Browsing by Author "Zhang, Xiaoyu"

Filter results by typing the first few letters
Now showing 1 - 2 of 2
  • Thumbnail Image
    ItemOpen Access
    Comparison of prominent trusted execution environments
    (2022) Zhang, Xiaoyu
    In recent years, the need for people to be able to do anything on the go has risen. Especially in eastern countries like China, India, and Japan online payment methods like WeChat pay, Alipay, or other mobile wallets are becoming more predominant, making old-fashioned cash transactions obsolete. This trend has led to rising security requirements for applications running on smartphones or other mobile devices. Therefore, the devices must be able to process transactions for the user and service providers confidentially. A solution to this are Trusted Execution Environment (TEE), which provide an isolated execution environment and secure storage where users can store and process vital information, for example, passwords, biometrics, or cryptographic primitives. Two prime solutions are Intel SGX, developed by Intel and included in most Intel processors. The other one is ARM TrustZone, used in the processors of many mobile devices like smartphones or Internet of Things (IoT) devices, examples include the chips for smartphones produced by Qualcomm. This new approach was developed because the system software was becoming increasingly unreliable in the past few years. Because of the large code size of common operating system (OS) like Windows and Android, no one could guarantee that there were no exploits or other attack vectors that could be abused by malicious parties. This can be seen by the number of security updates for these systems. Another problem is that the user of the system is not necessarily trustworthy either, and he might use it to steal information from other parties, for example, copyrighted content. For this reason, TEEs were developed, because of their small code-base they are less vulnerable to attacks, as the attack surface is reduced and more manageable. Additionally, it is able to keep secrets from the OS and the user, enabling more use cases that were previously only possible on the server side. For example, microtransactions where authentication requires sensitive input from the user to more complex ones like verifiable cloud computing where vital computations are executed by potentially untrustworthy third parties. This thesis aims to compare two prominent TEE, Intel SGX, and ARM TrustZone, in two aspects, how they perform against common security attacks and how they perform in common use cases. Common security attacks contain expensive physical attacks to more sophisticated cache timing attacks. The use cases discussed in depth include digital rights management, anonymous attestation, secure multiparty computation, and verifiable cloud computing among others.
  • Thumbnail Image
    ItemOpen Access
    Iterative modeling of heat plume interactions of geothermal heat pumps
    (2024) Zhang, Xiaoyu
    Open-loop groundwater heat pumps (GWHP) offer a climate-friendly solution for the energy intensive task of cooling and heating buildings. They extract groundwater from the aquifer to cool or heat buildings, before reinjecting the water back into the subsurface. As a result, heat plumes form around the injection point. In areas with a high density of GWHP systems, optimizing the placement of extraction and injection wells is crucial for ensuring high efficiency, which requires highly accurate estimations of heat plumes in the aquifer. Previous work primarily relies on a two-stage approach using convolutional neural networks (CNNs) to approximate groundwater temperatures. In contrast, this work explores an iterative single-stage estimation approach. To achieve this, the input parameters are expanded to provide the CNN with additional temperature information, allowing it to estimate the global domain iteratively. The results of this study demonstrate that a single-stage approach is feasible for estimating the global domain. However, it comes with a significant increase in computational cost and slightly reduced accuracy. Further research is necessary to fully explore the potential of this alternative method and optimize its performance.