With the prosperity of the Internet of Medical Things (IoMT), ensuring privacy regulation-compliant, patient-trusted data management without reliance on IoMT providers is critical. While legislation mandates providers to be accountable, the trustworthiness of IoMT providers is undermined by their conflicting roles of data processor and data processing activity logger. A curious or malicious provider can easily copy and abuse data undetected, with both roles. Moreover, the IoMT data processing code is a proprietary asset of the provider, making public verification infeasible. This necessitates a trusted data processing paradigm that operates securely even when both the IoMT provider and their code are untrusted. By leveraging trusted execution environments (TEE), we propose a time-series data management system (DMS) with trust shifted from IoMT providers to hardware vendors, enabling low-overhead trusted data processing with a small trusted computing base (TCB). Benchmarks are performed over a minimal prototype, and the results show low latency, low memory footprint, and a small TCB for custom code (excluding dependencies). Security analysis of the architecture confirms end-to-end confidentiality, integrity, and rollback resistance under a strong threat model with untrusted providers. Our approach complies with privacy principles, is scalable via patient-wise microservice partitioning for edge-cloud deployments, and can integrate cross-platform TEE solutions for portability.
Zhou et al. (Sat,) studied this question.