الفهرس 
IntroductionOnly 14 pages are availabe for public view
 |  | from | 99 |  |  |
| | | from | 99 | | |
Abstract
Increasingly, more manufacturing companies are equipping their products with smart capabilities which allow them to provide more informed services to customers. Unfortunately, most of these companies lack enough technical capabilities to build scalable platforms to process data collected by the deployed devices. As a result, these device manufacturers rely on IoT middleware companies to provide the needed processing capabilities and scalability. With the proliferation of these middleware services in handling data and the increase in the risk of data leakage and data breaches. Some of the IOT devices give their user the ability to access diffirent websites, which makes him vulnerable to website Fingerprinting attack. website Fingerprinting is a kind of network traffic analysis that has been increasingly used in various applications to threaten people, information, and systems. We propose two approaches that help user to protect sensitive data and privacy by leveraging trusted hardware-based technology from the recent Software Guard eXtension (SGX) provided by Intel and by introducing a novel defense algorithm to counteract the website fingerprinting attacks. The first approach use SGX which is a new technology that enforces strong isolation by running a process in a secure sandbox called enclave, and it offers remote attestation to ensure computations on an untrusted system is running within an enclave. By deploying SGX in the IoT gateway and the cloud service, we show that our approach prevents attacks on IoT data in transit as well as at rest by using key hashing to enforce message integrity. Our proposed framework ensures the protection of user data on third-party IoT middle-ware platforms by dividing the IoT data platform into trusted and untrusted modules and ensures the execution of all sensitive data processing in the trusted module which runs inside a hardware protected memory region called as Enclave. Our approach enables the user to implement data access policy control within the enclave. Our proposed framework allows the user to verify the application is running in an authenticated SGX machine and to ensure the application is not modified by a platform owner as a result of the remote attestation mechanism provided by SGX. Meanwhile, our approach defeats low-level attacks and keeps all data securely encrypted without introducing significant overhead. In this context, we will mention the first applied approach as SGX-Technique.