Ensuring End-to-End IoT Data Security and Privacy Through Cloud-Enhanced Confidential Computing

IoT devices gather data from the most intimate and sensitive aspects of our lives, transmitting it to untrusted cloud services for further managing and automating tasks through interconnecting smart devices without human intervention. To safeguard sensitive and private IoT data, solutions based on Trusted Execution Environments (Tees) could be utilized, providing end-to-end encrypted solution. Specifically, Tees securely process sensitive data within a protected area of the processor, isolated from the main operating system and applications, ensuring data confidentiality and integrity. However, in this study, we demonstrate that the end-to-end encryption offered by Tee based solutions for IoT devices may not be entirely sufficient. We present the first attack against Tee-based IoT solutions that can deduce sensitive information, such as a motion sensor reading, merely by analyzing memory access patterns. Our findings show that we can identify the type of device with about 95% accuracy and determine the values sent by IoT devices, like temperature readings, with approximately 85% accuracy. To counter these vulnerabilities, we design a system that enhances data security for IoT solutions in the untrusted cloud, using techniques like data oblivious execution and padding. With these defenses, we observe significant reduction in accuracy of device type detection and value prediction to at most 27% and 19%, respectively.