This demo introduces a novel method to enhance IoT communication security using a Trusted Execution Environment (TEE). Secure IPsec channels between two devices with x86 and RISC-V platforms are established by employing a platform equipped with a dedicated hardware Root of Trust. Enarx on x86 (equipped with Intel SGX) and Keystone on RISC-V machines serve as TEEs, ensuring integrity and confidentiality. This demo exhibits a workflow where the IPsec configuration is received from a centralized controller and is securely stored and managed within the TEE. By providing a comprehensive solution for securing IoT communications, the demonstration highlights the importance of TEEs in ensuring the integrity and confidentiality of interconnected devices in modern network infrastructures.
Securing 5G: Trusted Execution Environments for Centrally Controlled IPsec Integrity / D'Onghia, Grazia; Ciravegna, Flavio; Bruno, Giacomo; Elorza Forcada, Mattin Antartiko; Pastor, Antonio; Lioy, Antonio. - ELETTRONICO. - (2024), pp. 595-597. (Intervento presentato al convegno 2024 IFIP Networking Conference tenutosi a Thessaloniki (Greece) nel June 3-6, 2024) [10.23919/ifipnetworking62109.2024.10619852].
Securing 5G: Trusted Execution Environments for Centrally Controlled IPsec Integrity
D'Onghia, Grazia;Ciravegna, Flavio;Bruno, Giacomo;Lioy, Antonio
2024
Abstract
This demo introduces a novel method to enhance IoT communication security using a Trusted Execution Environment (TEE). Secure IPsec channels between two devices with x86 and RISC-V platforms are established by employing a platform equipped with a dedicated hardware Root of Trust. Enarx on x86 (equipped with Intel SGX) and Keystone on RISC-V machines serve as TEEs, ensuring integrity and confidentiality. This demo exhibits a workflow where the IPsec configuration is received from a centralized controller and is securely stored and managed within the TEE. By providing a comprehensive solution for securing IoT communications, the demonstration highlights the importance of TEEs in ensuring the integrity and confidentiality of interconnected devices in modern network infrastructures.File | Dimensione | Formato | |
---|---|---|---|
Securing-5G-TEE-IPsec-Accepted-Manuscript.pdf
accesso aperto
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
Pubblico - Tutti i diritti riservati
Dimensione
240.26 kB
Formato
Adobe PDF
|
240.26 kB | Adobe PDF | Visualizza/Apri |
Securing_5G_Trusted_Execution_Environments_for_Centrally_Controlled_IPsec_Integrity.pdf
accesso riservato
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
273.62 kB
Formato
Adobe PDF
|
273.62 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2992421