S2Net: Preserving Privacy in Smart Home Routers

At present, wireless home routers are becoming increasingly smart. While these smart routers provide rich functionalities to users, they also raise security concerns. Although the existing end-to-end encryption techniques can be applied to protect personal data, such rich functionalities become unav...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on dependable and secure computing Vol. 18; no. 3; pp. 1409 - 1424
Main Authors Lee, Seung-Seob, Shi, Hang, Tan, Kun, Liu, Yunxin, Lee, SuKyoung, Cui, Yong
Format Journal Article
LanguageEnglish
Published Washington IEEE 01.05.2021
IEEE Computer Society
Subjects
ARM TrustZone
Cryptography
Encryption
Hardware
heterogeneous multi-core architecture
Internet
Parallel processing
Payloads
Personal information
Privacy
private data protection
Program processors
Routers
secure operating system
Smart buildings
Smart home router
Smart homes
Smart houses
Systems design
transport layer security
Online AccessGet full text

Cover

More Information
Summary:At present, wireless home routers are becoming increasingly smart. While these smart routers provide rich functionalities to users, they also raise security concerns. Although the existing end-to-end encryption techniques can be applied to protect personal data, such rich functionalities become unavailable due to the encrypted payloads. On the other hand, if the smart home routers are allowed to process and store the personal data of users, once compromised, the users' sensitive data will be exposed. As a consequence, users face a difficult trade-off between the benefits of the rich functionalities and potential privacy risks. To deal with this dilemma, we propose a novel system named Secure and Smart Network (S2Net) for home routers. For S2Net, we propose a secure OS that can distinguish and manage multiple sessions belonging to different users. The secure OS and all the router applications are placed in the secure world using the ARM TrustZone technology. In S2Net, we also confine the router applications in sandboxes provided by the proposed secure OS to prevent data leakage. As a result, S2Net can provide rich functionalities for users while preserving strong privacy for home routers. In addition, we develop a crypto-worker model that provides an abstraction layer of cryptographic tasks performed by a heterogeneous multi-core system. The other important role of crypto-worker is to parallelize the computations in order to resolve the high computation cost of cryptographic functions. We report the system design of S2Net and the details of our implementation. Experimental results with benchmarks and real applications demonstrate that our implementation is capable of achieving high performance in terms of throughput while mitigating the overhead of S2Net design.
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2019.2924624