An official website of the United States government
The recent edge computing infrastructure introduces a new computing model that works as a complement of the traditional cloud computing. The edge nodes in the infrastructure reduce the network latency of the cloud computing model and increase data privacy by offloading the sensitive computation from the cloud to the edge. Recent research focuses on the applications and performance of the edge computing, but less attention is paid to the security of this new computing paradigm. Inspired by the recent move of hardware vendors that introducing hardware-assisted Trusted Execution Environment (TEE), we believe applying these TEEs on the edge nodes would be a natural choice to secure the computation and sensitive data on these nodes. In this paper, we investigate the typical hardware-assisted TEEs and evaluate the performance of these TEEs to help analyze the feasibility of deploying them on the edge platforms. Our experiments show that the performance overhead introduced by the TEEs is low, which indicates that integrating these TEEs into the edge nodes can efficiently mitigate security loopholes with a low performance overhead.
more »
« less
SenseHash: Computing on Sensor Values Mystified At the Origin
We propose SenseHash, a novel design for the lightweight in-hardware mystification of the sensed data at the origin. The framework aims to ensure the privacy of sensitive sensor values while preserving their utility. The sensors are assumed to interface to various (potentially malicious) communication and computing components in the Internet-of-things (IoT) and other emerging pervasive computing scenarios. The primary security primitives of our work are Locality Sensitive Hashing (LSH) combined with Differential Privacy (DP) and secure construction of LSH. Our construction allows (i) sub-linear search in sensor readings while ensuring their security against triangulation attack, and (ii) differentially private statistics of the readings. SenseHash includes hardware architecture as well as accompanying protocols to efficiently utilize the secure readings in practical scenarios. Alongside these scenarios, we present an automated workflow to generalize the application of the mystified readings. Proof-of-concept FPGA implementation of the system demonstrates its practicability and low overhead in terms of hardware resources, energy consumption, and protocol execution time.
more »
« less
- Award ID(s):
- 2016737
- PAR ID:
- 10382350
- Date Published:
- Journal Name:
- IEEE transactions on emerging topics in computing
- ISSN:
- 2168-6750
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
The recent edge computing infrastructure introduces a new computing model that works as a complement of the traditional cloud computing. The edge nodes in the infrastructure reduce the network latency of the cloud computing model and increase data privacy by offloading the sensitive computation from the cloud to the edge. Recent research focuses on the applications and performance of the edge computing, but less attention is paid to the security of this new computing paradigm. Inspired by the recent move of hardware vendors that introducing hardware-assisted Trusted Execution Environment (TEE), we believe applying these TEEs on the edge nodes would be a natural choice to secure the computation and sensitive data on these nodes. In this paper, we investigate the typical hardware-assisted TEEs and evaluate the performance of these TEEs to help analyze the feasibility of deploying them on the edge platforms. Our experiments show that the performance overhead introduced by the TEEs is low, which indicates that integrating these TEEs into the edge nodes can efficiently mitigate security loopholes with a low performance overhead.more » « less
-
Joe Calandrino and Carmela Troncoso (Ed.)As service providers are moving to the cloud, users are forced to provision sensitive data to the cloud. Confidential computing leverages hardware Trusted Execution Environment (TEE) to protect data in use, no longer requiring users’ trust to the cloud. The emerging service model, Confidential Computing as a Service (CCaaS), is adopted by service providers to offer service similar to the Function-as-a-Serivce manner. However, privacy concerns are raised in CCaaS, especially in multi-user scenarios. CCaaS need to assure the data providers that the service does not leak their privacy to any unauthorized parties and clear their data after the service. To address such privacy concerns with security guarantees, we first formally define the security objective, Proof of Being Forgotten (PoBF), and prove under which security constraints PoBF can be satisfied. Then, these constraints serve as guidelines in the implementation of the PoBF-compliant Framework (PoCF). PoCF consists of a generic library for different hardware TEEs, CCaaS prototype enclaves, and a verifier to prove PoBF-compliance. PoCF leverages Rust’s robust type system and security features, to construct a verified state machine with privacy-preserving contracts. Last, the experiment results show that the protections introduced by PoCF incur minor runtime performance overhead.more » « less
-
Given sensor units distributed throughout an environment, we consider the problem of consolidating readings into a single coherent view when sensors wish to limit knowledge of their specific readings. Standard fusion methods make no guarantees about what curious participants may learn. For applications where privacy guarantees are required, we introduce a fusion approach that limits what can be inferred. First, it forms an aggregate stream, oblivious to the underlying sensor data, and then evaluates that stream on a combinatorial filter. This is achieved via secure multi-party computation techniques built on cryptographic primitives, which we extend and apply to the problem of fusing discrete sensor signals. We prove that the extensions preserve security under the model of semi-honest adversaries. Also, for a simple target tracking case study, we examine a proof-of-concept implementation: analyzing the (empirical) running times for components in the architecture and suggesting directions for future improvement.more » « less
-
The vehicular fog is a relatively new computing paradigm where fog computing works with the vehicular network. It provides computation, storage, and location-aware services with low latency to the vehicles in close proximity. A vehicular fog network can be formed on-the-fly by adding underutilized or unused resources of nearby parked or moving vehicles. Interested vehicles can outsource their resources or data by being added to the vehicular fog network while maintaining proper security and privacy. Client vehicles can use these resources or services for performing computation-intensive tasks, storing data, or getting crowdsource reports through the proper secure and privacy-preserving communication channel. As most vehicular network applications are latency and location sensitive, fog is more suitable than the cloud because of the capability of performing calculations with low latency, location awareness, and the support of mobility. Architecture, security, and privacy models of vehicular fog are not well defined and widely accepted yet as it is in its early stage. In this paper, we have analyzed existing studies on vehicular fog to determine the requirements and issues related to the architecture, security, and privacy of vehicular fog computing. We have also identified and highlighted the open research problems in this promising area.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/10.1109/TETC.2022.3217488
