Techniques for Establishing Trust in Modern Constrained Sensing Platforms with Trusted Execution Environments

Abstract

The Internet of Things (IoT) -- the notion that interconnected everyday objects will acquire the ability to monitor and act upon their environment -- is anticipated to benefit multiple domains, including manufacturing, health and social care, finance, and within the home. However, a plethora of security and trust concerns surround the deployment of millions of devices that transmit sensing data to inform critical decision-making, with potentially serious consequences for end-users. Trusted Execution Environments (TEEs) are emerging as a robust and widely-available solution for protecting the confidentiality and integrity of sensitive applications on IoT devices. TEEs continue a succession of secure execution technologies, including smart cards and embedded Secure Elements, by employing hardware-assistance for protecting run-time accesses to sensitive memory locations, input/output (I/O) devices, and persistent data. TEEs can also provide many of the mechanisms provided by other trusted computing primitives, namely the Trusted Platform Module (TPM), like remote attestation. Given their recent inception, however, TEEs lack the maturity and the ecosystem of long-standing solutions such as TPMs, particularly for constrained devices. This thesis identifies and analyses a multitude of such challenges, resulting in the proposal and evaluation of contributions in five areas of concern. This includes applying TEEs to sensor-driven continuous authentication schemes, an emerging paradigm for addressing the shortfalls of conventional biometrics; secure and mutually trusted communication between two TEEs on remotely located devices; tamper-resistant system logging for constrained platforms with TEEs; remote TEE credential management with respect to centralised IoT deployments, e.g. smart cities and industrial IoT; and a critical evaluation of proposed solutions to relay attacks in contactless transactions, to which existing TEEs are vulnerable. This thesis concludes by identifying open research challenges surrounding the deployment and management of constrained device TEEs in IoT applications