Skip to main content
SpringerLink
Log in

Anonymous Trusted Data Relocation for TEEs

  • Conference paper
  • First Online:
ICT Systems Security and Privacy Protection (SEC 2022)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 648))

Abstract

Trusted Execution Environment (TEE) technology like ARM TrustZone allows protecting confidential data using cryptographic keys that are bound to a specific TEE and device. However, there are good reasons to allow relocating such data from a TEE to another TEE in another device, often in a non-interactive (offline) and anonymous manner. We propose the Trusted Relocation Extension (TRX), a TrustZone-based trusted storage service enabling backup/recovery and sharing of data between TEEs in different devices. TRX works offline, without previous key exchange, and ensures the anonymity of the sender and the receiver. We present an implementation of TRX compatible with OP-TEE and its evaluation with Raspberry Pi 3 B+ devices.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 119.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    All software available at: https://github.com/vascoguita/trx.

References

  1. Alder, F., et al.: Migrating SGX enclaves with persistent state. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 195–206 (2018)

    Google Scholar 

  2. ARM. ARM security technology: building a secure system using TrustZone technology (2009)

    Google Scholar 

  3. ARM. Trusted board boot requirements client (TBBR-CLIENT) Armv8-A. Document number: ARM DEN0006D (2018)

    Google Scholar 

  4. ARM. TrustZone for Armv8-A. Version 1.0 (2020)

    Google Scholar 

  5. Ateniese, G., Francati, D., Nuñez, D., Venturi, D.: Match me if you can: matchmaking encryption and its applications. J. Cryptology 34(3), 1–50 (2021). https://doi.org/10.1007/s00145-021-09381-4

    Article  MathSciNet  MATH  Google Scholar 

  6. Boneh, D., Sahai, A., Waters, B.: Functional encryption: definitions and challenges. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 253–273. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_16

    Chapter  Google Scholar 

  7. Cai, Y., et al.: SuiT: secure user interface based on TrustZone. In: 2019 IEEE International Conference on Communications (ICC), pp. 1–7 (2019)

    Google Scholar 

  8. Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–90 (1981)

    Article  Google Scholar 

  9. Chen, B., et al.: CL-ME: efficient certificateless matchmaking encryption for internet of things. IEEE Internet Things J. 8(19), 15010–15023 (2021)

    Article  Google Scholar 

  10. Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Arch. 2016(086), 1–118 (2016)

    Google Scholar 

  11. Costan, V., Lebedev, I., Devadas, S.: Sanctum: minimal hardware extensions for strong software isolation. In: 25th USENIX Security Symposium, pp. 857–874 (2016)

    Google Scholar 

  12. Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of the 13th Conference on USENIX Security Symposium (2004)

    Google Scholar 

  13. GlobalPlatform, Inc. Trusted user interface API version 1.0. Document Reference: GPD_SPE_020, June 2013

    Google Scholar 

  14. GlobalPlatform, Inc. TEE internal core API specification version 1.1.2.50 (target v1.2). Document Reference: GPD_SPE_010, June 2018

    Google Scholar 

  15. González, J., Bonnet, P.: TEE-based trusted storage. Technical report, IT University Technical Report Series (2014)

    Google Scholar 

  16. Gulcu, C., Tsudik, G.: Mixing E-mail with Babel. In: Proceedings of the Symposium on Network and Distributed Systems Security, pp. 2–16 (1996)

    Google Scholar 

  17. Huang, S., Liu, C., Su, Z.: Secure storage model based on TrustZone. In: IOP Conference Series: Materials Science and Engineering (2019)

    Google Scholar 

  18. Intel. Attestation service for Intel software guard extensions: API documentation. Intel Corporation. Revision 6.0 (2020)

    Google Scholar 

  19. Lentz, M., et al.: SeCloak: ARM trustZone-based mobile peripheral control. In: Proceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services (2018)

    Google Scholar 

  20. Lerman, L., Bontempi, G., Markowitch, O.: Side channel attack: an approach based on machine learning. Center for Advanced Security Research Darmstadt, pp. 29–41 (2011)

    Google Scholar 

  21. Li, W., et al.: Building trusted path on untrusted device drivers for mobile devices. In: Proceedings of 5th ACM Asia-Pacific Workshop on Systems (2014)

    Google Scholar 

  22. Liang, H., Zhang, Q., Li, M., Li, J.: Toward migration of SGX-enabled containers. In: 2019 IEEE Symposium on Computers and Communications, pp. 1–6 (2019)

    Google Scholar 

  23. Lin, X.-J., Sun, L.: Matchmaking encryption from functional encryption for deterministic functionalities (2020). https://www.researchgate.net/

  24. McKeen, F., et al.: Innovative instructions and software model for isolated execution. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, June 2013

    Google Scholar 

  25. Park, J., Park, S., Kang, B.B., Kim, K.: eMotion: an SGX extension for migrating enclaves. Comput. Secur. 80, 173–185 (2019)

    Article  Google Scholar 

  26. Pinto, S., Santos, N.: Demystifying Arm TrustZone: a comprehensive survey. ACM Comput. Surv. 51(6), 130 (2019)

    Article  Google Scholar 

  27. Rogaway, P.: Authenticated-encryption with associated-data. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 98–107 (2002)

    Google Scholar 

  28. Santos, N., Raj, H., Saroiu, S., Wolman, A.: Using ARM TrustZone to build a trusted language runtime for mobile applications. In: Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems (2014)

    Google Scholar 

  29. Thurlow, R.: RPC: remote procedure call protocol specification version 2. RFC 5531, RFC Editor, May 2009

    Google Scholar 

  30. TrustedFirmware. OP-TEE documentation (2021). https://optee.readthedocs.io/

  31. TrustedFirmware. Trusted firmware-a documentation (2021). https://trustedfirmware-a.readthedocs.io/

  32. Xu, S., et al.: Match in my way: fine-grained bilateral access control for secure cloud-fog computing. IEEE Trans. Dependable Secure Comput. 19(2), 1064–1077 (2020)

    Google Scholar 

  33. Xu, S., et al.: Expressive bilateral access control for internet-of-things in cloud-fog computing. In: Proceedings of the 26th ACM Symposium on Access Control Models and Technologies, pp. 143–154 (2021)

    Google Scholar 

  34. Ying, K., Thavai, P., Du, W.: Truz-view: developing TrustZone user interface for mobile os using delegation integration model. In: Proceedings of the 9th ACM Conference on Data and Application Security and Privacy, pp. 1–12 (2019)

    Google Scholar 

  35. Zhao, S., et al.: Providing root of trust for ARM TrustZone using on-chip SRAM. In: Proceedings of the 4th International Workshop on Trustworthy Embedded Devices (2014)

    Google Scholar 

Download references

Acknowledgments

This work was supported by the European Commission through contract 870635 (DE4A) and by national funds through Fundação para a Ciência e a Tecnologia (FCT) with reference UIDB/50021/2020 (INESC-ID).

Author information

Authors and Affiliations

  1. INESC-ID, Instituto Superior Técnico, Universidade de Lisboa, Lisbon, Portugal

    Vasco Guita, Daniel Andrade, João Nuno Silva & Miguel Correia

Authors
  1. Vasco Guita
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel Andrade
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. João Nuno Silva
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Miguel Correia
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Miguel Correia .

Editor information

Editors and Affiliations

  1. Technical University of Denmark, Lyngby, Denmark

    Weizhi Meng

  2. Karlstad University, Karlstad, Sweden

    Simone Fischer-Hübner

  3. Technical University of Denmark, Lyngby, Denmark

    Christian D. Jensen

Rights and permissions

Reprints and permissions

Copyright information

© 2022 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Guita, V., Andrade, D., Silva, J.N., Correia, M. (2022). Anonymous Trusted Data Relocation for TEEs. In: Meng, W., Fischer-Hübner, S., Jensen, C.D. (eds) ICT Systems Security and Privacy Protection. SEC 2022. IFIP Advances in Information and Communication Technology, vol 648. Springer, Cham. https://doi.org/10.1007/978-3-031-06975-8_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-06975-8_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-06974-1

  • Online ISBN: 978-3-031-06975-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation