ABSTRACT
Due to its flexibility in terms of charging and billing, the smart grid is an enabler of many innovative energy consumption scenarios. One such example is when a landlord rents their property for a specific period to tenants. Then the electricity bill could be redirected from the landlord's utility to the tenant's utility. This novel scenario of the smart grid ecosystem, defined in this paper as Grid-to-Go (G2Go), promotes a green economy and can drive rent reductions. However, it also creates critical privacy issues, since utilities may be able to track the tenant's activities. This paper presents P4G2Go, a novel privacy-preserving scheme that provides strong security and privacy assertions for roaming consumers against honest but curious entities of the smart grid. At the heart of P4G2Go lies the Idemix cryptographic protocol suite, which utilizes anonymous credentials and provides unlinkability of the consumer activities. Our scheme is complemented by the MASKER protocol, used to protect the consumption readings, and the FIDO2 protocol for strong and passwordless authentication. We have implemented the main components of P4G2Go, to quantitatively assess its performance. Finally, we reason about its security and privacy properties, proving that P4G2Go achieves to fulfill the relevant objectives.
ABSTRACT
TrustZone-based Trusted Execution Environments (TEEs) have been utilized extensively for the implementation of security-oriented solutions for several smart intra and inter-connected devices. Although TEEs have been promoted as the starting point for establishing a device root of trust, a number of published attacks against the most broadly utilized TEE implementations request a second view on their security. The aim of this research is to provide an analytical and educational exploration of TrustZone-based TEE vulnerabilities with the goal of pinpointing design and implementation flaws. To this end, we provide a taxonomy of TrustZone attacks, analyze them, and more importantly derive a set of critical observations regarding their nature. We perform a critical appraisal of the vulnerabilities to shed light on their underlying causes and we deduce that their manifestation is the joint effect of several parameters that lead to this situation. The most important ones are the closed implementations, the lack of security mechanisms, the shared resource architecture, and the absence of tools to audit trusted applications. Finally, given the severity of the identified issues, we propose possible improvements that could be adopted by TEE implementers to remedy and improve the security posture of TrustZone and future research directions.
