Mobile App to SGX Enclave Secure Channel

Carvalho Ota, Fernando Kaway; Meira, Jorge Augusto; Cassagnes, Cyril; State, Radu

doi:10.1109/ISSREW.2019.00081

Request a copy

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Mobile App to SGX Enclave Secure Channel

Carvalho Ota, Fernando Kaway; Meira, Jorge Augusto; Cassagnes, Cyril et al.

2020 • In 2019 IEEE International Symposium on Software Reliability Engineering Workshops

Peer reviewed

Permalink
https://hdl.handle.net/10993/44341

DOI
10.1109/ISSREW.2019.00081

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

08990343.pdf

Publisher postprint (473.08 kB)

Request a copy

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

SGX; secure channel; mobile security; GDPR; trusted execution; data breach

Abstract :

[en] The current challenge for several applications is to guarantee the user’s privacy when using personal data. The broader problem is to transfer and process the data without exposing the sensitive content to anyone, including the service provider(s). In this paper, we address this challenge by proposing a protocol to combine secure frameworks in order to exchange and process sensitive data, i.e. respecting user’s privacy. Our contribution is a protocol to perform a secure exchange of data between a mobile application and a trusted execution environment. In our experiments we show independent implementations of our protocol using three different encryption modes (i.e., CBC, ECB, GCM encryption). Our results support the feasibility and importance of an end-to-end secure channel protocol.

Research center :

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Services and Data management research group (SEDAN)

Disciplines :

Computer science

Author, co-author :

Carvalho Ota, Fernando Kaway ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Meira, Jorge Augusto ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Cassagnes, Cyril ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

State, Radu ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

External co-authors :

yes

Language :

English

Title :

Mobile App to SGX Enclave Secure Channel

Publication date :

13 February 2020

Event name :

IEEE International Symposium on Software Reliability Engineering

Event place :

Berlin, Germany

Event date :

27-30 Oct. 2019

Audience :

International

Main work title :

2019 IEEE International Symposium on Software Reliability Engineering Workshops

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Additional URL :

https://ieeexplore.ieee.org/document/8990343

Available on ORBilu :

since 24 September 2020

Statistics

Number of views

150 (9 by Unilu)

Number of downloads

1 (1 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

Bibliography

Drake, C., & Gauravaram, P. (2019). "Designing a User-Experience-First, Privacy-Respectful, High-Security Mutual-Multifactor Authentication Solution". Security in Computing and Communications, 183-210.
Alizadeh, Mojtaba, et al. "Authentication in mobile cloud computing: A survey." Journal of Network and Computer Applications 61 (2016): 59-80.
Akhtar, Z., Micheloni, C., Piciarelli, C., & Foresti, G. L. (2014). "MoBio LivDet: Mobile biometric liveness detection". 2014 11th IEEE International Conference on Advanced Video and Signal Based Surveillance (AVSS).
Shepherd, Carlton, Raja Naeem Akram, and Konstantinos Markantonakis. "Towards trusted execution of multi-modal continuous authentication schemes." Proceedings of the Symposium on Applied Computing. ACM, 2017.
Huang, Ling, et al. "Adversarial machine learning." Proceedings of the 4th ACM workshop on Security and artificial intelligence. ACM, 2011.
Akhtar, Z., Micheloni, C., & Foresti, G. L. (2015). "Biometric Liveness Detection: Challenges and Research Opportunities". IEEE Security & Privacy, 13(5), 6372. doi:10.1109/msp.2015.116.
Liang, Xueping and Shetty, Sachin and Zhang, Lingchen and Kamhoua, Charles and Kwiat, Kevin. "Man in the Cloud (MITC) Defender: SGXBased User Credential Protection for Synchronization Applications in Cloud Computing Platform". CLOUD 2017
Nashad Ahmed Safa and Reihaneh Safavi-Naini and Siamak Fayyaz Shahandashti. "Privacy-Preserving Implicit Authentication" . IACR Cryptology ePrint Archive 2014.
Liu, He & Saroiu, Stefan & Wolman, Alec & Raj, Himanshu. (2012). "Software abstractions for trusted sensors" . 10.1145/2307636.2307670.
Rogaway, Phillip. "Evaluation of some blockcipher modes of operation." Cryptography Research and Evaluation Committees (CRYPTREC) for the Government of Japan (2011).
Mulliner, Collin, Nico Golde, and Jean-Pierre Seifert. "SMS of Death: From Analyzing to Attacking Mobile Phones on a Large Scale." USENIX Security Symposium. Vol. 168. 2011.ndthebibliography
Firdaus, A., Anuar, N. B., Razak, M. F. A., Hashem, I. A. T., Bachok, S., & Sangaiah, A. K. (2018). Root Exploit Detection and Features Optimization: Mobile Device and Blockchain Based Medical Data Management. Journal of Medical Systems, 42(6). doi:10.1007/s10916-018-0966-x
Esposito, C., Palmieri, F., & Choo, K.-K. R. (2018). Cloud Message Queueing and Notification: Challenges and Opportunities. IEEE Cloud Computing, 5(2), 1116. doi:10.1109/mcc.2018.022171662.
Costan, Victor, and Srinivas Devadas. "Intel SGX Explained." IACR Cryptology ePrint Archive 2016.086 (2016): 1-118.