Securing Smart Environments with Authentic Execution

Securing Smart Environment applications is a huge concern nowadays. The use of small,embedded devices to connect the physical to the digital world is a big challenge in terms of security, due to the limited hardware resources available and the real-time constraints the system must ensure. As an example, a paper released in 2018 by the US Department of Homeland Security highlights numerous, potential issues and threats regarding the use of new Internet of Things (IoT) technologies in Precision Agriculture and Smart Farming.To address this problem, the concept of Authentic Execution was proposed in 2017 by Noorman et al., which described a secure framework for a distributed, event-driven application. This solution relied on the use of Trusted Computing (TC) and Trusted Execution Environments (TEE) to achieve strong security properties such as confidentiality, integrity and authenticity of software and data. An implementation of this approach was provided for Sancus, an embedded TEE that extends the TI MSP430 CPU.However, this solution is not sufficient in a real scenario: in fact, most IoT systems need a cloud backend, to gather data and perform expensive computation. Hence, an heterogeneous system is needed in such applications, composed by both embedded devices and remote servers.Therefore, this Master’s Thesis describes an implementation of the Authentic Execution approach for Software Guard eXtensions (SGX), a TEE included in recent Intel processors.We developed a framework that allows a developer to write only the logic of his own application, as well as providing a high-level description of the system (e.g., to specify how the modules are connected to each other). The framework implicitly handles the execution of a module inside an isolated, trusted environment (called enclave) and the communication between different modules. Moreover, the framework is entirely written in Rust, a modern, fast programming language that provides by design numerous features to enhance security, such as protection against many memory-management vulnerabilities (e.g., buffer overflows), as well as a safe use of threads and concurrency. Along with the SGX implementation, we provide tools to easily deploy a heterogeneous, distributed application on a shared infrastructure.In addition to the Trusted Execution of their modules, Sancus and SGX can bring further advantages if used together: while the former is able to perform Secure I/O, the latter provides a feature called data sealing, to securely store data on disk. Particularly, Secure I/O is used to establish trusted paths between high-end computation nodes and I/O devices.Finally, we prove the effectiveness of Authentic Execution by implementing a prototype for a smart irrigation system. A security evaluation shows that this approach ensures strong confidentiality and integrity guarantees. From a performance point of view, instead, tests reveal that our solution is widely acceptable for an irrigation system, whereas it might not be feasible for applications with stricter real-time constraints.