Abstract
Trusted Execution Environment (TEE) technology like ARM TrustZone allows protecting confidential data using cryptographic keys that are bound to a specific TEE and device. However, there are good reasons to allow relocating such data from a TEE to another TEE in another device, often in a non-interactive (offline) and anonymous manner. We propose the Trusted Relocation Extension (TRX), a TrustZone-based trusted storage service enabling backup/recovery and sharing of data between TEEs in different devices. TRX works offline, without previous key exchange, and ensures the anonymity of the sender and the receiver. We present an implementation of TRX compatible with OP-TEE and its evaluation with Raspberry Pi 3 B+ devices.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
All software available at: https://github.com/vascoguita/trx.
References
Alder, F., et al.: Migrating SGX enclaves with persistent state. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 195–206 (2018)
ARM. ARM security technology: building a secure system using TrustZone technology (2009)
ARM. Trusted board boot requirements client (TBBR-CLIENT) Armv8-A. Document number: ARM DEN0006D (2018)
ARM. TrustZone for Armv8-A. Version 1.0 (2020)
Ateniese, G., Francati, D., Nuñez, D., Venturi, D.: Match me if you can: matchmaking encryption and its applications. J. Cryptology 34(3), 1–50 (2021). https://doi.org/10.1007/s00145-021-09381-4
Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_16
Cai, Y., et al.: SuiT: secure user interface based on TrustZone. In: 2019 IEEE International Conference on Communications (ICC), pp. 1–7 (2019)
Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–90 (1981)
Chen, B., et al.: CL-ME: efficient certificateless matchmaking encryption for internet of things. IEEE Internet Things J. 8(19), 15010–15023 (2021)
Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Arch. 2016(086), 1–118 (2016)
Costan, V., Lebedev, I., Devadas, S.: Sanctum: minimal hardware extensions for strong software isolation. In: 25th USENIX Security Symposium, pp. 857–874 (2016)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of the 13th Conference on USENIX Security Symposium (2004)
GlobalPlatform, Inc. Trusted user interface API version 1.0. Document Reference: GPD_SPE_020, June 2013
GlobalPlatform, Inc. TEE internal core API specification version 1.1.2.50 (target v1.2). Document Reference: GPD_SPE_010, June 2018
González, J., Bonnet, P.: TEE-based trusted storage. Technical report, IT University Technical Report Series (2014)
Gulcu, C., Tsudik, G.: Mixing E-mail with Babel. In: Proceedings of the Symposium on Network and Distributed Systems Security, pp. 2–16 (1996)
Huang, S., Liu, C., Su, Z.: Secure storage model based on TrustZone. In: IOP Conference Series: Materials Science and Engineering (2019)
Intel. Attestation service for Intel software guard extensions: API documentation. Intel Corporation. Revision 6.0 (2020)
Lentz, M., et al.: SeCloak: ARM trustZone-based mobile peripheral control. In: Proceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services (2018)
Lerman, L., Bontempi, G., Markowitch, O.: Side channel attack: an approach based on machine learning. Center for Advanced Security Research Darmstadt, pp. 29–41 (2011)
Li, W., et al.: Building trusted path on untrusted device drivers for mobile devices. In: Proceedings of 5th ACM Asia-Pacific Workshop on Systems (2014)
Liang, H., Zhang, Q., Li, M., Li, J.: Toward migration of SGX-enabled containers. In: 2019 IEEE Symposium on Computers and Communications, pp. 1–6 (2019)
Lin, X.-J., Sun, L.: Matchmaking encryption from functional encryption for deterministic functionalities (2020). https://www.researchgate.net/
McKeen, F., et al.: Innovative instructions and software model for isolated execution. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, June 2013
Park, J., Park, S., Kang, B.B., Kim, K.: eMotion: an SGX extension for migrating enclaves. Comput. Secur. 80, 173–185 (2019)
Pinto, S., Santos, N.: Demystifying Arm TrustZone: a comprehensive survey. ACM Comput. Surv. 51(6), 130 (2019)
Rogaway, P.: Authenticated-encryption with associated-data. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 98–107 (2002)
Santos, N., Raj, H., Saroiu, S., Wolman, A.: Using ARM TrustZone to build a trusted language runtime for mobile applications. In: Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems (2014)
Thurlow, R.: RPC: remote procedure call protocol specification version 2. RFC 5531, RFC Editor, May 2009
TrustedFirmware. OP-TEE documentation (2021). https://optee.readthedocs.io/
TrustedFirmware. Trusted firmware-a documentation (2021). https://trustedfirmware-a.readthedocs.io/
Xu, S., et al.: Match in my way: fine-grained bilateral access control for secure cloud-fog computing. IEEE Trans. Dependable Secure Comput. 19(2), 1064–1077 (2020)
Xu, S., et al.: Expressive bilateral access control for internet-of-things in cloud-fog computing. In: Proceedings of the 26th ACM Symposium on Access Control Models and Technologies, pp. 143–154 (2021)
Ying, K., Thavai, P., Du, W.: Truz-view: developing TrustZone user interface for mobile os using delegation integration model. In: Proceedings of the 9th ACM Conference on Data and Application Security and Privacy, pp. 1–12 (2019)
Zhao, S., et al.: Providing root of trust for ARM TrustZone using on-chip SRAM. In: Proceedings of the 4th International Workshop on Trustworthy Embedded Devices (2014)
Acknowledgments
This work was supported by the European Commission through contract 870635 (DE4A) and by national funds through Fundação para a Ciência e a Tecnologia (FCT) with reference UIDB/50021/2020 (INESC-ID).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Guita, V., Andrade, D., Silva, J.N., Correia, M. (2022). Anonymous Trusted Data Relocation for TEEs. In: Meng, W., Fischer-Hübner, S., Jensen, C.D. (eds) ICT Systems Security and Privacy Protection. SEC 2022. IFIP Advances in Information and Communication Technology, vol 648. Springer, Cham. https://doi.org/10.1007/978-3-031-06975-8_26
Download citation
DOI: https://doi.org/10.1007/978-3-031-06975-8_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-06974-1
Online ISBN: 978-3-031-06975-8
eBook Packages: Computer ScienceComputer Science (R0)