TY - JOUR
T1 - XTSeH
T2 - A Trusted Platform Module Sharing Scheme towards Smart IoT-eHealth Devices
AU - Lu, Di
AU - Han, Ruidong
AU - Shen, Yulong
AU - Dong, Xuewen
AU - Ma, Jianfeng
AU - Du, Xiaojiang
AU - Guizani, Mohsen
N1 - Publisher Copyright:
© 1983-2012 IEEE.
PY - 2021/2
Y1 - 2021/2
N2 - IoT based eHealth system brings a revolution to healthcare industry, with which the old healthcare systems can be updated into smarter and more personalized ones. The practitioners can continue monitoring the physical status of the patients at anytime and anywhere, and develop more precise treatment plans by analyzing the collected data, such as heart rate, blood pressure, blood glucose. Actually, these smart sensors used in eHealth system are smart embedded devices (SED). Due to the limitations on hardware capabilities, these inter-connected SEDs lack of security considerations in design and implementation, and face the threats from the network. To prevent the malicious users (or programs) from tampering with the SEDs, trusted platform module (TPM) is adopted, which can guarantee the system integrity via detecting unauthorized modifications to data and system environment. However, due to the limited scalability and insufficient system resources, not all SEDs can be deployed with TPM chips. To address this issue, in this paper, a TPM extension scheme (xTSeH) is proposed. In xTSeH, we have extended the functions of a TPM deployed in a SED (TSED) to those non-TPM-protected SEDs (N-TSED) via network. A shadow TPM in the form of a kernel module is designed as the trust base for the N-TSED, which is the representative of the TPM in TSED. Then, three protocols are proposed to implement the integrity verification and inter-SED authentication. Finally, a Raspberry Pi based prototype system is designed and implemented. The feasibility and usability of our scheme are proved by the analysis of the experimental results of system performance.
AB - IoT based eHealth system brings a revolution to healthcare industry, with which the old healthcare systems can be updated into smarter and more personalized ones. The practitioners can continue monitoring the physical status of the patients at anytime and anywhere, and develop more precise treatment plans by analyzing the collected data, such as heart rate, blood pressure, blood glucose. Actually, these smart sensors used in eHealth system are smart embedded devices (SED). Due to the limitations on hardware capabilities, these inter-connected SEDs lack of security considerations in design and implementation, and face the threats from the network. To prevent the malicious users (or programs) from tampering with the SEDs, trusted platform module (TPM) is adopted, which can guarantee the system integrity via detecting unauthorized modifications to data and system environment. However, due to the limited scalability and insufficient system resources, not all SEDs can be deployed with TPM chips. To address this issue, in this paper, a TPM extension scheme (xTSeH) is proposed. In xTSeH, we have extended the functions of a TPM deployed in a SED (TSED) to those non-TPM-protected SEDs (N-TSED) via network. A shadow TPM in the form of a kernel module is designed as the trust base for the N-TSED, which is the representative of the TPM in TSED. Then, three protocols are proposed to implement the integrity verification and inter-SED authentication. Finally, a Raspberry Pi based prototype system is designed and implemented. The feasibility and usability of our scheme are proved by the analysis of the experimental results of system performance.
KW - Internet of Things (IoT)
KW - TPM sharing
KW - remote attestation
KW - smart eHealth device
KW - trusted platform module
UR - http://www.scopus.com/inward/record.url?scp=85091352689&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85091352689&partnerID=8YFLogxK
U2 - 10.1109/JSAC.2020.3020658
DO - 10.1109/JSAC.2020.3020658
M3 - Article
AN - SCOPUS:85091352689
SN - 0733-8716
VL - 39
SP - 370
EP - 383
JO - IEEE Journal on Selected Areas in Communications
JF - IEEE Journal on Selected Areas in Communications
IS - 2
M1 - 9186690
ER -