The Trade-Off Between Performance and Security of Virtualized Trusted Execution Environment on Android

Nowadays,with the significant growth of the mobile market,security issues on the Android Operation System have also become an urgent matter.Trusted execution environment(TEE)technologies are considered an option for satisfying the inviolable property by taking advantage of hardware security.However,for Android,TEE technologies still contain restrictions and limitations.The first issue is that non-original equipment manufacturer developers have limited access to the functionality of hardware-based TEE.Another issue of hardware-based TEE is the cross-platform problem.Since every mobile device supports different TEE vendors,it becomes an obstacle for developers to migrate their trusted applications to other Android devices.A software-based TEE solution is a potential approach that allows developers to customize,package and deliver the product efficiently.Motivated by that idea,this paper introduces a VTEE model,a software-based TEE solution,on Android devices.This research contributes to the analysis of the feasibility of using a virtualized TEE on Android devices by considering two metrics:computing performance and security.The experiment shows that the VTEE model can host other software-based TEE services and deliver various cryptography TEE functions on theAndroid environment.The security evaluation shows that adding the VTEE model to the existing Android does not addmore security issues to the traditional design.Overall,this paper shows applicable solutions to adjust the balance between computing performance and security.

Distributed Trusted Computing for Blockchain-Based Crowdsourcing

A centralized trusted execution environment(TEE)has been extensively studied to provide secure and trusted computing.However,a TEE might become a throughput bottleneck if it is used to evaluate data quality when collecting large-scale data in a crowdsourcing system.It may also have security problems compromised by attackers.Here,we propose a scheme,named dTEE,for building a platform for providing distributed trusted computing by leveraging TEEs.The platform is used as an infrastructure of trusted computations for blockchain-based crowdsourcing systems,especially to securely evaluate data quality and manage remuneration:these operations are handled by a TEE group.First,dTEE uses a public blockchain with smart contracts to manage TEEs without reliance on any trusted third parties.Second,to update TEE registration information and rule out zombie TEEs,dTEE uses a reporting mechanism.To attract TEE owners to join in and provide service of trusted computations,it uses a fair monetary incentive mechanism.Third,to account for malicious attackers,we design a model with Byzantine fault tolerance,not limited to a crash-failure model.Finally,we conduct an extensive evaluation of our design on a local cluster.The results show that dTEE finishes evaluating 10,000 images within one minute and achieves about 65 tps throughput when evaluating Sudoku solution data with collective signatures both in a group of 120 TEEs.

ETS-TEE: An Energy-Efficient Task Scheduling Strategy in a Mobile Trusted Computing Environment

A trusted execution environment(TEE)is a system-on-chip and CPU system with a wide security solution available on today’s Arm application(APP)processors,which dominate the smartphone market.Generally,mobile APPs create a trusted application(TA)in the TEE to process sensitive information,such as payment or message encryption,which is transparent to the APPs running in the rich execution environments(REEs).In detail,the REE and TEE interact and eventually send back the results to the APP in the REE through the interface provided by the TA.Such an operation definitely increases the overhead of mobile APPs.In this paper,we first present a comprehensive analysis of the performance of open-source TEE encrypted text.We then propose a high energy-efficient task scheduling strategy(ETS-TEE).By leveraging the deep learning algorithm,our policy considers the complexity of TA tasks,which are dynamically scheduled between modeling on the local device and offloading to an edge server.We evaluate our approach on Raspberry Pi 3B as the local mobile device and Jetson TX2 as the edge server.The results show that compared with the default scheduling strategy on the local device,our approach achieves an average of 38.0%energy reduction and 1.6×speedup.This greatly reduces the performance loss caused by mobile devices in order to protect the safe execution of applications,so that the trusted execution environment has both security and high performance.

An OP-TEE Energy-Efficient Task Scheduling Approach Based on Mobile Application Characteristics

Trusted Execution Environment(TEE)is an important part of the security architecture of modern mobile devices,but its secure interaction process brings extra computing burden to mobile devices.This paper takes open portable trusted execution environment(OP-TEE)as the research object and deploys it to Raspberry Pi 3B,designs and implements a benchmark for OP-TEE,and analyzes its program characteristics.Furthermore,the application execution time,energy consumption and energy-delay product(EDP)are taken as the optimization objectives,and the central processing unit(CPU)frequency scheduling strategy of mobile devices is dynamically adjusted according to the characteristics of different applications through the combined model.The experimental result shows that compared with the default strategy,the scheduling method proposed in this paper saves 21.18%on average with the Line Regression-Decision Tree scheduling model with the shortest delay as the optimization objective.The Decision Tree-Support Vector Regression(SVR)scheduling model,which takes the lowest energy consumption as the optimization goal,saves 22%energy on average.The Decision Tree-K-Nearest Neighbor(KNN)scheduling model with the lowest EDP as the optimization objective optimizes about 33.9%on average.

Efficient and fair coin mixing for Bitcoin

Bitcoin transactions are pseudo-anonymous,which can be exploited to reveal a user’s private information.To eliminate this threat,this paper presents FairMixer,a highly secure and efficient Bitcoin mixing system using the trusted execution environments(TEEs).With the TEE’s confidentiality and integrity guarantees for code and data,FairMixer enables a correct and privacy-preserving mixing process.However,a TEE-based implementation cannot prevent the manipulation of inputs to the mixer,such as mixing request submissions and blockchain feeds.Against this background,FairMixer captures users’ mixing requests via Bitcoin transactions for deterring a malicious service provider from dropping benign participants.To constrain misbehavior during a mixing mission,a misconduct monitoring mechanism and a penalty mechanism are introduced.The proposed scheme is fully compatible with Bitcoin and forces mixes to be accountable.Finally,a prototype of FairMixer is provided using Intel Software Guard Extensions(SGX) and its performance is evaluated in the Bitcoin Testnet.FairMixer mixes 700 inputs in just 8.39 s,which outperforms most existing decentralized mixers.

AudiTEE: Efficient, General-Purpose and Privacy-Preserving Audit for Distributed Ledgers

Privacy-preservation and effective auditing are two desirable but challenging requirements on distributed ledgers. To meet the requirements, this paper presents an auditing scheme, called as AudiTEE, which can audit a distributed ledger in a generic, efficient, and privacy-preserving manner. AudiTEE leverages Trusted Execution Environment (TEE) to generate confidential but auditable transactions and realize arbitrary, efficient and confidential audit on them. Unfortunately, TEE suffers from some inherent barriers and is itself not a complete solution for fast audit. To tackle these challenges, AudiTEE takes advantage of KAMT (K-anonymity Authentication Based on Merkle Tree) protocol for efficient management on account and user-defined anonymous transactions. Further, to achieve a complete and fast audit with unlinkability, TEE doesn’t process through all but only a comparatively small part of transactions according to a special ktag attached on each transaction to ensure that a user cannot hide transactions from auditor even when auditor is blind with who is involved in each transaction on the ledger. Apart from the above, AudiTEE allows flexible control on user behaviors. We implement a concrete instance of AudiTEE under a bank setting and demonstrate the scalability with all its core functionalities.

On Monetizing Personal Wearable Devices Data:A Blockchain-based Marketplace for Data Crowdsourcing and Federated Machine Learning in Healthcare

Machine learning advancements in healthcare have made data collected through smartphones and wearable devices a vital source of public health and medical insights.While wearable device data help to monitor,detect,and predict diseases and health conditions,some data owners hesitate to share such sensitive data with companies or researchers due to privacy concerns.Moreover,wearable devices have been recently available as commercial products;thus large,diverse,and representative datasets are not available to most researchers.In this article,the authors propose an open marketplace where wearable device users securely monetize their wearable device records by sharing data with consumers(e.g.,researchers)to make wearable device data more available to healthcare researchers.To secure the data transactions in a privacy-preserving manner,the authors use a decentralized approach using Blockchain and Non-Fungible Tokens(NFTs).To ensure data originality and integrity with secure validation,the marketplace uses Trusted Execution Environments(TEE)in wearable devices to verify the correctness of health data.The marketplace also allows researchers to train models using Federated Learning with a TEE-backed secure aggregation of data users may not be willing to share.To ensure user participation,we model incentive mechanisms for the Federated Learning-based and anonymized data-sharing approaches using NFTs.The authors also propose using payment channels and batching to reduce smart contact gas fees and optimize user profits.If widely adopted,it’s believed that TEE and Blockchain-based incentives will promote the ethical use of machine learning with validated wearable device data in healthcare and improve user participation due to incentives.

Confidential computing and related technologies:a critical review

This research critically reviews the definition of confidential computing(CC)and the security comparison of CC with other related technologies by the Confidential Computing Consortium(CCC).We demonstrate that the definitions by CCC are ambiguous,incomplete and even conflicting.We also demonstrate that the security comparison of CC with other technologies is neither scientific nor fair.We highlight the issues in the definitions and comparisons and provide initial recommendations for fixing the issues.These recommendations are the first step towards more precise definitions and reliable comparisons in the future.

ShadowEth： Private Smart Contract on Public Blockchain

Blockchain is becoming popular as a distributed and reliable ledger which allows distrustful parties to transact safely without trusting third parties. Emerging blockchain systems like Ethereum support smart contracts where miners can run arbitrary user-defined programs. However, one of the biggest concerns about the blockchain and the smart contract is privacy, since all the transactions on the chain are exposed to the public. In this paper, we present ShadowEth, a system that leverages hardware enclave to ensure the confidentiality of smart contracts while keeping the integrity and availability based on existing public blockchains like Ethereum. ShadowEth establishes a confidential and secure platform protected by trusted execution environment （TEE） off the public blockchain for the execution and storage of private contracts. It only puts the process of verification on the blockchain. We provide a design of our system including a protocol of the cryptographic communication and verification and show the applicability and feasibility of ShadowEth by various case studies. We implement a prototype using the Intel SGX on the Ethereum network and analyze the security and availability of the system.

A survey of Intel SGX and its applications

This paper presents a comprehensive survey on the development of Intel SGX(software guard extensions)processors and its applications.With the advent of SGX in 2013 and its subsequent development,the corresponding research works are also increasing rapidly.In order to get a more comprehensive literature review related to SGX,we have made a systematic analysis of the related papers in this area.We first search through five large-scale paper retrieval libraries by keywords(i.e.,ACM Digital Library,IEEE/IET Electronic Library,SpringerLink,Web of Science,and Elsevier Science Direct).We read and analyze a total of 128 SGX-related papers.The first round of extensive study is conducted to classify them.The second round of intensive study is carried out to complete a comprehensive analysis of the paper from various aspects.We start with the working environment of SGX and make a conclusive summary of trusted execution environment(TEE).We then focus on the applications of SGX.We also review and study multifarious attack methods to SGX framework and some recent security improvements made on SGX.Finally,we summarize the advantages and disadvantages of SGX with some future research opportunities.We hope this review could help the existing and future research works on SGX and its application for both developers and users.

Unified Enclave Abstraction and Secure Enclave Migration on Heterogeneous Security Architectures

Nowadays,application migration becomes more and more attractive.For example,it can make computation closer to data sources or make service closer to end-users,which may significantly decrease latency in edge computing.Yet,migrating applications among servers that are controlled by different platform owners raises security issues.We leverage hardware-secured trusted execution environment(TEE,aka.,enclave)technologies,such as Intel SGX,AMD SEV,and ARM TrustZone,for protecting critical computations on untrusted servers.However,these hardware TEEs propose non-uniform programming abstractions and are based on heterogeneous architectures,which not only forces programmers to develop secure applications targeting some specific abstraction but also hinders the migration of protected applications.Therefore,we propose UniTEE which gives a unified enclave programming abstraction across the above three hardware TEEs by using a microkernel-based design and enables the secure enclave migration by integrating heterogeneous migration techniques.We have implemented the prototype on real machines.The evaluation results show the migration support incurs nearly-zero runtime overhead and the migration procedure is also efficient.

小米“手机×AIoT”安全隐私技术

在万物互联时代,安全和隐私风险逐步扩大,越来越多的人开始担忧产品的安全和隐私问题。小米集团具有手机和物联网等多种业务形态,“手机×AIoT”也已成为小米的核心战略。围绕手机和AIoT(人工智能物联网),小米在信息安全与隐私保护方面面临着非常大的挑战,也做了大量的工作。本文基于小米的信息安全和隐私保护发展历史,介绍了在手机、IoT以及AI领域的信息安全和隐私保护技术。这些技术包括了小米可信执行环境MiTEE(Mi trusted execution environment)、差分隐私技术、MIUI隐私保护技术、AI算法隐私保护、移动端深度学习框架MACE(mobile AI compute engine)、IoT软件开发平台Xiaomi Vela,以及IoT的其他安全技术能力等。

A TrustEnclave-Based Architecture for Ensuring Run-Time Security in Embedded Terminals

The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, such as smart hardware as well as wearable and mobile devices. Typically, these devices use universal hardware and software to connect with public networks via the Internet, and are probably open to security threats from Trojan viruses and other malware. As a result, the security of sensitive personal data is threatened and economic interests in the industry are compromised. To address the run-time security problems efficiently, first, a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Finally, both analytical and experimental evaluations are provided. The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme.

Security Protection Method of Energy Internet with Android

As a product of the combination of information and energy technology,the energy internet is enormous and complex,and the absence of security safeguards at any aspect of it can cause incalculable damage.Aiming at the problems that Energy Internet terminals are difficult to be trusted and the integrity of massive terminals cannot be guaranteed,this paper designs and implements a set of comprehensive credibility measures and security protection schemes,isolates various malicious operations,and ensures that the system is always in a credible state.Specifically,we develop a secure TF card control program in the Android terminal application layer to realize the overall security scheme.Experimental results prove that this security protection scheme can effectively detect illegal application packages in energy Internet terminal devices,resist malicious programs,and protect key data from theft at the same time,achieving security protection in the“thing-to-thing”interconnection scenario of the Energy Internet.

Reliability and Incentive of Performance Assessment for Decentralized Clouds

Decentralized cloud platforms have emerged as a promising paradigm to exploit the idle computing resources across the Internet to catch up with the ever-increasing cloud computing demands.As any user or enterprise can be the cloud provider in the decentralized cloud,the performance assessment of the heterogeneous computing resources is of vital significance.However,with the consideration of the untrustworthiness of the participants and the lack of unified performance assessment metric,the performance monitoring reliability and the incentive for cloud providers to offer real and stable performance together constitute the computational performance assessment problem in the decentralized cloud.In this paper,we present a robust performance assessment solution RODE to solve this problem.RODE mainly consists of a performance monitoring mechanism and an assessment of the claimed performance(AoCP)mechanism.The performance monitoring mechanism first generates reliable and verifiable performance monitoring results for the workloads executed by untrusted cloud providers.Based on the performance monitoring results,the AoCP mechanism forms a unified performance assessment metric to incentivize cloud providers to offer performance as claimed.Via extensive experiments,we show RODE can accurately monitor the performance of cloud providers on the premise of reliability,and incentivize cloud providers to honestly present the performance information and maintain the performance stability.