Fine-Grained Access Control-Enabled Logging Method on ARM TrustZone

Most applications for the Internet of Things operate on embedded systems. In particular, embedded devices intended for smart healthcare, smart homes, and smart cars generate logs containing sensitive user information. These logs must be protected from malicious users while also being accessible for legitimate users to utilize them for providing customized services. Unfortunately, the existing logging system only supporting one-to-one encryption based on a server-client model, so there are limitations in building a decentralized logging infrastructure for the hyper-connected era. In this paper, we propose a new secure logging method that supports one-to-many encryption and extends existing logging systems to a decentralized logging infrastructure. In the proposed method, log publishers are able to encrypt generated logs and distribute them to cloud storage in real time and can ensure that only authorized log subscribers access the logs. For one-to-many encryption, we apply a key-policy attribute-based encryption scheme which is suitable for logging systems. For reliability and efficiency of logs, we apply a key-derivation process that cooperates with one-way hash functions within a trusted execution environment. In a real time logging scenario, the proposed method is 93% faster and occupies 83% less storage space than when an original attribute-based encryption scheme is applied. In addition, performance-tunable parameters can optimize our method for various environments.

[1]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[2]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[3]  Mohammad A. Noureddine,et al.  OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis , 2020, NDSS.

[4]  Yao Zheng,et al.  Privacy-Preserving Personal Health Record System Using Attribute-Based Encryption , 2011 .

[5]  Richard Chow,et al.  The Last Mile for IoT Privacy , 2017, IEEE Security & Privacy.

[6]  Tommy Färnqvist Number Theory Meets Cache Locality – Efficient Implementation of a Small Prime FFT for the GNU Multiple Precision Arithmetic Library , 2005 .

[7]  W. Marsden I and J , 2012 .

[8]  Feifei Li,et al.  DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning , 2017, CCS.

[9]  Jian Shen,et al.  Key-policy attribute-based encryption against continual auxiliary input leakage , 2019, Inf. Sci..

[10]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[11]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[12]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[13]  Simon Josefsson,et al.  The Base16, Base32, and Base64 Data Encodings , 2003, RFC.

[14]  Pramodita Sharma 2012 , 2013, Les 25 ans de l’OMC: Une rétrospective en photos.

[15]  Geong Sen Poh,et al.  Attribute Based Encryption with Privacy Protection and Accountability for CloudIoT , 2022, IEEE Transactions on Cloud Computing.

[16]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[17]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[18]  Stefan Mangard,et al.  ARMageddon: Cache Attacks on Mobile Devices , 2015, USENIX Security Symposium.

[19]  Mu Zhang,et al.  Towards a Timely Causality Analysis for Enterprise Security , 2018, NDSS.

[20]  Mihir Bellare,et al.  Forward Integrity For Secure Audit Logs , 1997 .

[21]  David E. Culler,et al.  JEDI: Many-to-Many End-to-End Encryption and Key Delegation for IoT , 2019, USENIX Security Symposium.

[22]  Vinton G. Cerf,et al.  A brief history of the internet , 1999, CCRV.

[23]  Jiguo Li,et al.  Flexible and Fine-Grained Attribute-Based Data Storage in Cloud Computing , 2017, IEEE Transactions on Services Computing.

[24]  Wajih Ul Hassan,et al.  Custos: Practical Tamper-Evident Auditing of Operating Systems Using Trusted Execution , 2020, NDSS.

[25]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[26]  Dong Hoon Lee,et al.  Patient-Controlled Attribute-Based Encryption for Secure Electronic Health Records System , 2016, Journal of Medical Systems.

[27]  Tadayoshi Kohno,et al.  Automobile Driver Fingerprinting , 2016, Proc. Priv. Enhancing Technol..

[28]  Latifur Khan,et al.  SGX-Log: Securing System Logs With SGX , 2017, AsiaCCS.

[29]  Shilin He,et al.  Towards Automated Log Parsing for Large-Scale Log Data Analysis , 2018, IEEE Transactions on Dependable and Secure Computing.

[31]  Young Im Cho,et al.  Black Block Recorder: Immutable Black Box Logging for Robots via Blockchain , 2019, IEEE Robotics and Automation Letters.

[32]  Seungho Lee,et al.  How to Securely Record Logs based on ARM TrustZone , 2019, AsiaCCS.

[33]  Bruce Schneier,et al.  Cryptographic Support for Secure Logs on Untrusted Machines , 1998, USENIX Security Symposium.

[34]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[35]  Mahadev Satyanarayanan,et al.  The Emergence of Edge Computing , 2017, Computer.

[36]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[37]  Ying Zhao,et al.  EdgeChain: An Edge-IoT Framework and Prototype Based on Blockchain and Smart Contracts , 2018, IEEE Internet of Things Journal.

[38]  Weisong Shi,et al.  Edge Computing: Vision and Challenges , 2016, IEEE Internet of Things Journal.

[39]  Dong Hoon Lee,et al.  T-Box: A Forensics-Enabled Trusted Automotive Data Recording Method , 2019, IEEE Access.