S2Net: Preserving Privacy in Smart Home Routers

At present, wireless home routers are becoming increasingly smart. While these smart routers provide rich functionalities to users, they also raise security concerns. Although the existing end-to-end encryption techniques can be applied to protect personal data, such rich functionalities become unav...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on dependable and secure computing Vol. 18; no. 3; pp. 1409 - 1424
Main Authors Lee, Seung-Seob, Shi, Hang, Tan, Kun, Liu, Yunxin, Lee, SuKyoung, Cui, Yong
Format Journal Article
LanguageEnglish
Published Washington IEEE 01.05.2021
IEEE Computer Society
Subjects
ARM TrustZone
Cryptography
Encryption
Hardware
heterogeneous multi-core architecture
Internet
Parallel processing
Payloads
Personal information
Privacy
private data protection
Program processors
Routers
secure operating system
Smart buildings
Smart home router
Smart homes
Smart houses
Systems design
transport layer security
Online AccessGet full text

Cover

Abstract At present, wireless home routers are becoming increasingly smart. While these smart routers provide rich functionalities to users, they also raise security concerns. Although the existing end-to-end encryption techniques can be applied to protect personal data, such rich functionalities become unavailable due to the encrypted payloads. On the other hand, if the smart home routers are allowed to process and store the personal data of users, once compromised, the users' sensitive data will be exposed. As a consequence, users face a difficult trade-off between the benefits of the rich functionalities and potential privacy risks. To deal with this dilemma, we propose a novel system named Secure and Smart Network (S2Net) for home routers. For S2Net, we propose a secure OS that can distinguish and manage multiple sessions belonging to different users. The secure OS and all the router applications are placed in the secure world using the ARM TrustZone technology. In S2Net, we also confine the router applications in sandboxes provided by the proposed secure OS to prevent data leakage. As a result, S2Net can provide rich functionalities for users while preserving strong privacy for home routers. In addition, we develop a crypto-worker model that provides an abstraction layer of cryptographic tasks performed by a heterogeneous multi-core system. The other important role of crypto-worker is to parallelize the computations in order to resolve the high computation cost of cryptographic functions. We report the system design of S2Net and the details of our implementation. Experimental results with benchmarks and real applications demonstrate that our implementation is capable of achieving high performance in terms of throughput while mitigating the overhead of S2Net design.
AbstractList At present, wireless home routers are becoming increasingly smart. While these smart routers provide rich functionalities to users, they also raise security concerns. Although the existing end-to-end encryption techniques can be applied to protect personal data, such rich functionalities become unavailable due to the encrypted payloads. On the other hand, if the smart home routers are allowed to process and store the personal data of users, once compromised, the users' sensitive data will be exposed. As a consequence, users face a difficult trade-off between the benefits of the rich functionalities and potential privacy risks. To deal with this dilemma, we propose a novel system named Secure and Smart Network (S2Net) for home routers. For S2Net, we propose a secure OS that can distinguish and manage multiple sessions belonging to different users. The secure OS and all the router applications are placed in the secure world using the ARM TrustZone technology. In S2Net, we also confine the router applications in sandboxes provided by the proposed secure OS to prevent data leakage. As a result, S2Net can provide rich functionalities for users while preserving strong privacy for home routers. In addition, we develop a crypto-worker model that provides an abstraction layer of cryptographic tasks performed by a heterogeneous multi-core system. The other important role of crypto-worker is to parallelize the computations in order to resolve the high computation cost of cryptographic functions. We report the system design of S2Net and the details of our implementation. Experimental results with benchmarks and real applications demonstrate that our implementation is capable of achieving high performance in terms of throughput while mitigating the overhead of S2Net design.
Author Tan, Kun
Shi, Hang
Lee, SuKyoung
Lee, Seung-Seob
Cui, Yong
Liu, Yunxin
Author_xml – sequence: 1
  givenname: Seung-Seob
  orcidid: 0000-0002-3497-3295
  surname: Lee
  fullname: Lee, Seung-Seob
  email: shsym@yonsei.ac.kr
  organization: Department of Computer Science, Yonsei University, Seoul, South Korea
– sequence: 2
  givenname: Hang
  orcidid: 0000-0001-9384-7486
  surname: Shi
  fullname: Shi, Hang
  email: shi-h15@mails.tsinghua.edu.cn
  organization: Department of Computer Science and Technology, Tsinghua University, Beijing, China
– sequence: 3
  givenname: Kun
  surname: Tan
  fullname: Tan, Kun
  email: cohen_tan@hotmail.com
  organization: Huawei Technologies Co., Ltd., Beijing, China
– sequence: 4
  givenname: Yunxin
  orcidid: 0000-0001-7352-8955
  surname: Liu
  fullname: Liu, Yunxin
  email: yunxin.liu@microsoft.com
  organization: Microsoft Research Asia, Beijing, China
– sequence: 5
  givenname: SuKyoung
  surname: Lee
  fullname: Lee, SuKyoung
  email: sklee@yonsei.ac.kr
  organization: Department of Computer Science, Yonsei University, Seoul, South Korea
– sequence: 6
  givenname: Yong
  orcidid: 0000-0002-5171-739X
  surname: Cui
  fullname: Cui, Yong
  email: cuiyong@tsinghua.edu.cn
  organization: Department of Computer Science and Technology, Tsinghua University, Beijing, China
BookMark eNo9kEFLAzEQhYNUsK3-APGy4HnbySTZTbxJrVYoKraeQ7o7K1vsbk22hf57U1o8zRt4b-bxDVivaRti7JbDiHMw4-XTYjJC4GaEBmWG8oL1uZE8BeC6F7WSKlUm51dsEMIaAKU2ss_GC3yj7iH58BTI7-vmO8p674pDUjfJYuN8l8zaDSWf7a4jH67ZZeV-At2c55B9PU-Xk1k6f395nTzO0wKN6NIyy6XMC-PyqoDcUG6000qKMkNluCOJKypFKeOmyUmtoYQCKm5UjisHpRiy-9PdrW9_dxQ6u253vokvLSrMTIaAIrr4yVX4NgRPld36OnY-WA72yMUeudgjF3vmEjN3p0xNRP9-HfsKUOIPLU1d5g
CODEN ITDSCM
CitedBy_id crossref_primary_10_1007_s11390_023_2488_3
crossref_primary_10_4018_IJISP_303668
crossref_primary_10_1109_ACCESS_2021_3054575
Cites_doi 10.1145/2967360.2967380
10.1007/978-981-10-1463-5_5
10.1109/TDSC.2018.2861756
10.1145/1400097.1400109
10.1145/1272996.1273025
10.1145/1950365.1950399
10.1145/2674005.2674991
10.1109/LCOMM.2006.1603387
10.1145/2785956.2787482
10.1109/JIOT.2014.2323395
10.1145/3081333.3081349
10.1109/IC2EW.2016.24
10.1145/3231594
10.1145/2893177
10.1145/1831407.1831429
10.1109/Trustcom.2015.378
10.1109/ARES.2016.64
10.1145/2831347.2831354
10.1145/1961296.1950399
10.1145/2785956.2787502
10.1016/j.procs.2017.05.357
ContentType Journal Article
Copyright Copyright IEEE Computer Society 2021
Copyright_xml – notice: Copyright IEEE Computer Society 2021
DBID 97E
RIA
RIE
AAYXX
CITATION
JQ2
DOI 10.1109/TDSC.2019.2924624
DatabaseName IEEE All-Society Periodicals Package (ASPP) 2005-present
IEEE All-Society Periodicals Package (ASPP) Online
IEEE Electronic Library Online
CrossRef
ProQuest Computer Science Collection
DatabaseTitle CrossRef
ProQuest Computer Science Collection
DatabaseTitleList
ProQuest Computer Science Collection
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library Online
  url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 1941-0018
EndPage 1424
ExternalDocumentID 10_1109_TDSC_2019_2924624
8744305
Genre orig-research
GrantInformation_xml – fundername: National Research Foundation of Korea
  grantid: NRF-2017R1A2B4002000
  funderid: 10.13039/501100003725
GroupedDBID .4S
.DC
0R~
29I
3V.
4.4
5GY
5VS
6IK
7WY
8FE
8FG
8FL
8R4
8R5
97E
AAJGR
AASAJ
AAYOK
ABJCF
ABQJQ
ABUWG
ABVLG
ACGFO
ACIWK
AENEX
AETIX
AFKRA
AIBXA
AKJIK
ALMA_UNASSIGNED_HOLDINGS
ARAPS
ARCSS
ATWAV
AZQEC
BEFXN
BENPR
BEZIV
BFFAM
BGLVJ
BGNUA
BKEBE
BPEOZ
BPHCQ
CCPQU
CS3
DU5
DWQXO
EBS
EDO
EJD
FRNLG
GNUQQ
GROUPED_ABI_INFORM_COMPLETE
HCIFZ
HZ~
IEDLZ
IFIPE
IPLJI
ITG
ITH
JAVBF
K60
K6V
K6~
K7-
L6V
LAI
M0C
M0N
M43
M7S
O9-
OCL
P2P
P62
PQBIZ
PQBZA
PQQKQ
PROAC
PTHSS
Q2X
RIA
RIC
RIE
RIG
RNI
RNS
RZB
XFK
AAYXX
CITATION
JQ2
ID FETCH-LOGICAL-c293t-d67447c9a7fc079e798a8543d62591ae42bed3d42598ea4880d0c0f19572ba0d3
IEDL.DBID RIE
ISSN 1545-5971
IngestDate Thu Oct 10 19:16:39 EDT 2024
Fri Aug 23 02:57:29 EDT 2024
Wed Jun 26 19:26:47 EDT 2024
IsPeerReviewed false
IsScholarly true
Issue 3
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c293t-d67447c9a7fc079e798a8543d62591ae42bed3d42598ea4880d0c0f19572ba0d3
ORCID 0000-0002-5171-739X
0000-0002-3497-3295
0000-0001-9384-7486
0000-0001-7352-8955
PQID 2526962023
PQPubID 27603
PageCount 16
ParticipantIDs proquest_journals_2526962023
ieee_primary_8744305
crossref_primary_10_1109_TDSC_2019_2924624
PublicationCentury 2000
PublicationDate 2021-05-01
PublicationDateYYYYMMDD 2021-05-01
PublicationDate_xml – month: 05
  year: 2021
  text: 2021-05-01
  day: 01
PublicationDecade 2020
PublicationPlace Washington
PublicationPlace_xml – name: Washington
PublicationTitle IEEE transactions on dependable and secure computing
PublicationTitleAbbrev TDSC
PublicationYear 2021
Publisher IEEE
IEEE Computer Society
Publisher_xml – name: IEEE
– name: IEEE Computer Society
References ref12
ref53
ref52
ref11
ref54
ref10
(ref7) 0
ref17
ref16
(ref35) 0
raj (ref26) 2015
(ref55) 0
(ref46) 2014
ref51
ref50
baumann (ref9) 2014
(ref22) 0
davis (ref34) 2010
ref42
ref41
ref43
(ref13) 0
bech (ref39) 2018
(ref38) 0
mcgrew (ref49) 0
(ref45) 2011
ref8
(ref30) 0
ref3
ref40
(ref27) 0
(ref18) 0
patil (ref15) 2017
(ref20) 0
ref31
(ref23) 2003
niebler (ref56) 0
ref32
ref2
ref1
(ref5) 0
(ref44) 2013
(ref14) 0
(ref33) 0
loreto (ref47) 2014
peon (ref48) 0
(ref28) 0
ref24
pearson (ref25) 2003
kocher (ref37) 2018
(ref19) 0
ref29
lipp (ref36) 2018
(ref4) 0
constantin (ref6) 0
(ref21) 0
References_xml – ident: ref50
  doi: 10.1145/2967360.2967380
– year: 0
  ident: ref35
  article-title: YouTube help, live encoder settings, bitrates, and resolutions.
– year: 0
  ident: ref20
  article-title: ARM security technology - building a secure system using TrustZone technology.
– year: 2015
  ident: ref26
  article-title: fTPM: A firmware-based TPM 2.0 implementation
  contributor:
    fullname: raj
– year: 0
  ident: ref55
– ident: ref16
  doi: 10.1007/978-981-10-1463-5_5
– ident: ref31
  doi: 10.1109/TDSC.2018.2861756
– year: 0
  ident: ref21
  article-title: Genode operating system framework.
– ident: ref54
  doi: 10.1145/1400097.1400109
– year: 0
  ident: ref49
  article-title: TLS proxy server extension. draft-mcgrew-tls-proxyserver-01
  contributor:
    fullname: mcgrew
– ident: ref53
  doi: 10.1145/1272996.1273025
– year: 0
  ident: ref33
  article-title: Disk benchmark software.
– year: 0
  ident: ref56
  article-title: Chapter 46. Boost.Xpressive.
  contributor:
    fullname: niebler
– year: 0
  ident: ref28
  article-title: OpenSSL cryptography and SSL/TLS toolkit.
– year: 0
  ident: ref27
  article-title: NXP i.MX 6Quad processors.
– year: 2017
  ident: ref15
  article-title: New range of smart home products accommodates early and new adopters of home automation
  contributor:
    fullname: patil
– year: 0
  ident: ref30
  article-title: Secure boot on i.MX50, i.MX53, and i.MX 6 series using HABv4
– year: 0
  ident: ref6
  contributor:
    fullname: constantin
– year: 2010
  ident: ref34
  article-title: Building energy-efficient systems for sequential I/O workloads
  contributor:
    fullname: davis
– year: 0
  ident: ref48
  article-title: Explicit Proxy in HTTP/2.0 draft-rpeon-httpbis-exproxy-00
  contributor:
    fullname: peon
– year: 2011
  ident: ref45
  article-title: TPM main specification level 2 Version 1.2, Revision 116
– ident: ref52
  doi: 10.1145/1950365.1950399
– start-page: 2005
  year: 0
  ident: ref13
  article-title: ARM security technology - building a secure system using TrustZone technology
– ident: ref8
  doi: 10.1145/2674005.2674991
– year: 0
  ident: ref38
  article-title: Speculative processor vulnerability.
– ident: ref32
  doi: 10.1109/LCOMM.2006.1603387
– ident: ref10
  doi: 10.1145/2785956.2787482
– ident: ref24
  doi: 10.1109/JIOT.2014.2323395
– ident: ref12
  doi: 10.1145/3081333.3081349
– ident: ref2
  doi: 10.1109/IC2EW.2016.24
– year: 0
  ident: ref22
– ident: ref41
  doi: 10.1145/3231594
– year: 2018
  ident: ref37
  article-title: Spectre attacks: Exploiting speculative execution
  publication-title: arXiv 1801 01203
  contributor:
    fullname: kocher
– ident: ref40
  doi: 10.1109/TDSC.2018.2861756
– start-page: 973
  year: 2018
  ident: ref36
  article-title: Meltdown: Reading Kernel Memory from User Space
  publication-title: In 27th USENIX Secur Symp (USENIX Secur 18)
  contributor:
    fullname: lipp
– ident: ref42
  doi: 10.1145/2893177
– ident: ref51
  doi: 10.1145/1831407.1831429
– year: 0
  ident: ref5
– year: 0
  ident: ref7
– year: 0
  ident: ref4
– start-page: 267
  year: 2014
  ident: ref9
  article-title: Shielding applications from an untrusted cloud with haven
  publication-title: Proc 11th USENIX Symp Operating Syst Des Implementation
  contributor:
    fullname: baumann
– year: 0
  ident: ref19
  article-title: Overview of Application Virtualization
– ident: ref29
  doi: 10.1109/Trustcom.2015.378
– ident: ref17
  doi: 10.1109/ARES.2016.64
– year: 2014
  ident: ref46
  article-title: Intel Software guard extensions programming reference
– year: 2018
  ident: ref39
  article-title: Linaro - implications of meltdown and spectre : Part 2
  contributor:
    fullname: bech
– ident: ref1
  doi: 10.1145/2831347.2831354
– ident: ref43
  doi: 10.1145/1961296.1950399
– year: 0
  ident: ref14
– year: 2014
  ident: ref47
  article-title: Explicit trusted proxy in HTTP/2.0. draft-loreto-httpbis-trusted-proxy20-01
  contributor:
    fullname: loreto
– year: 2013
  ident: ref44
  article-title: AWS CloudHSM getting started guide
– year: 2003
  ident: ref23
– year: 0
  ident: ref18
– year: 2003
  ident: ref25
  publication-title: Trusted Computing Platforms TCPA Technology in Context
  contributor:
    fullname: pearson
– ident: ref11
  doi: 10.1145/2785956.2787502
– ident: ref3
  doi: 10.1016/j.procs.2017.05.357
SSID ssj0024894
Score 2.3503575
Snippet At present, wireless home routers are becoming increasingly smart. While these smart routers provide rich functionalities to users, they also raise security...
SourceID proquest
crossref
ieee
SourceType Aggregation Database
Publisher
StartPage 1409
SubjectTerms ARM TrustZone
Cryptography
Encryption
Hardware
heterogeneous multi-core architecture
Internet
Parallel processing
Payloads
Personal information
Privacy
private data protection
Program processors
Routers
secure operating system
Smart buildings
Smart home router
Smart homes
Smart houses
Systems design
transport layer security
Title S2Net: Preserving Privacy in Smart Home Routers
URI https://ieeexplore.ieee.org/document/8744305
https://www.proquest.com/docview/2526962023
Volume 18
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV05T8MwFLZKJxaugigU5IEJkTZxHDtmQ4WqQmqXtlK3KLZfUYVIEaRI8Ovxy1HEMbB5SGTL77Y_v4-QC-2D5cZJIHbJkMdB4EGTcIWrAWsF8yG2eA45GovhjN_Po3mDXG3ewgBAAT6DLg6Lu3y7Mms8Kuthq_YQG5ZuSaXKt1pfffXigvQQMwLPJclBdYMZ-Ko3vZ30EcSlusxVG4LxbzGoIFX55YmL8DLYJaN6YSWq5LG7znXXfPzo2fjfle-RnSrPpDelYuyTBmQHZLfmcKCVSbdIb8LGkF9ThGKg28ge3HD5lpp3uszo5MlpFkUqdYrQIZcqHpLZ4G7aH3oViYJnXCTPPSvc1NKoVC6MLxVIFadxxEOLhU-QAmcabGid6aoYUjRn6xt_EahIMp36NjwizWyVwTGhEYQRZ5BKLoBrK7V1HiBQdmFiJ1lt2-Sy3tbkueyVkRQ1hq8SlEGCMkgqGbRJC7dp82G1Q23SqQWRVNb0mjCkQRdI9H7y91-nZJsh1qQAInZIM39Zw5lLFnJ9XmjJJ8s4ug4
link.rule.ids 315,783,787,799,27936,27937,55086
linkProvider IEEE
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV09T8MwED1VZYCFAgVRKJCBCZE2cRwnZkMFVKDt0lbqFiX2FVWIFEGKBL8eX5IW8TGweUhky3dnv7Of7wGcJg5qrowFQgOGbI6CDpqESVwVai2Yg6Gmc8j-QHTH_G7iTypwvnoLg4g5-Qxb1Mzv8vVcLeiorE2l2j0qWLpmcHUoitdaX5X1wlz2kDCBbWCyW95huo5sj66GHaJxyRYz-YZg_NsulMuq_FqL8w3mpgb95dAKXslja5ElLfXxo2rjf8e-BZsl0rQuC9fYhgqmO1BbqjhYZVDXoT1kA8wuLCJj0MKRPpjm7C1W79YstYZPxrcsElO3iDxkwOIujG-uR52uXcoo2Mrs5Zmthek6UDIOpsoJJAYyjEOfe5pSHzdGzhLUnjbBK0OMKaC1o5ypK_2AJbGjvT2opvMU98Hy0fM5wzjgAnmig0SbNcCVeqpCY9tEN-BsOa3Rc1EtI8qzDEdGZIOIbBCVNmhAnaZp9WE5Qw1oLg0RlfH0GjESQhck9X7w918nsN4d9XtR73ZwfwgbjJgnOS2xCdXsZYFHBjpkyXHuMZ-2mb1Z
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=S2Net%3A+Preserving+Privacy+in+Smart+Home+Routers&rft.jtitle=IEEE+transactions+on+dependable+and+secure+computing&rft.au=Lee%2C+Seung-seob&rft.au=Shi%2C+Hang&rft.au=Tan%2C+Kun&rft.au=Liu%2C+Yunxin&rft.date=2021-05-01&rft.issn=1545-5971&rft.eissn=1941-0018&rft.spage=1&rft.epage=1&rft_id=info:doi/10.1109%2FTDSC.2019.2924624&rft.externalDBID=n%2Fa&rft.externalDocID=10_1109_TDSC_2019_2924624
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1545-5971&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1545-5971&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1545-5971&client=summon