MQT-TZ: Running mosquitto in the TrustZone
Repository Directory:
- Implementation:
- Dissemination:
To-Do List:
Implementation:
- Client:
- Key Exchange
- Support Asymmetric Encryption.
- Key Exchange
- Broker:
- Key Exchange
- Filter
id_query
Topics - Support Asymmetric Encryption
- Filter
- Payload Reencryption
- Key Retrieval from Persistent Storage Working.
- Locate where in the broker implementation do the reencryption
- Link with the pluggable reencryption method
- Key Exchange
- Deployment:
- Run custom
mosquitto
implementation in Buildroot - Move everything to my personal laptop
- Run custom
Evaluation:
- Make artificial ECG generator.
- Get my hands on the
.h5
file!!!
- Get my hands on the
- Microbenchmarks:
- uB1: TrustZone Reencryption:
- How many bytes/second can we reencrypt in the SW and how does it compare to the Normal World?
- Measure:
- Time to retrieve decrypt Key from Secure Storage
- Time to decrypt payload
- Time to retrieve encrypt key from Secure Storage
- Time to encrypt payload
- Vary:
- Run in NW vs SW
- Load Key from persistent storage vs in memory?
- Payload Size of 1kB, 4kB, 8kB, 16kB
- Plot Structure:
- uB2: Key Exchange Performance
- How much time does our Key Exchange protocl take?
- Measure:
- Time Spent for the 1st Key Exchange
- Overhead (
mosquitto
connect + TLS Handshake) - Time in client (generate Symmetric Key)
- Time in server:
- Time outside TZ: before TA call and after.
- Time inside TZ: decrypt and store in SS
- Time in client (decrypt OK)
- Overhead (
- Time spent for the 2nd Key Exchange (epsilon?) no interaction w/ server
- Time Spent for the 1st Key Exchange
- Compare w/ what?
- uB1: TrustZone Reencryption:
- Macrobenchmarks
- MB1: Streaming a whole 100 Hz ECG
- What is the performance of our secure MQTT broker when streaming a whole 100 Hz ECG during a given period of time.
- Measure:
- Overall Latency defined as time from sending first byte to the last one.
- Time spent in 1st Handshake (Key Exchange)
- Client Encryption Time
- Time Spent in Broker
- Time spent in TZ
- Client Decryption Time
- Time spent in >1 handshakes (no key exchange)
- Compare:
- Vanilla
mosquitto
- Vanilla
mosquitto
w/ TLS + ACL - MQTTZ w/ reencryption in the NS world
- MQTTZ w/ reencryption in the S world
- HiveMQ (w/ and w/out TLS if available)
- Tesarakt: request a Demo? lol
- A secure Pub/Sub alternative platform/protocol (rather than MQTT)
- Vanilla
- Vary:
- Package Size?
- Considerations:
- What implicit flow control mechanisms are running under the hood? (
mosquitto
, ...)
- What implicit flow control mechanisms are running under the hood? (
- Plot Structure
- MB1: Streaming a whole 100 Hz ECG
Figures:
- F1: MQT-TZ Architecture
- F2: Key Exchange Protocol
- F3: TrustZone Architecutre?
Dissemination:
- 15/08/19 - SysTEX
- Plots:
- Figures:
- F1: make it one-column width
- Notes:
- Make one-liner of the authors
- 06/09/19 - Middleware (Industrial Track)