EmLog: Tamper-Resistant System Logging for Constrained Devices with TEEs

  • Carlton ShepherdEmail author
  • Raja Naeem Akram
  • Konstantinos Markantonakis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10741)


Remote mobile and embedded devices are used to deliver increasingly impactful services, such as medical rehabilitation and assistive technologies. Secure system logging is beneficial in these scenarios to aid audit and forensic investigations particularly if devices bring harm to end-users. Logs should be tamper-resistant in storage, during execution, and when retrieved by a trusted remote verifier. In recent years, Trusted Execution Environments (TEEs) have emerged as the go-to root of trust on constrained devices for isolated execution of sensitive applications. Existing TEE-based logging systems, however, focus largely on protecting server-side logs and offer little protection to constrained source devices. In this paper, we introduce EmLog – a tamper-resistant logging system for constrained devices using the GlobalPlatform TEE. EmLog provides protection against complex software adversaries and offers several additional security properties over past schemes. The system is evaluated across three log datasets using an off-the-shelf ARM development board running an open-source, GlobalPlatform-compliant TEE. On average, EmLog runs with low run-time memory overhead (1 MB heap and stack), 430–625 logs/second throughput, and five-times persistent storage overhead versus unprotected logs.


System logging Embedded security Trusted computing 



Carlton Shepherd is supported by the EPSRC and the British government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/K035584/1). The authors would also like to thank the anonymous reviewers for their valuable comments and suggestions.


  1. 1.
    ARM: Markets: Wearables (2017).
  2. 2.
    Bao, F., Chen, I.-R.: Dynamic trust management for Internet of Things applications. In: International Workshop on Self-aware Internet of Things, pp. 1–6. ACM (2012)Google Scholar
  3. 3.
    Bellare, M., Yee, B.: Forward integrity for secure audit logs. Technical report, Computer Science and Engineering Department, University of California at San Diego (1997)Google Scholar
  4. 4.
    Böck, B., Huemer, D., Tjoa, A.M.: Towards more trustable log files for digital forensics by means of trusted computing. In: 24th International Conference on Advanced Information Networking and Applications, pp. 1020–1027. IEEE (2010)Google Scholar
  5. 5.
    Brickell, E., Li, J.: Enhanced privacy ID from bilinear pairing for hardware authentication and attestation. Int. J. Inf. Privacy Secur. Integrity 1(1), 3–33 (2011)CrossRefGoogle Scholar
  6. 6.
    Chen, D., Wang, M.: A home security ZigBee network for remote monitoring applications. In: International Conference on Wireless, Mobile and Multimedia Networks, pp. 1–4. IET (2006)Google Scholar
  7. 7.
    Chong, C.N., Peng, Z., Hartel, P.H.: Secure audit logging with tamper-resistant hardware. In: Gritzalis, D., De Capitani di Vimercati, S., Samarati, P., Katsikas, S. (eds.) SEC 2003. ITIFIP, vol. 122, pp. 73–84. Springer, Boston, MA (2003). Scholar
  8. 8.
    Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive, 2016:86 (2016).
  9. 9.
    GlobalPlatform: TEE Protection Profile (v1.2) (2014)Google Scholar
  10. 10.
    GlobalPlatform: TEE Internal Core API (v1.1.1) (2016)Google Scholar
  11. 11.
    GlobalPlatform: TEE System Architecture (v1.1) (2017)Google Scholar
  12. 12.
    Hartung, G.: Attacks on secure logging schemes. IACR Cryptology ePrint Archive, 2017:95 (2017).
  13. 13.
    Holt, J.E.: Logcrypt: forward security and public verification for secure audit logs. In: Proceedings of the 2006 Australasian Workshops on Grid Computing and E-research, pp. 203–211. Australian Computer Society Inc. (2006)Google Scholar
  14. 14.
    International Standards Organisation: ISO/IEC 27001:20133 - Information Technology, Security Techniques, Information Security Management Systems, Requirements (2013).
  15. 15.
    Karande, V., Bauman, E., Lin, Z., Khan, L.: SGX-log: securing system logs With SGX. In: Proceedings of the 2017 Asia Conference on Computer and Communications Security, ASIA CCS 2017, NY, USA, pp. 19–30. ACM (2017)Google Scholar
  16. 16.
    Kent, K., Souppaya, M.: Guide to computer security log management. NIST Spec. Publ. 800-92 (2006)Google Scholar
  17. 17.
    Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631–648. Springer, Heidelberg (2010). Scholar
  18. 18.
    Krawczyk, H., Eronen, P.: RFC 5869 - HMAC-based Extract-and-expand Key Derivation Function (HKDF), May 2010.
  19. 19.
    Linaro: OP-TEE: Open Portable Trusted Execution Environment (2017).
  20. 20.
    Ma, D., Tsudik, G.: A new approach to secure logging. ACM Trans. Storage 5(1), 2 (2009)CrossRefGoogle Scholar
  21. 21.
    McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: efficient TCB reduction and attestation. In: 2010 IEEE Symposium on Security and Privacy, pp. 143–158. IEEE (2010)Google Scholar
  22. 22.
    Micallef, N., Kayacık, H.G., Just, M., Baillie, L., Aspinall, D.: Sensor use and usefulness: trade-offs for data-driven authentication on mobile devices. In: IEEE International Conference on Pervasive Computing and Communications, pp. 189–197. IEEE (2015)Google Scholar
  23. 23.
    Nguyen, H., Acharya, B., Ivanov, R., Haeberlen, A., Phan, L.T.X., Sokolsky, O., Walker, J., Weimer, J., Hanson, W., Lee, I.: Cloud-based secure logger for medical devices. In: IEEE 1st International Conference on Connected Health: Applications, Systems and Engineering Technologies, pp. 89–94, June 2016Google Scholar
  24. 24.
    Patel, S., Park, H., Bonato, P., Chan, L., Rodgers, M.: A review of wearable sensors and systems with applications in rehabilitation. J. Neuro-Eng. Rehabil. 9(1), 21 (2012)CrossRefGoogle Scholar
  25. 25.
    Perez, R., Sailer, R., van Doorn, L., et al.: vTPM: virtualizing the trusted platform module. In: Proceedings of the 15th USENIX Security Symposium, pp. 305–320 (2006)Google Scholar
  26. 26.
    Rashidi, P., Mihailidis, A.: A survey on ambient-assisted living tools for older adults. IEEE J. Biomed. Health Inform. 17(3), 579–590 (2013)CrossRefGoogle Scholar
  27. 27.
    Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. (TISSEC) 2(2), 159–176 (1999)CrossRefGoogle Scholar
  28. 28.
    Shepherd, C., Akram, R.N., Markantonakis, K.: Establishing mutually trusted channels for remote sensing devices with trusted execution environments. In: 12th International Conference on Availability, Reliability and Security (ARES), pp. 7:1–7:10. ACM (2017)Google Scholar
  29. 29.
    Shepherd, C., Akram, R.N., Markantonakis, K.: Towards trusted execution of multi-modal continuous authentication schemes. In: Proceedings of the 32nd Symposium on Applied Computing, pp. 1444–1451. ACM (2017)Google Scholar
  30. 30.
    Shepherd, C., Arfaoui, G., Gurulian, I., Lee, R.P., Markantonakis, K., Akram, R.N., Sauveron, D., Conchon, E.: Secure and trusted execution: past, present, and future - a critical review in the context of the Internet of Things and cyber-physical systems. In: 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 168–177 (2016)Google Scholar
  31. 31.
    Singaravelu, L., Pu, C., Härtig, H., Helmuth, C.: Reducing TCB complexity for security-sensitive applications: three case studies. In: ACM SIGOPS Operating Systems Review, vol. 40, pp. 161–174. ACM (2006)CrossRefGoogle Scholar
  32. 32.
    Sinha, A., Jia, L., England, P., Lorch, J.R.: Continuous tamper-proof logging using TPM 2.0. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 19–36. Springer, Cham (2014). Scholar
  33. 33.
    Trustonic: Adoption of Trustonic Security Platforms Passes 1 Billion Device Milestone, February 2017.
  34. 34.
    Yavuz, A.A., Ning, P., Reiter, M.K.: Efficient, compromise resilient and append-only cryptographic schemes for secure audit logging. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 148–163. Springer, Heidelberg (2012). Scholar

Copyright information

© IFIP International Federation for Information Processing 2018

Authors and Affiliations

  • Carlton Shepherd
    • 1
    Email author
  • Raja Naeem Akram
    • 1
  • Konstantinos Markantonakis
    • 1
  1. 1.Smart Card and Internet of Things Security Centre, Information Security GroupRoyal Holloway, University of LondonSurreyUK

Personalised recommendations