Security and Robustness for VEDLIoT Components, from Cloud through Edge. Marcelo Pasin. VEDLIoT Conference Track co-located with IoT Tech Expo, Amsterdam, Netherlands, September 2023

1. Marcelo Pasin
Univerity of Neuchâtel,
Switzerand
Security and Robustness for
VEDLIoT Components
from Cloud through Edge
26 September 2023
Alysson Bessani, Simon Bouget, José Cecílio,
Pascal Felber, Erik Funke, Carina Marcus, Jämes
Ménétrey, Shahid Raza, Valerio Schiavoni, Piotr
Zierhoffer

2. 2
Context

3. 3
Context

4. 4
▪ How to improve security and robustness?
▪ We work in the context of machine learning applications
▪ Take into account the continuum: IoT, edge and cloud computing
▪ Security
▪ Provide means for security at all levels, mostly as system functions
▪ Base our solutions on trusted execution environments (TEEs)
▪ Offer, as much as possible, homogeneity through the continuum
▪ Robustness
▪ Robustness problems are context-specific (app specific)
▪ Need to investigate solutions for ML and IoT
▪ Need to consider requirements from use cases
Improving security and robustness
 Wasm enclaves
 Attestation
 Communication
 Hardware simulation
 Fixing errors
in road safety
 Techniques for
adversarial ML

5. 5
▪ Continuum: needs closing the gaps between cloud, edge, and devices
▪ Today’s continuum is dominated by incompatible silos
▪ Need for a seamless environment across all hardware devices and software stacks
▪ Keep good performance, offer high levels of security
▪ Trusted execution environments
▪ Recent evolution by leading CPU manufacturers
▪ Growing trend to execute software within untrusted environments
▪ WebAssembly (Wasm, originally for web page apps)
▪ Portable binary-code for executable programs + system software interfaces
▪ Most popular languages already have some compiler support
▪ WebAssembly + TEE + set of services and support libraries
 Homogeneity greatly helps closing the gaps in the continuum
 Built-in security allows building robust apps that run averywhere
WASM enclaves

6. 6
▪ TWINE: an execution environment suited for WebAssembly applications inside TEEs
▪ Implemented using Intel SGX
▪ Two main blocks
▪ WebAssembly runtime
▪ Adapted WAMR running inside TEE
▪ WASI interface
▪ Bridge between TEE and untrusted env
▪ WATZ: Wasm in Arm TrustZone
▪ Also implements lightweight attestation (IETF RATS) for Wasm apps
Attestation Mechanisms for Trusted Execution Environments Demystified, DAIS 2022
WebAssembly as a Common Layer for the Cloud-edge Continuum, FRAME 2022.
WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone, ICDCS 2022.
Twine: An Embedded Trusted Runtime for WebAssembly, ICDE 2021.
WebAssembly runtime

7. 7
▪ Remote attestation certification for IoT assurance
▪ Remote attestation verifies the authenticity and integrity of software
▪ Resulting certificate form the basis of mutual trust
▪ Time-of-Check vs Time-of-Use Attacks (TOCTOU)
▪ No temporal guarantees: software compromised after certification, but before use
▪ Solution: attestation is done at time of use, with continuous audit mechanisms
▪ TruCerT approach: to combine IoT assurance with PKI digital certificate
(Authentication-Assurance Certificate)
▪ IETF RATS leveraging secure hardware (TPM 2.0)
▪ Standardized way for distributing certificates (X509 + extensions)
AutoCert: Automated TOCTOU-secure digital certification for IoT with combined authentication and assurance, Comp & Sec 2023.
ShieLD: Shielding Cross-Zone Communication Within Limited-Resourced IoT Devices Running Vulnerable Software Stack, TDSC 2023.
Remote attestation

8. 8
▪ SIRE: Byzantine fault-tolerant service for IoT
▪ No central point of failure
▪ Based on scalable SmartBFT (high perf)
▪ Services implemented
▪ Remote attestation
▪ Membership management
▪ Coordination primitives
▪ Auditable integrity-protected storage
On the Minimal Knowledge Required for Solving Stellar Consensus, ICDCS 2023.
COBRA: Dynamic Proactive Secret Sharing for Confidential BFT Services, IEEE SP 2022.
Security in the attestation process

9. 9
▪ Pub/sub ➙ effective comm mechanism for the continuum
▪ Scale and distribute communications across heterogeneous architectures
▪ We developed a secure, attested pub/sub system (using TWINE: Wasm + SGX)
▪ Compatible with most of the state-of-the-art (Mosquitto, WolfSSL)
▪ Mutual attestation: extended TLS handshake embeds attestation evidence
Secure, attested, publish-subscribe for IoT and edge
Broker
Producer
Endpoint
TEE
WASM
Broker
logic
Mosquitto
TLS
library
TEE
API
TEE
Subscriber
Endpoint
TEE
Persistence
WASI
TLScer-
tificates
Global CA
Endpoint
IoT Cloud Cloud IoT

10. 10
Hardware Platform for IoT Security
▪ Easy and secure tool
▪ Shields IoT devices from the main network
▪ Uses VPN technology
▪ Encrypts and encapsulates network traffic
Key Features
▪ IoT devices are separated from the company LAN
▪ Encrypted traffic up to 100 Mbit/s per IoT device
▪ WiFi and LoRa support
▪ Cross-network communication
▪ Access restriction and communication control
▪ Web application
for device monitoring and control
Secure IoT gateway

11. 11
▪ Renode - Antmicro’s open-source functional simulator
▪ Extended with new co-simulation functionality
▪ Coupled functional and cycle-accurate simulation
▪ Robust development flow and testability of ML accelerators, especially for FPGA workflows
▪ Custom Function Units integration
▪ Accelerator hardware tightly coupled into the processor pipeline
▪ Custom RISC-V instructions, ML accelerators
▪ Project with Google (https://github.com/google/CFU-Playground/)
▪ Interface with Verilator (converts HDL to a cycle-accurate model in C++)
▪ Direct Programming Interface support
▪ Interfaces HDL with foreign languages
▪ Allows for co-simulation with a range of tools: Verilator, Questa, Vivado, etc.
Robust hardware simulation

12. 12
▪ VEDLIoT automotive use case applies ML models in the context of road safety
▪ Incorporate monitoring and mitigation strategies to manage run-time errors
▪ Examples of error types and their management
▪ External errors
▪ Mitigable: error in vehicle localization ➙ involve redundant sources of position
▪ Non-mitigable: sudden, unexpected harsh weather, outside ODD* for sensors ➙ alert the driver
▪ Internal errors
▪ Mitigable: loss of stored system information ➙ use redundant storage locations
▪ Non-mitigable: timing errors within a system ➙ create a warning
*ODD: Operational Design Domain
Strategies to increase ML models safety

13. 13
▪ ML training often needs high data volumes
▪ Outsourced data from different sources may include (aggregated) malicious data
▪ Data poisoning: malicious data samples intentionally injected in training
▪ Attacker manipulates model's behaviour during inference, cause incorrect decisions
▪ To detect malicious data
▪ Original data is artificially reconstructed
▪ Mapped back to the original input space
▪ Use thresholds as decision boundary
▪ Separate normal input from abnormal ones
Defence against data poisoning attacks

14. 14
▪ Security built bottom-up
▪ WebAssembly enclaves
▪ Attestation (IoT support, decentralised BFT service)
▪ Secure communication and networking
▪ Robustness built top-down
▪ Robust development flow with hardware simulation
▪ Monitoring and mitigation for safe intelligent vehicles
▪ Preventing attacks on adversarial training data
Summary

15. 15
Thank you for your attention.
Marcelo Pasin
Univerity of Neuchâtel,
Switzerand
Security and Robustness for
VEDLIoT Components
from Cloud through Edge

16. 16
EXTRA SLIDES

17. 17
▪ Hardware Components
▪ IoT Bridge – entry point for the VPN
connection. It is placed between the IoT
device and LAN.
▪ Local Gateway – functions as VPN Tunnel
supplier inside the local network. It comes
as a 19″ 1HE rackmount server.
▪ Network Cockpit – The control interface
for the components listed above. It is a
web application, which allows monitoring
and configuration.
With an easy-to-use web application, the Secure IoT
Gateway allows complete control over IoT Bridges
and IoT Gateways – the hardware counterpart that
ensures encrypted and controlled network traffic.
Gateway architecture