Safeguarding Data from Deprecated System Software: A Resilient Boot Architecture for Edge Devices Leveraging TEEs

Röckl J, Schulze SM, Funk J, Bernsdorf N, Müller T (2025)

Publication Type: Conference contribution

Publication year: 2025

Journal

Communications in Computer and Information Science Springer Verlag

Publisher: Springer

Series: Communications in Computer and Information Science

City/Town: Cham

Pages Range: 71-98

Event location: Lissabon PT

ISBN: 9783031895173

DOI: 10.1007/978-3-031-89518-0_4

Abstract

Edge computing is becoming increasingly popular as it provides a connection between the Internet of Things and cloud-backed services. Communication network providers have already implemented global edge deployments to ensure low latencies and high flexibility for their customers and sensitive data is both processed and stored on edge nodes. Although physical attacks are a realistic scenario for edge devices due to the geographic dispersion of the devices, they are seldom addressed so far. To this end, we present a novel system architecture that safeguards confidential data on future edge nodes in the event of device theft. Learning from techniques used by law enforcement agencies to extract data from modern smartphones, we identify a correlation between outdated and potentially vulnerable system software and the likelihood of a successful physical attack. For this reason, we propose an architecture that allows a device to derive the disk decryption key only after a trusted remote party like the network operator confirms that the device is running the most up-to-date firmware and operating system. This is a security feature that is absent in commonly used implementations such as Linux’s dm-crypt or Microsoft’s BitLocker. We prototype our system on a real ARM device and show that it has a runtime overhead of less than 5% and a boot delay lower than a second, while we only add 3% of unverified code to the trusted computing base. Therefore, we believe our system is an important advancement for achieving resilient edge devices.

Authors with CRIS profile

Jonas Röckl Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Sven Matti Schulze Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Julian Funk Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Tilo Müller Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)

How to cite

APA:

Röckl, J., Schulze, S.M., Funk, J., Bernsdorf, N., & Müller, T. (2025). Safeguarding Data from Deprecated System Software: A Resilient Boot Architecture for Edge Devices Leveraging TEEs. In Proceedings of the 9th International Conference, ICISSP 2023 (pp. 71-98). Lissabon, PT: Cham: Springer.

MLA:

Röckl, Jonas, et al. "Safeguarding Data from Deprecated System Software: A Resilient Boot Architecture for Edge Devices Leveraging TEEs." Proceedings of the 9th International Conference, ICISSP 2023, Lissabon Cham: Springer, 2025. 71-98.

BibTeX: Download