With the increasing popularity of Internet of Things (IoT) devices, securing sensitive user data has emerged as a major challenge. These devices often collect confidential information, such as audio and visual data, through peripheral inputs like microphones and cameras. Such sensitive information is then exposed to potential threats, either from malicious software with high-level access rights or transmitted (sometimes inadvertently) to untrusted cloud services. In this paper, we propose a generic design to enhance the privacy in IoT-based systems by isolating peripheral I/O memory regions in a secure kernel space of a trusted execution environment (TEE). Only a minimal set of peripheral driver code, resident within the secure kernel, can access this protected memory area. This design effectively restricts any unauthorised access by system software, including the operating system and hypervisor. The sensitive peripheral data is then securely transferred to a user-space TEE, where obfuscation mechanisms can be applied before it is relayed to third parties, e.g., the cloud. To validate our architectural approach, we provide a proof-of-concept implementation of our design by securing an audio peripheral based on inter-IC sound (I2S), a serial bus to interconnect audio devices. The experimental results show that our design offers a robust security solution with an acceptable computational overhead.

翻译：随着物联网设备的日益普及，保护敏感用户数据已成为一项重大挑战。这些设备常通过麦克风、摄像头等外设接口采集音频、视频等机密信息，进而使此类敏感数据暴露于潜在威胁之下——既可能遭受具备高级权限的恶意软件攻击，也可能被（有时是无意中）传输至不可信的云服务。本文提出一种通用设计，通过将外设输入输出内存区域隔离至可信执行环境的安全内核空间，以增强物联网系统的隐私性。仅有驻留在安全内核中的最小化外设驱动代码可访问该受保护内存区域，此设计有效限制操作系统及虚拟机监控器等系统软件的未授权访问。敏感外设数据随后被安全传输至用户空间的可信执行环境，在转发给第三方（如云端）前可施以混淆机制。为验证该架构方案，我们基于集成电路内置音频总线（一种用于互连音频设备的串行总线）实现音频外设的安全防护，完成了概念验证原型。实验结果表明，该设计在可接受的计算开销下提供了稳健的安全解决方案。