Keywords: IoT, security, Intel SGX, enclave, application-level encryption, middleware, rules engine
Summary: The cloud seems like an abvious choice when we think about deploying Internet of Things (IoT) and Web of Things (WoT) solutions. However, the use of cloud platforms raises a specific concern: how well is the platform protected against attacks? This basic question should however be extended: how well is the data used by an IoT solution protected, including from the platform itself? Currently, in most situations trust is assumed between the plaftorm owner and the application owner. A solution exists in the form of end-to-end encryption, but only works for storing data on an un-trusted platform, not for processing it.
Our group is developing a solution to this problem using Trusted Execution Environments (TEEs). These allow a program to be securely executed on an un-trusted machine. For now, we focus our research on the tools provided by Intel: Software Guards Extensions (SGX).
To achieve this, we are using the following concepts and ideas:
Middleware allowing for secure event processing of IoT devices, inside an SGX enclave.
Client for interacting with the middleware, using WebCrypto to establish a secure communication.
Implementation of the Ephemeral Diffie-Hellman Over COSE (EDHOC) for establishing a secure communication session using COAP.
No available projects for the moment.