Ricard Delgado-Gonzalo

Oscar Benedito, Ricard Delgado-Gonzalo, Valerio Schiavoni

Edge devices are increasingly in charge of storing privacy-sensitive data, in particular implantables, wearables, and nearables can potentially collect and process high-resolution vital signs 24/7. Storing and performing computations over such data in a privacy-preserving fashion is of paramount importance. We present KEVLAR-TZ, an application-level trusted cache designed to leverage ARM TrustZone, a popular trusted execution environment available in consumer-grade devices. To facilitate the integration with existing systems and IoT devices and protocols, KEVLAR-TZ exposes a REST-based interface with connection endpoints inside the TrustZone enclave. Furthermore, it exploits the on-device secure persistent storage to guarantee durability of data across reboots. We fully implemented KEVLAR-TZ on top of the OP-TEE framework, and experimentally evaluated its performance. Our results showcase performance trade-offs, for instance in terms of throughput and latency, for various workloads, and we believe our results can be useful for practitioners and in general developers of systems for TrustZone. KEVLAR-TZ is available as open-source at https://github.com/mqttz/kevlar-tz/.

Carlos Segarra, Ricard Delgado-Gonzalo, Valerio Schiavoni

The publish-subscribe paradigm is an efficient communication scheme with strong decoupling between the nodes, that is especially fit for large-scale deployments. It adapts natively to very dynamic settings and it is used in a diversity of real-world scenarios, including finance, smart cities, medical environments, or IoT sensors. Several of the mentioned application scenarios require increasingly stringent security guarantees due to the sensitive nature of the exchanged messages as well as the privacy demands of the clients/stakeholders/receivers. MQTT is a lightweight topic-based publish-subscribe protocol popular in edge and IoT settings, a de-facto standard widely adopted nowadays by the industry and researchers. However, MQTT brokers must process data in clear, hence exposing a large attack surface. This paper presents MQT-TZ, a secure MQTT broker leveraging Arm TrustZone, a trusted execution environment (TEE) commonly found even on inexpensive devices largely available on the market (such as Raspberry Pi units). We define a mutual TLS-based handshake and a two-layer encryption for end-to-end security using the TEE as a trusted proxy. The experimental evaluation of our fully implemented prototype with micro-, macro-benchmarks, as well as with real-world industrial workloads from a MedTech use-case, highlights several trade-offs using TrustZone TEE. We report several lessons learned while building and evaluating our system. We release MQT-TZ as open-source.

Carlos Segarra, Ricard Delgado-Gonzalo, Valerio Schiavoni

Physical health records belong to healthcare providers, but the information contained within belongs to each patient. In an increasing manner, more health-related data is being acquired by wearables and other IoT devices following the ever-increasing trend of the "Quantified Self". Even though data protection regulations (e.g., GDPR) encourage the usage of privacy-preserving processing techniques, most of the current IoT infrastructure was not originally conceived for such purposes. One of the most used communication protocols, MQTT, is a lightweight publish-subscribe protocol commonly used in the Edge and IoT applications. In MQTT, the broker must process data on clear text, hence exposing a large attack surface for a malicious agent to steal/tamper with this health-related data. In this paper, we introduce MQT-TZ, a secure MQTT broker leveraging Arm TrustZone, a popular Trusted Execution Environment (TEE). We define a mutual TLS-based handshake and a two-layer encryption for end-to-end security using the TEE as a trusted proxy. We provide quantitative evaluation of our open-source PoC on streaming ECGs in real time and highlight the trade-offs.

Pierre Louis Gaudilliere, Halla Sigurthorsdottir, Clémentine Aguet et al.

ECG heartbeat classification plays a vital role in diagnosis of cardiac arrhythmia. The goal of the Physionet/CinC 2021 challenge was to accurately classify clinical diagnosis based on 12, 6, 4, 3 or 2-lead ECG recordings in order to aid doctors in the diagnoses of different heart conditions. Transformers have had great success in the field of natural language processing in the past years. Our team, CinCSEM, proposes to draw the parallel between text and periodic time series signals by viewing the repeated period as words and the whole signal as a sequence of such words. In this way, the attention mechanisms of the transformers can be applied to periodic time series signals. In our implementation, we follow the Transformer Encoder architecture, which combines several encoder layers followed by a dense layer with linear or sigmoid activation for generative pre-training or classification, respectively. The use case presented here is multi-label classification of heartbeat abnormalities of ECG recordings shared by the challenge. Our best entry, not exceeding the challenge's hardware limitations, achieved a score of 0.12, 0.07, 0.10, 0.10 and 0.07 on 12-lead, 6-lead, 4-lead, 3-lead and 2-lead test set respectively. Unfortunately, our team was unable to be ranked because of a missing pre-print.

Jérôme Van Zaen, Ricard Delgado-Gonzalo, Damien Ferrario Mathieu Lemay

Except for a few specific types, cardiac arrhythmias are not immediately life-threatening. However, if not treated appropriately, they can cause serious complications. In particular, atrial fibrillation, which is characterized by fast and irregular heart beats, increases the risk of stroke. We propose three neural network architectures to detect abnormal rhythms from single-lead ECG signals. These architectures combine convolutional layers to extract high-level features pertinent for arrhythmia detection from sliding windows and recurrent layers to aggregate these features over signals of varying durations. We applied the neural networks to the dataset used for the challenge of Computing in Cardiology 2017 and a dataset built by joining three databases available on PhysioNet. Our architectures achieved an accuracy of 86.23% on the first dataset, similar to the winning entries of the challenge, and an accuracy of 92.02% on the second dataset.

Halla Sigurthorsdottir, Jérôme Van Zaen, Ricard Delgado-Gonzalo et al.

We developed a convolutional recurrent neural network to classify 12-lead ECG signals for the challenge of PhysioNet/ Computing in Cardiology 2020 as team Pink Irish Hat. The model combines convolutional and recurrent layers, takes sliding windows of ECG signals as input and yields the probability of each class as output. The convolutional part extracts features from each sliding window. The bi-directional gated recurrent unit (GRU) layer and an attention layer aggregate these features from all windows into a single feature vector. Finally, a dense layer outputs class probabilities. The final decision is made using test time augmentation (TTA) and an optimized decision threshold. Several hyperparameters of our architecture were optimized, the most important of which turned out to be the choice of optimizer and the number of filters per convolutional layer. Our network achieved a challenge score of 0.511 on the hidden validation set and 0.167 on the full hidden test set, ranking us 23rd out of 41 in the official ranking.

Antonino Faraone, Ricard Delgado-Gonzalo

Low-power sensing technologies, such as wearables, have emerged in the healthcare domain since they enable continuous and non-invasive monitoring of physiological signals. In order to endow such devices with clinical value, classical signal processing has encountered numerous challenges. However, data-driven methods, such as machine learning, offer attractive accuracies at the expense of being resource and memory demanding. In this paper, we focus on the inference of neural networks running in microcontrollers and low-power processors which wearable sensors and devices are generally equipped with. In particular, we adapted an existing convolutional-recurrent neural network, designed to detect and classify cardiac arrhythmias from a single-lead electrocardiogram, to the low-power embedded System-on-Chip nRF52 from Nordic Semiconductor with an ARM's Cortex-M4 processing core. We show our implementation in fixed-point precision, using the CMSIS-NN libraries, yields a drop of $F_1$ score from 0.8 to 0.784, from the original implementation, with a memory footprint of 195.6KB, and a throughput of 33.98MOps/s.

Carlos Segarra, Enric Muntané, Mathieu Lemay et al.

Medical data belongs to whom it produces it. In an increasing manner, this data is usually processed in unauthorized third-party clouds that should never have the opportunity to access it. Moreover, recent data protection regulations (e.g., GDPR) pave the way towards the development of privacy-preserving processing techniques. In this paper, we present a proof of concept of a streaming IoT architecture that securely processes cardiac data in the cloud combining trusted hardware and Spark. The additional security guarantees come with no changes to the application's code in the server. We tested the system with a database containing ECGs from wearable devices comprised of 8 healthy males performing a standarized range of in-lab physisical activities (e.g., run, walk, bike). We show that, when compared with standard Spark Streaming, the addition of privacy comes at the cost of doubling the execution time.

Jérôme Van Zaen, Olivier Chételat, Mathieu Lemay et al.

While most heart arrhythmias are not immediately harmful, they can lead to severe complications. In particular, atrial fibrillation, the most common arrhythmia, is characterized by fast and irregular heart beats and increases the risk of suffering a stroke. To detect such abnormal heart conditions, we propose a system composed of two main parts: a smart vest with two cooperative sensors to collect ECG data and a neural network architecture to classify heart rhythms. The smart vest uses two dry bi-electrodes to record a single lead ECG signal. The biopotential signal is then streamed via a gateway to the cloud where a neural network detects and classifies the heart arrhythmias. We selected an architecture that combines convolutional and recurrent layers. The convolutional layers extract relevant features from sliding windows of ECG and the recurrent layer aggregates them for a final softmax layer that performs the classification. Our neural network achieves an accuracy of 87.50% on the dataset of the challenge of Computing in Cardiology 2017.

Engin Türetken, Jérôme Van Zaen, Ricard Delgado-Gonzalo

The rapidly-advancing technology of deep learning (DL) into the world of the Internet of Things (IoT) has not fully entered in the fields of m-Health yet. Among the main reasons are the high computational demands of DL algorithms and the inherent resource-limitation of wearable devices. In this paper, we present initial results for two deep learning architectures used to diagnose and analyze sleep patterns, and we compare them with a previously presented hand-crafted algorithm. The algorithms are designed to be reliable for consumer healthcare applications and to be integrated into low-power wearables with limited computational resources.

Carlos Segarra, Ricard Delgado-Gonzalo, Mathieu Lemay et al.

Processing sensitive data, such as those produced by body sensors, on third-party untrusted clouds is particularly challenging without compromising the privacy of the users generating it. Typically, these sensors generate large quantities of continuous data in a streaming fashion. Such vast amount of data must be processed efficiently and securely, even under strong adversarial models. The recent introduction in the mass-market of consumer-grade processors with Trusted Execution Environments (TEEs), such as Intel SGX, paves the way to implement solutions that overcome less flexible approaches, such as those atop homomorphic encryption. We present a secure streaming processing system built on top of Intel SGX to showcase the viability of this approach with a system specifically fitted for medical data. We design and fully implement a prototype system that we evaluate with several realistic datasets. Our experimental results show that the proposed system achieves modest overhead compared to vanilla Spark while offering additional protection guarantees under powerful attackers and threat models.