SGX; secure channel; mobile security; GDPR; trusted execution; data breach
Résumé :
[en] The current challenge for several applications is to
guarantee the user’s privacy when using personal data. The
broader problem is to transfer and process the data without
exposing the sensitive content to anyone, including the service
provider(s). In this paper, we address this challenge by proposing
a protocol to combine secure frameworks in order to exchange
and process sensitive data, i.e. respecting user’s privacy. Our
contribution is a protocol to perform a secure exchange of data
between a mobile application and a trusted execution environment.
In our experiments we show independent implementations
of our protocol using three different encryption modes (i.e., CBC,
ECB, GCM encryption). Our results support the feasibility and
importance of an end-to-end secure channel protocol.
Centre de recherche :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Services and Data management research group (SEDAN)
Disciplines :
Sciences informatiques
Auteur, co-auteur :
CARVALHO OTA, Fernando Kaway ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
MEIRA, Jorge Augusto ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
CASSAGNES, Cyril ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
STATE, Radu ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Co-auteurs externes :
yes
Langue du document :
Anglais
Titre :
Mobile App to SGX Enclave Secure Channel
Date de publication/diffusion :
13 février 2020
Nom de la manifestation :
IEEE International Symposium on Software Reliability Engineering
Lieu de la manifestation :
Berlin, Allemagne
Date de la manifestation :
27-30 Oct. 2019
Manifestation à portée :
International
Titre de l'ouvrage principal :
2019 IEEE International Symposium on Software Reliability Engineering Workshops
Drake, C., & Gauravaram, P. (2019). "Designing a User-Experience-First, Privacy-Respectful, High-Security Mutual-Multifactor Authentication Solution". Security in Computing and Communications, 183-210.
Alizadeh, Mojtaba, et al. "Authentication in mobile cloud computing: A survey." Journal of Network and Computer Applications 61 (2016): 59-80.
Akhtar, Z., Micheloni, C., Piciarelli, C., & Foresti, G. L. (2014). "MoBio LivDet: Mobile biometric liveness detection". 2014 11th IEEE International Conference on Advanced Video and Signal Based Surveillance (AVSS).
Shepherd, Carlton, Raja Naeem Akram, and Konstantinos Markantonakis. "Towards trusted execution of multi-modal continuous authentication schemes." Proceedings of the Symposium on Applied Computing. ACM, 2017.
Huang, Ling, et al. "Adversarial machine learning." Proceedings of the 4th ACM workshop on Security and artificial intelligence. ACM, 2011.
Akhtar, Z., Micheloni, C., & Foresti, G. L. (2015). "Biometric Liveness Detection: Challenges and Research Opportunities". IEEE Security & Privacy, 13(5), 6372. doi:10.1109/msp.2015.116.
Liang, Xueping and Shetty, Sachin and Zhang, Lingchen and Kamhoua, Charles and Kwiat, Kevin. "Man in the Cloud (MITC) Defender: SGXBased User Credential Protection for Synchronization Applications in Cloud Computing Platform". CLOUD 2017
Nashad Ahmed Safa and Reihaneh Safavi-Naini and Siamak Fayyaz Shahandashti. "Privacy-Preserving Implicit Authentication" . IACR Cryptology ePrint Archive 2014.
Liu, He & Saroiu, Stefan & Wolman, Alec & Raj, Himanshu. (2012). "Software abstractions for trusted sensors" . 10.1145/2307636.2307670.
Rogaway, Phillip. "Evaluation of some blockcipher modes of operation." Cryptography Research and Evaluation Committees (CRYPTREC) for the Government of Japan (2011).
Mulliner, Collin, Nico Golde, and Jean-Pierre Seifert. "SMS of Death: From Analyzing to Attacking Mobile Phones on a Large Scale." USENIX Security Symposium. Vol. 168. 2011.ndthebibliography
Firdaus, A., Anuar, N. B., Razak, M. F. A., Hashem, I. A. T., Bachok, S., & Sangaiah, A. K. (2018). Root Exploit Detection and Features Optimization: Mobile Device and Blockchain Based Medical Data Management. Journal of Medical Systems, 42(6). doi:10.1007/s10916-018-0966-x
Esposito, C., Palmieri, F., & Choo, K.-K. R. (2018). Cloud Message Queueing and Notification: Challenges and Opportunities. IEEE Cloud Computing, 5(2), 1116. doi:10.1109/mcc.2018.022171662.
