Veto: Prohibit Outdated Edge System Software from Booting

Röckl J, Wagenhäuser A, Müller T (2023)

Publication Language: English

Publication Type: Conference contribution

Publication year: 2023

Pages Range: 46-57

Conference Proceedings Title: In Proceedings of the 9th International Conference on Information Systems Security and Privacy (ICISSP)

Event location: Lisbon PT

ISBN: 978-989-758-624-8

DOI: 10.5220/0011627700003405

Abstract

Edge computing emerges as a trend, forming a link between the Internet of Things and cloud-based services. Large-scale edge deployments are already in place today in the context of communication network providers that offload more and more tasks to the edge to ensure high flexibility and low latencies. By relying on remote attestation and disk encryption techniques, we design a novel system architecture that protects confidential data on edge nodes in the case of device theft. Recent vulnerabilities like Ripple20 and Amnesia:33 show the consequences and costs of critical security bugs stemming from outdated system software. Thus, we design our system in a way that a node can derive its decryption key if and only if a trusted remote party (e.g., a network operator) can verify that it is running the latest software. This is a security feature that prevalent implementations like Linux’s dm-crypt lack. To secure the early-boot communication, we rely on a trusted execution environment, hardware offloading, and Rust device drivers. We prototype our system on two recent ARMv8 devices and show that the performance overhead (≈ 2%) and the boot delay (1s) are low. Thus, we believe that our concept is a meaningful step towards more secure future edge devices. 

Authors with CRIS profile

Jonas Röckl Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Adam Wagenhäuser Lehrstuhl für Informatik 4 (Verteilte Systeme und Betriebssysteme) Tilo Müller

Involved external institutions

Hochschule für Angewandte Wissenschaften Hof DE Germany (DE)

How to cite

APA:

Röckl, J., Wagenhäuser, A., & Müller, T. (2023). Veto: Prohibit Outdated Edge System Software from Booting. In In Proceedings of the 9th International Conference on Information Systems Security and Privacy (ICISSP) (pp. 46-57). Lisbon, PT.

MLA:

Röckl, Jonas, Adam Wagenhäuser, and Tilo Müller. "Veto: Prohibit Outdated Edge System Software from Booting." Proceedings of the 9th International Conference on Information Systems Security and Privacy (ICISSP), Lisbon 2023. 46-57.

BibTeX: Download