With the increasing popularity of Internet of Things (IoT) devices, securing sensitive user data has emerged as a major challenge. These devices often collect confidential information, such as audio and visual data, through peripheral inputs like microphones and cameras. Such sensitive information is then exposed to potential threats, either from malicious software with high-level access rights or transmitted (sometimes inadvertently) to untrusted cloud services. In this paper, we propose a generic design to enhance the privacy in IoT-based systems by isolating peripheral I/O memory regions in a secure kernel space of a trusted execution environment (TEE). Only a minimal set of peripheral driver code, resident within the secure kernel, can access this protected memory area. This design effectively restricts any unauthorised access by system software, including the operating system and hypervisor. The sensitive peripheral data is then securely transferred to a user-space TEE, where obfuscation mechanisms can be applied before it is relayed to third parties, e.g., the cloud. To validate our architectural approach, we provide a proof-of-concept implementation of our design by securing an audio peripheral based on inter-IC sound (I2S), a serial bus to interconnect audio devices. The experimental results show that our design offers a robust security solution with an acceptable computational overhead.

翻译：随着物联网（IoT）设备的日益普及，保护敏感用户数据已成为重大挑战。这些设备通常通过麦克风、摄像头等外设输入采集音视频等机密信息。此类敏感数据随后暴露于潜在威胁之中——既可能遭受具有高访问权限的恶意软件攻击，也可能（有时无意中）被传输至不可信的云服务。本文提出一种通用设计方案，通过在可信执行环境（TEE）的安全内核空间中隔离外设I/O内存区域来增强物联网系统的隐私保护。仅驻留在安全内核中的最小化外设驱动代码可访问该受保护内存区域。该设计有效限制了包括操作系统和hypervisor在内的系统软件的未授权访问。敏感外设数据随后被安全传输至用户空间TEE，在转发至第三方（如云服务）前可应用混淆机制。为验证架构可行性，我们通过基于集成电路音频总线（I2S）——一种互连音频设备的串行总线——保护音频外设，实现了概念验证系统。实验结果表明，本设计在可接受的计算开销下提供了鲁棒的安全解决方案。