3rdParTEE: Securing Third-Party IoT Services Using the Trusted Execution Environment

Abstract

Advancements in the Internet of Things (IoT) have resulted in the connection and deployment of numerous smart and embedded devices. Although such devices enable various services such as smart grids, they attract more attackers to the IoT world. A trusted execution environment (TEE), which can be created by using TrustZone technology, is a promising security artifact for protecting critical operations and sensitive data of IoT devices. Unfortunately, although TrustZone is available in most ARM architecture-based devices ranging from microcontrollers to high-end smart devices, it has not been widely adopted by third-party IoT service providers because of its limited access. That is, because the TEE is maintained by the TEE platform vendors to preserve its security. Therefore, third parties must adhere to strict policies and procedures to ensure the deployment of trusted services in the TEE. This aspect hinders the fast development and deployment of IoT services. In this work, we propose 3rdParTEE to address this problem by enabling third-party IoT service providers to readily run their trusted services, thereby minimizing their dependency on the TEE maintainers. Specifically, 3rdParTEE facilitates the secure running of the third-party's native kernel driver in the TEE without hampering the security of the existing TEE components. To demonstrate the effectiveness of our approach, we ran three kernel drivers for maintaining the IoT services platform (e.g., kernel integrity check) in the TEE. Additionally, during the performance evaluation, we observed a reasonable performance overhead of up to 7% when running the kernel drivers in such a secure manner.