S2Net: Preserving Privacy in Smart Home Routers

At present, wireless home routers are becoming increasingly smart. While these smart routers provide rich functionalities to users, they also raise security concerns. Although the existing end-to-end encryption techniques can be applied to protect personal data, such rich functionalities become unavailable due to the encrypted payloads. On the other hand, if the smart home routers are allowed to process and store the personal data of users, once compromised, the users’ sensitive data will be exposed. As a consequence, users face a difficult trade-off between the benefits of the rich functionalities and potential privacy risks. To deal with this dilemma, we propose a novel system named Secure and Smart Network (S2Net) for home routers. For S2Net, we propose a secure OS that can distinguish and manage multiple sessions belonging to different users. The secure OS and all the router applications are placed in the secure world using the ARM TrustZone technology. In S2Net, we also confine the router applications in sandboxes provided by the proposed secure OS to prevent data leakage. As a result, S2Net can provide rich functionalities for users while preserving strong privacy for home routers. In addition, we develop a crypto-worker model that provides an abstraction layer of cryptographic tasks performed by a heterogeneous multi-core system. The other important role of crypto-worker is to parallelize the computations in order to resolve the high computation cost of cryptographic functions. We report the system design of S2Net and the details of our implementation. Experimental results with benchmarks and real applications demonstrate that our implementation is capable of achieving high performance in terms of throughput while mitigating the overhead of S2Net design.

[1]  C. Dickens,et al.  CHAPTER 46 , 2019, Rabbi Abraham Ibn Ezra's Commentary on the Second Book of Psalms.

[2]  Trent Jaeger,et al.  Building a Trustworthy Execution Environment to Defeat Exploits from both Cyber Space and Physical Space for ARM , 2019, IEEE Transactions on Dependable and Secure Computing.

[3]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[4]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.

[5]  Trent Jaeger,et al.  TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone , 2017, MobiSys.

[6]  Felix Freitag,et al.  On Participatory Service Provision at the Network Edge with Community Home Gateways , 2017, ANT/SEIT.

[7]  Emmett Witchel,et al.  Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data , 2016, OSDI.

[8]  Yunxin Liu,et al.  Smart and Secure: Preserving Privacy in Untrusted Home Routers , 2016, APSys.

[9]  Roksana Boreli,et al.  A Host-Based Intrusion Detection and Mitigation Framework for Smart Home IoT Using OpenFlow , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[10]  Gernot Heiser,et al.  L4 Microkernels: The Lessons from 20 Years of Research and Deployment , 2016, TOCS.

[11]  Klaus Wehrle,et al.  Moving Privacy-Sensitive Services from Public Clouds to Decentralized Private Clouds , 2016, 2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW).

[12]  Alec Wolman,et al.  fTPM: A Firmware-based TPM 2.0 Implementation , 2015 .

[13]  Teruo Higashino,et al.  Edge-centric Computing: Vision and Challenges , 2015, CCRV.

[14]  Johannes Winter,et al.  Secure Block Device -- Secure, Flexible, and Efficient Data Storage for ARM TrustZone Systems , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[15]  Sylvia Ratnasamy,et al.  BlindBox: Deep Packet Inspection over Encrypted Traffic , 2015, SIGCOMM.

[16]  Pablo Rodriguez,et al.  Multi-Context TLS (mcTLS): Enabling Secure In-Network Functionality in TLS , 2015, Comput. Commun. Rev..

[17]  Yan Grunenberger,et al.  The Cost of the "S" in HTTPS , 2014, CoNEXT.

[18]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[19]  Hannes Tschofenig,et al.  Securing the Internet of Things: A Standardization Perspective , 2014, IEEE Internet of Things Journal.

[20]  Salvatore Loreto,et al.  Explicit Trusted Proxy in HTTP/2.0 , 2014 .

[21]  Donald E. Porter,et al.  Rethinking the library OS from the top down , 2011, ASPLOS XVI.

[22]  Scott A. Rotondo Trusted Computing Platform Alliance , 2011, Encyclopedia of Cryptography and Security.

[23]  John Davis,et al.  Building Energy-Efficient Systems for Sequential I/O Workloads , 2010 .

[24]  George Varghese,et al.  Difference engine: harnessing memory redundancy in virtual machines , 2008, OSDI 2008.

[25]  Serge E. Hallyn,et al.  Virtual servers and checkpoint/restart in mainstream Linux , 2008, OPSR.

[26]  Larry L. Peterson,et al.  Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors , 2007, EuroSys '07.

[27]  Taskin Koçak,et al.  Low-power bloom filter architecture for deep packet inspection , 2006, IEEE Communications Letters.

[28]  Siani Pearson,et al.  Trusted Computing Platforms: TCPA Technology in Context , 2002 .