Abstract
Trusted communication is a key component in trusted computing paradigm. Sensitive data usually has to be migrated between two applications or platforms in the environment of open network. In this case, not only file integrity monitor tools but also trusted transmission is needed. However, existing trusted transmission solutions run on the user’s application platform or operating system. The lack of the isolation makes such security software easy to be subverted. In this paper, we present a novel approach called SecTube to protect the data safety in transmission. It utilizes Intel’s new security technology SGX to give user application a safer execution environment. We also present the design and implementation of enclave socket in this paper. We realize the SecTube in Ubuntu 14.04 and several experiments are conducted. The experimental results show the effectiveness of SecTube and demonstrate that the average performance overhead of SecTube is only about 15%.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kim, G.H., Spafford, E.H.: Experiences with Tripwire: using integrity checkers for intrusion detection. In: System Administration, Networking and Security Conference (1994)
Chang, X., et al.: ZRTP-based trusted transmission of VoIP traffic and formal verification. In: IEEE International Conference on Multimedia Information Networking and Security, pp. 560–563 (2012)
Minmin, L., Liu, J.: A trusted transmission protocol based on trusted computing technology. In: International Conference on Computational Problem-Solving IEEE, pp. 473–476 (2012)
Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.K.: Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. SIGPLAN Not. 43(3), 2–13 (2008)
Hofmann, O.S., Kim, S., Dunn, A.M., Lee, M.Z., Witchel, E.: InkTag: secure applications on an untrusted operating system. SIGPLAN Not. 48(4), 265–278 (2013)
McAfee Labs and McAfee Foundstone Professional Services: Protecting Your Critical Assets: Lessons Learned from “Operation Aurora”. http://www.mcafee.com/us/resources/white-papers/wpprotecting-critical-assets.pdf. Accessed 17 June 2013
Clarke, D., et al.: Checking the integrity of memory in a snooping-based symmetric multiprocessor (SMP) system. MIT CSAIL CSG-TR-470 42(1–3), 335–346 (2004)
Haldermen, J.A., Schoen, S.D., Heninger, N., et al.: Lest We Remember: Cold Boot Attacks on Encryption Keys. https://citp.princeton.edu/research/memory/. Accessed 17 June 2013
Winter, J.: Trusted computing building blocks for embedded linux-based ARM trustzone platforms. In: Computer and Communications Security, pp. 21–30 (2008)
Anati, I., Gueron, S., Johnson, S., et al.: Innovative technology for CPU based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, vol. 13 (2013)
McKeen, F., Alexandrovich, I., Berenzon, A., et al.: Innovative instructions and software model for isolated execution. In: HASP@ ISCA, p. 10 (2013)
Hoekstra, M., Lal, R., Pappachan, P., et al.: Using innovative instructions to create trustworthy software solutions. In: HASP@ ISCA, p. 11 (2013)
Schuster, F., Costa, M., Fournet, C., et al.: VC3: trustworthy data analytics in the cloud using SGX. In: 2015 IEEE Symposium on Security and Privacy (SP), p. 38. IEEE (2015)
Acknowledgement
The authors gratefully acknowledge the anonymous reviewers for their helpful suggestions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Chen, J., Dai, B., Wang, Y., Yao, Y., Li, B. (2018). SecTube: SGX-Based Trusted Transmission System. In: Qiu, M. (eds) Smart Computing and Communication. SmartCom 2017. Lecture Notes in Computer Science(), vol 10699. Springer, Cham. https://doi.org/10.1007/978-3-319-73830-7_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-73830-7_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-73829-1
Online ISBN: 978-3-319-73830-7
eBook Packages: Computer ScienceComputer Science (R0)