An internet of secure and private things: A service-oriented architecture

Low-cost networked IoT devices are fast becoming commonplace. From implanted medical devices to motion-activated surveillance cameras and from driverless smart cars to voice-operated home management systems, IoT devices continue to permeate further and deeper into our lives. However, this widespread adoption of IoT devices has also given rise to a wide range of security, privacy and trust issues that are unique to the IoT ecosystem. Conventional solutions are ill-suited for the IoT domain due to limited resources, network dynamics, and evolving trust boundaries. Hence, novel mechanisms are needed to address the specific challenges of the IoT landscape. To this end, we propose a user-centric cloud-based service that allows device owners to have fine-grained control over what kind and how much data is shared through their IoT devices. Our scheme builds on top of Intel Software Guard Extensions (SGX) to instantiate secure virtual clones (shadows) of actual devices in the cloud, substantially reducing the attack surface for IoT networks. Furthermore, a scalable infrastructure in the cloud allows us to deploy sophisticated policy enforcement and data scrubbing mechanisms on a per application basis giving users explicit control over data sharing. The presented approach requires little effort on part of device vendors and users as the service provider handles the bulk of the work. We demonstrate the effectiveness of our approach empirically by implementing the service on SGX hardware and deploying advanced data cleansing policies on device-generated data.