Veto: Prohibit Outdated Edge System Software from Booting

Jonas Röckl; Adam Wagenhäuser; Tilo Müller

doi:10.5220/0011627700003405

Veto: Prohibit Outdated Edge System Software from Booting

Jonas Röckl, Adam Wagenhäuser, Tilo Müller

2023

Abstract

Edge computing emerges as a trend, forming a link between the Internet of Things and cloud-based services. Large-scale edge deployments are already in place today in the context of communication network providers that offload more and more tasks to the edge to ensure high flexibility and low latencies. By relying on remote attestation and disk encryption techniques, we design a novel system architecture that protects confidential data on edge nodes in the case of device theft. Recent vulnerabilities like Ripple20 and Amnesia:33 show the consequences and costs of critical security bugs stemming from outdated system software. Thus, we design our system in a way that a node can derive its decryption key if and only if a trusted remote party (e.g., a network operator) can verify that it is running the latest software. This is a security feature that prevalent implementations like Linux’s dm-crypt lack. To secure the early-boot communication, we rely on a trusted execution environment, hardware offloading, and Rust device drivers. We prototype our system on two recent ARMv8 devices and show that the performance overhead (≈ 2%) and the boot delay (1s) are low. Thus, we believe that our concept is a meaningful step towards more secure future edge devices.

Download

Paper Citation

in Harvard Style

Röckl J., Wagenhäuser A. and Müller T. (2023). Veto: Prohibit Outdated Edge System Software from Booting. In Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-624-8, pages 46-57. DOI: 10.5220/0011627700003405

in Bibtex Style

@conference{icissp23,
author={Jonas Röckl and Adam Wagenhäuser and Tilo Müller},
title={Veto: Prohibit Outdated Edge System Software from Booting},
booktitle={Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2023},
pages={46-57},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011627700003405},
isbn={978-989-758-624-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 9th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Veto: Prohibit Outdated Edge System Software from Booting
SN - 978-989-758-624-8
AU - Röckl J.
AU - Wagenhäuser A.
AU - Müller T.
PY - 2023
SP - 46
EP - 57
DO - 10.5220/0011627700003405