This demo introduces a novel method to enhance IoT communication security using a Trusted Execution Environment (TEE). Secure IPsec channels between two devices with x86 and RISC-V platforms are established by employing a platform equipped with a dedicated hardware Root of Trust. Enarx on x86 (equipped with Intel SGX) and Keystone on RISC-V machines serve as TEEs, ensuring integrity and confidentiality. This demo exhibits a workflow where the IPsec configuration is received from a centralized controller and is securely stored and managed within the TEE. By providing a comprehensive solution for securing IoT communications, the demonstration highlights the importance of TEEs in ensuring the integrity and confidentiality of interconnected devices in modern network infrastructures.

Securing 5G: Trusted Execution Environments for Centrally Controlled IPsec Integrity / D'Onghia, Grazia; Ciravegna, Flavio; Bruno, Giacomo; Elorza Forcada, Mattin Antartiko; Pastor, Antonio; Lioy, Antonio. - ELETTRONICO. - (2024), pp. 595-597. (Intervento presentato al convegno 2024 IFIP Networking Conference tenutosi a Thessaloniki (Greece) nel June 3-6, 2024) [10.23919/ifipnetworking62109.2024.10619852].

Securing 5G: Trusted Execution Environments for Centrally Controlled IPsec Integrity

D'Onghia, Grazia;Ciravegna, Flavio;Bruno, Giacomo;Lioy, Antonio
2024

Abstract

This demo introduces a novel method to enhance IoT communication security using a Trusted Execution Environment (TEE). Secure IPsec channels between two devices with x86 and RISC-V platforms are established by employing a platform equipped with a dedicated hardware Root of Trust. Enarx on x86 (equipped with Intel SGX) and Keystone on RISC-V machines serve as TEEs, ensuring integrity and confidentiality. This demo exhibits a workflow where the IPsec configuration is received from a centralized controller and is securely stored and managed within the TEE. By providing a comprehensive solution for securing IoT communications, the demonstration highlights the importance of TEEs in ensuring the integrity and confidentiality of interconnected devices in modern network infrastructures.
2024
978-3-903176-63-8
File in questo prodotto:
File Dimensione Formato  
Securing-5G-TEE-IPsec-Accepted-Manuscript.pdf

accesso aperto

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: Pubblico - Tutti i diritti riservati
Dimensione 240.26 kB
Formato Adobe PDF
240.26 kB Adobe PDF Visualizza/Apri
Securing_5G_Trusted_Execution_Environments_for_Centrally_Controlled_IPsec_Integrity.pdf

accesso riservato

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 273.62 kB
Formato Adobe PDF
273.62 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2992421