Secure data processing for IoT middleware systems

Increasingly, more manufacturing companies are equipping their products with smart capabilities which allow them to provide more informed services to customers. Unfortunately, most of these companies lack enough technical capabilities to build scalable platforms to process data collected by the deployed devices. As a result, these device manufacturers rely on IoT middleware companies to provide the needed processing capabilities and scalability. With the proliferation of these middleware services in handling data and the increase in the risk of data leakage and data breaches, we propose an approach that ensures data protection by leveraging trusted hardware-based technology from the recent Software Guard Extension (SGX) provided by Intel. SGX is a new technology that enforces strong isolation by running a process in a secure sandbox called enclave, and it offers remote attestation to ensure computations on an untrusted system are running within an enclave. By deploying SGX in the IoT gateway and the cloud service, we show that our approach prevents attacks on IoT data in transit as well as at rest by using key hashing to enforce message integrity. Our proposed framework ensures the protection of user data on third-party IoT middleware platforms by dividing the IoT data platform into trusted and untrusted modules and ensures the execution of all sensitive data processing in the trusted module which runs inside a hardware protected memory region called as enclave. Our approach enables the user to implement data access policy control within the enclave. Our proposed framework allows the user to verify that the application is running in an authenticated SGX machine and to ensure the application is not modified by a platform owner as a result of the remote attestation mechanism provided by SGX. Meanwhile, our approach defeats low-level attacks and keeps all data securely encrypted without introducing significant overhead.