Skip to main content
SpringerLink
Log in

EmLog: Tamper-Resistant System Logging for Constrained Devices with TEEs

  • Conference paper
  • First Online:
Information Security Theory and Practice (WISTP 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10741))

Abstract

Remote mobile and embedded devices are used to deliver increasingly impactful services, such as medical rehabilitation and assistive technologies. Secure system logging is beneficial in these scenarios to aid audit and forensic investigations particularly if devices bring harm to end-users. Logs should be tamper-resistant in storage, during execution, and when retrieved by a trusted remote verifier. In recent years, Trusted Execution Environments (TEEs) have emerged as the go-to root of trust on constrained devices for isolated execution of sensitive applications. Existing TEE-based logging systems, however, focus largely on protecting server-side logs and offer little protection to constrained source devices. In this paper, we introduce EmLog – a tamper-resistant logging system for constrained devices using the GlobalPlatform TEE. EmLog provides protection against complex software adversaries and offers several additional security properties over past schemes. The system is evaluated across three log datasets using an off-the-shelf ARM development board running an open-source, GlobalPlatform-compliant TEE. On average, EmLog runs with low run-time memory overhead (1 MB heap and stack), 430–625 logs/second throughput, and five-times persistent storage overhead versus unprotected logs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://source.android.com/security/authentication/fingerprint-hal.

  2. 2.

    http://developer.samsung.com/tech-insights/pay/device-side-security.

  3. 3.

    https://www.raspberrypi.org/products/.

  4. 4.

    https://nest.com.

  5. 5.

    Note that, in general, arbitrary log deletion is difficult to prevent robustly without dedicated WORM (Write-Once, Read-Many) storage.

  6. 6.

    https://wiki.linaro.org/WorkingGroups/Security/OP-TEE.

  7. 7.

    http://www.sec.gov/dera/data/Public-EDGAR-log-file-data/2016/Qtr2/log20160630.zip.

  8. 8.

    http://www.secrepo.com/maccdc2012/maccdc2012_fast_alert.7z.

References

  1. ARM: Markets: Wearables (2017). https://www.arm.com/markets/wearables

  2. Bao, F., Chen, I.-R.: Dynamic trust management for Internet of Things applications. In: International Workshop on Self-aware Internet of Things, pp. 1–6. ACM (2012)

    Google Scholar 

  3. Bellare, M., Yee, B.: Forward integrity for secure audit logs. Technical report, Computer Science and Engineering Department, University of California at San Diego (1997)

    Google Scholar 

  4. Böck, B., Huemer, D., Tjoa, A.M.: Towards more trustable log files for digital forensics by means of trusted computing. In: 24th International Conference on Advanced Information Networking and Applications, pp. 1020–1027. IEEE (2010)

    Google Scholar 

  5. Brickell, E., Li, J.: Enhanced privacy ID from bilinear pairing for hardware authentication and attestation. Int. J. Inf. Privacy Secur. Integrity 1(1), 3–33 (2011)

    Article  Google Scholar 

  6. Chen, D., Wang, M.: A home security ZigBee network for remote monitoring applications. In: International Conference on Wireless, Mobile and Multimedia Networks, pp. 1–4. IET (2006)

    Google Scholar 

  7. Chong, C.N., Peng, Z., Hartel, P.H.: Secure audit logging with tamper-resistant hardware. In: Gritzalis, D., De Capitani di Vimercati, S., Samarati, P., Katsikas, S. (eds.) SEC 2003. ITIFIP, vol. 122, pp. 73–84. Springer, Boston, MA (2003). https://doi.org/10.1007/978-0-387-35691-4_7

    Chapter  Google Scholar 

  8. Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive, 2016:86 (2016). https://eprint.iacr.org/2016/086.pdf

  9. GlobalPlatform: TEE Protection Profile (v1.2) (2014)

    Google Scholar 

  10. GlobalPlatform: TEE Internal Core API (v1.1.1) (2016)

    Google Scholar 

  11. GlobalPlatform: TEE System Architecture (v1.1) (2017)

    Google Scholar 

  12. Hartung, G.: Attacks on secure logging schemes. IACR Cryptology ePrint Archive, 2017:95 (2017). https://eprint.iacr.org/2017/095.pdf

  13. Holt, J.E.: Logcrypt: forward security and public verification for secure audit logs. In: Proceedings of the 2006 Australasian Workshops on Grid Computing and E-research, pp. 203–211. Australian Computer Society Inc. (2006)

    Google Scholar 

  14. International Standards Organisation: ISO/IEC 27001:20133 - Information Technology, Security Techniques, Information Security Management Systems, Requirements (2013). https://www.iso.org/standard/54534.html

  15. Karande, V., Bauman, E., Lin, Z., Khan, L.: SGX-log: securing system logs With SGX. In: Proceedings of the 2017 Asia Conference on Computer and Communications Security, ASIA CCS 2017, NY, USA, pp. 19–30. ACM (2017)

    Google Scholar 

  16. Kent, K., Souppaya, M.: Guide to computer security log management. NIST Spec. Publ. 800-92 (2006)

    Google Scholar 

  17. Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631–648. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_34

    Chapter  Google Scholar 

  18. Krawczyk, H., Eronen, P.: RFC 5869 - HMAC-based Extract-and-expand Key Derivation Function (HKDF), May 2010. https://tools.ietf.org/html/rfc5869

  19. Linaro: OP-TEE: Open Portable Trusted Execution Environment (2017). https://www.op-tee.org/

  20. Ma, D., Tsudik, G.: A new approach to secure logging. ACM Trans. Storage 5(1), 2 (2009)

    Article  Google Scholar 

  21. McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: efficient TCB reduction and attestation. In: 2010 IEEE Symposium on Security and Privacy, pp. 143–158. IEEE (2010)

    Google Scholar 

  22. Micallef, N., Kayacık, H.G., Just, M., Baillie, L., Aspinall, D.: Sensor use and usefulness: trade-offs for data-driven authentication on mobile devices. In: IEEE International Conference on Pervasive Computing and Communications, pp. 189–197. IEEE (2015)

    Google Scholar 

  23. Nguyen, H., Acharya, B., Ivanov, R., Haeberlen, A., Phan, L.T.X., Sokolsky, O., Walker, J., Weimer, J., Hanson, W., Lee, I.: Cloud-based secure logger for medical devices. In: IEEE 1st International Conference on Connected Health: Applications, Systems and Engineering Technologies, pp. 89–94, June 2016

    Google Scholar 

  24. Patel, S., Park, H., Bonato, P., Chan, L., Rodgers, M.: A review of wearable sensors and systems with applications in rehabilitation. J. Neuro-Eng. Rehabil. 9(1), 21 (2012)

    Article  Google Scholar 

  25. Perez, R., Sailer, R., van Doorn, L., et al.: vTPM: virtualizing the trusted platform module. In: Proceedings of the 15th USENIX Security Symposium, pp. 305–320 (2006)

    Google Scholar 

  26. Rashidi, P., Mihailidis, A.: A survey on ambient-assisted living tools for older adults. IEEE J. Biomed. Health Inform. 17(3), 579–590 (2013)

    Article  Google Scholar 

  27. Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. (TISSEC) 2(2), 159–176 (1999)

    Article  Google Scholar 

  28. Shepherd, C., Akram, R.N., Markantonakis, K.: Establishing mutually trusted channels for remote sensing devices with trusted execution environments. In: 12th International Conference on Availability, Reliability and Security (ARES), pp. 7:1–7:10. ACM (2017)

    Google Scholar 

  29. Shepherd, C., Akram, R.N., Markantonakis, K.: Towards trusted execution of multi-modal continuous authentication schemes. In: Proceedings of the 32nd Symposium on Applied Computing, pp. 1444–1451. ACM (2017)

    Google Scholar 

  30. Shepherd, C., Arfaoui, G., Gurulian, I., Lee, R.P., Markantonakis, K., Akram, R.N., Sauveron, D., Conchon, E.: Secure and trusted execution: past, present, and future - a critical review in the context of the Internet of Things and cyber-physical systems. In: 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 168–177 (2016)

    Google Scholar 

  31. Singaravelu, L., Pu, C., Härtig, H., Helmuth, C.: Reducing TCB complexity for security-sensitive applications: three case studies. In: ACM SIGOPS Operating Systems Review, vol. 40, pp. 161–174. ACM (2006)

    Article  Google Scholar 

  32. Sinha, A., Jia, L., England, P., Lorch, J.R.: Continuous tamper-proof logging using TPM 2.0. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 19–36. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08593-7_2

    Chapter  Google Scholar 

  33. Trustonic: Adoption of Trustonic Security Platforms Passes 1 Billion Device Milestone, February 2017. https://www.trustonic.com/news/company/adoption-trustonic-security-platforms-passes-1-billion-device-milestone/

  34. Yavuz, A.A., Ning, P., Reiter, M.K.: Efficient, compromise resilient and append-only cryptographic schemes for secure audit logging. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 148–163. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32946-3_12

    Chapter  Google Scholar 

Download references

Acknowledgements

Carlton Shepherd is supported by the EPSRC and the British government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/K035584/1). The authors would also like to thank the anonymous reviewers for their valuable comments and suggestions.

Author information

Authors and Affiliations

  1. Smart Card and Internet of Things Security Centre, Information Security Group, Royal Holloway, University of London, Surrey, UK

    Carlton Shepherd, Raja Naeem Akram & Konstantinos Markantonakis

Authors
  1. Carlton Shepherd
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Raja Naeem Akram
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Konstantinos Markantonakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Carlton Shepherd .

Editor information

Editors and Affiliations

  1. City University of Hong Kong, Hong Kong, China

    Gerhard P. Hancke

  2. University of Milan, Milan, Italy

    Ernesto Damiani

Rights and permissions

Reprints and permissions

Copyright information

© 2018 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shepherd, C., Akram, R.N., Markantonakis, K. (2018). EmLog: Tamper-Resistant System Logging for Constrained Devices with TEEs. In: Hancke, G., Damiani, E. (eds) Information Security Theory and Practice. WISTP 2017. Lecture Notes in Computer Science(), vol 10741. Springer, Cham. https://doi.org/10.1007/978-3-319-93524-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-93524-9_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-93523-2

  • Online ISBN: 978-3-319-93524-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation