Securing cloud-hosted IoT Workflows with Intel SGX

Abstract: The rapid increase in the number of IoT devices and their widespread applications demands secure and scalable solutions for managing and executing IoT workflows. This thesis investigates the security of IoT workflows created in Node-RED, an open-source visual programming tool, and deployed on untrusted hosts managed by a major cloud service provider, Azure. The hypothesis was that the security of IoT workflows could be improved by utilizing a trusted execution environment, such as Intel SGX. Additionally, an assessment of consequent performance degradation was proposed. A threat model for an IoT workflow system scenario was established using the STRIDE threat modeling framework. An evaluation of the security guarantees provided by the prototype system was performed using an analysis comparing the security guarantees of underlying technologies, predominantly Intel SGX, and aggregating them to establish the security promises of the final system. The performance evaluation of the system was conducted using a set of experimental workflows, executed both natively on Linux and inside Intel SGX. The proposed prototype system was deemed to be capable of mitigating 15 out of 18 potential threats defined in the threat model, which indicates a significant threat risk reduction. However, the added security resulted in degraded performance, which was considerable when executing system calls and significantly noticeable for workflows requiring multi-threading. The results showed that node execution time inside SGX was 4.8 times slower and the mean round trip time for workflow execution was 6 times slower than the native execution. The thesis aims to provide a starting point for estimating performance degradation for potential future applications requiring secure IoT workflow deployment on untrusted hosts.