet attacks and highlights the need for increased security for IoT devices.