Using SGX-Based Virtual Clones for IoT Security

Abstract

Widespread permeation of IoT devices into our daily lives has created a diverse spectrum of security and privacy concerns unique to the IoT ecosystem. Conventional host and network security mechanisms fail to address these issues due to resource constraints, ad-hoc network models and vendor-centric data collection and sharing policies. Hence, there is a need to redesign the IoT infrastructure to secure both the device and the data. To this end, we propose a design where users are in the driving seat, devices are less exposed and data sharing models are flexible and fine-grained. Our proposal comprises hardware-secured data banks based on Intel Software Guard Extensions (SGX) to house the data in clouds without the need to trust the cloud provider. Virtual clones (shadows) of devices running on top of these data banks serve as competent proxies of actual IoT devices hiding away device weaknesses. The proposed infrastructure is scalable and robust and serves as a good first step for the community to build on and improve.