Research & Innovation

As edge computing advances, the growing threat of quantum computers is driving public key cryptographic standards toward deprecation by 2030. Many studies focus on postquantum algorithms for constrained devices, and others tackle scalable edge management, yet very few examine the edge operating system as the point where performance, reliability, and post-quantum security converge. This thesis begins by outlining a framework of key requirements for reliable and scalable edge operating systems, then addresses the research gap through an empirical comparison of three OS architectures (mutable, immutable, and container-based) using six Linux distributions deployed on a Raspberry Pi 4B edge node.

A reproducible testbed was used to conduct three evaluations. The first measured system-level performance, including CPU, RAM, and disk I/O. The second assessed the operating system’s resilience during system updates interrupted by power loss. The third evaluated the latency of two NIST post-quantum cryptography standards: ML-KEM and ML-DSA. Statistical analysis revealed that the immutable design of NixOS provides the best overall balance, offering top-tier throughput with atomic and declarative updates that withstood every fault-injection scenario. The container-based system openSUSE MicroOS matched NixOS in automated rollback capability and passed every power-failure test, yet introduced higher PQC latencies and disk-I/O overhead. Mutable systems (Ultramarine Linux, Manjaro ARM, DietPi, Raspberry Pi OS Lite) showed varied performance strengths but shared a critical weakness. Ultramarine delivered the fastest post-quantum operations, Manjaro offered a well-rounded balance, DietPi excelled in RAM throughput thanks to its minimal footprint, and Raspberry Pi OS Lite provided a stable baseline. Yet every one of these mutable distributions failed to reboot cleanly after power-cut interruptions and required manual repair.

These results confirm that OS architecture directly affects system performance, operational resilience, and the runtime cost of quantum-safe cryptography. OS choice must be treated as a primary design decision for future edge deployments rather than a question of convenience or familiarity.

Automation apps enable seamless connection of IoT devices and services to provide useful functionality for end-users. Apps are typically executed on cloud-based Trigger-Action Platforms (TAPs) such as IFTTT and NodeRED, supporting both single- and multi-tenant models. Such models raise security and privacy concerns in the face of cloud attackers and malicious app makers, resulting in massive and uncontrolled exfiltration of sensitive user data.

To address these concerns, we design TAPShield, an architecture that uses confidential computing and languagelevel sandboxing to protect user data against untrustworthy TAPs and malicious apps. TAPShield targets JavaScriptdriven TAPs built on the Node.js environment and uses trusted execution environments implemented with Intel SGX to protect against cloud attackers. It further uses languagelevel sandboxes such as vm2 and SandTrap to protect against malicious apps. We implement TAPShield for two popular TAPs, Node-RED and IFTTT, and report on the security, performance, and compatibility trade-offs on a range of realworld apps. Our results show clear security benefits with acceptable performance overhead, while adhering to existing development practices of production-scale TAPs.

Federated Learning (FL), one variant of Machine Learning (ML) technology, has emerged as a prevalent method for multiple parties to collaboratively train ML models in a distributed manner with the help of a central server normally supplied by a Cloud Service Provider (CSP). Nevertheless, many existing vulnerabilities pose a threat to the advantages of FL and cause potential risks to data security and privacy, such as data leakage, misuse of the central server, or the threat of eavesdroppers illicitly seeking sensitive information.

Promisingly advanced cryptography technologies such as Homomorphic Encryption (HE) and Confidential Computing (CC) can be utilized to enhance the security and privacy of FL. However, the development of a framework that seamlessly combines these technologies together to provide confidential FL while retaining efficiency remains an ongoing challenge. In this degree project, we develop a lightweight and user-friendly FL framework called Heflp, which integrates HE and CC to ensure data confidentiality and integrity throughout the entire FL lifecycle. Heflp supports four HE schemes to fit diverse user requirements, comprising three pre-existing schemes and one optimized scheme that we design, named Flashev2, which achieves the highest time and spatial efficiency across most scenarios.

The time and memory overheads of all four HE schemes are also evaluated and a comparison between the pros and cons of each other is summarized. To validate the effectiveness, Heflp is tested on the MNIST dataset and the Threat Intelligence dataset provided by CanaryBit, and the results demonstrate that it successfully preserves data privacy without compromising model accuracy.

The rapid increase in the number of IoT devices and their widespread applications demands secure and scalable solutions for managing and executing IoT workflows. This thesis investigates the security of IoT workflows created in Node-RED, an opensource visual programming tool, and deployed on untrusted hosts managed by a major cloud service provider, Azure. The hypothesis was that the security of IoT workflows could be improved by utilizing a trusted execution environment, such as Intel SGX. Additionally, an assessment of consequent performance degradation was proposed. A threat model for an IoT workflow system scenario was established using the STRIDE threat modeling framework. An evaluation of the security guarantees provided by the prototype system was performed using an analysis comparing the security guarantees of underlying technologies, predominantly Intel SGX, and aggregating them to establish the security promises of the final system. The performance evaluation of the system was conducted using a set of experimental workflows, executed both natively on Linux and inside Intel SGX. The proposed prototype system was deemed to be capable of mitigating 15 out of 18 potential threats defined in the threat model, which indicates a significant threat risk reduction. However, the added security resulted in degraded performance, which was considerable when executing system calls and significantly noticeable for workflows requiring multi-threading. The results showed that node execution time inside SGX was 4.8 times slower and the mean round trip time for workflow execution was 6 times slower than the native execution. The thesis aims to provide a starting point for estimating performance degradation for potential future applications requiring secure IoT workflow deployment on untrusted hosts.