Fine-Grained Access Control-Enabled Logging Method on ARM TrustZone
- Authors
- Lee, Seungho; Jo, Hyo Jin; Choi, Wonsuk; Kim, Hyoseung; Park, Jong Hwan; Lee, Dong Hoon
- Issue Date
- 2020
- Publisher
- IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
- Keywords
- Embedded system; secure logging; privacy; access controls
- Citation
- IEEE ACCESS, v.8, pp.81348 - 81364
- Indexed
- SCIE
SCOPUS
- Journal Title
- IEEE ACCESS
- Volume
- 8
- Start Page
- 81348
- End Page
- 81364
- URI
- https://scholar.korea.ac.kr/handle/2021.sw.korea/59007
- DOI
- 10.1109/ACCESS.2020.2991431
- ISSN
- 2169-3536
- Abstract
- Most applications for the Internet of Things operate on embedded systems. In particular, embedded devices intended for smart healthcare, smart homes, and smart cars generate logs containing sensitive user information. These logs must be protected from malicious users while also being accessible for legitimate users to utilize them for providing customized services. Unfortunately, the existing logging system only supporting one-to-one encryption based on a server-client model, so there are limitations in building a decentralized logging infrastructure for the hyper-connected era. In this paper, we propose a new secure logging method that supports one-to-many encryption and extends existing logging systems to a decentralized logging infrastructure. In the proposed method, log publishers are able to encrypt generated logs and distribute them to cloud storage in real time and can ensure that only authorized log subscribers access the logs. For one-to-many encryption, we apply a key-policy attribute-based encryption scheme which is suitable for logging systems. For reliability and efficiency of logs, we apply a key-derivation process that cooperates with one-way hash functions within a trusted execution environment. In a real time logging scenario, the proposed method is 93% faster and occupies 83% less storage space than when an original attribute-based encryption scheme is applied. In addition, performance-tunable parameters can optimize our method for various environments.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - School of Cyber Security > Department of Information Security > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.