A Practical Hardware-Assisted Approach to Customize Trusted Boot for Mobile Devices
نویسندگان
چکیده
Current efforts to increase the security of the boot sequence for mobile devices fall into two main categories: (i) secure boot: where each stage in the boot sequence is evaluated, aborting the boot process if a non expected component attempts to be loaded; and (ii) trusted boot: where a log is maintained with the components that have been loaded in the boot process for later audit. The first approach is often criticized for locking down devices, thus reducing users’ freedom to choose software. The second lacks the mechanisms to enforce any form of run-time verification. In this paper, we present the architecture for a two-phase boot verification that addresses these shortcomings. In the first phase, at boot-time the integrity of the bootloader and OS images are verified and logged; in the second phase, at run-time applications can check the boot traces and verify that the running software satisfies their security requirements. This is a first step towards supporting usage control primitives for running applications. Our approach relies on off-the-shelf secure hardware that is available in a multitude of mobile devices: ARM TrustZone as a Trusted Execution Environment, and Secure Element as a tamper-resistant unit.
منابع مشابه
Trusted Mobile Devices: Requirements for a Mobile Trusted Platform Module
544 INTRODUCTION In recent years, mobile devices have replaced desktop PCs as the primary computing platform for many users. This trend is encouraged by convenient access to bank accounts, personal networks, and a wide range of networked resources through our tablets and mobile phones (see Fig. 1). Many organizations would like to use mobile devices in the work environment as a cost-savings and...
متن کاملAnalyzing Trusted Elements in Mobile Devices
Since last two decades, we have witnessed a significant trend from PC to mobile devices. The primary focus of this shift on mobile devices is making a device personal to the user, but, unfortunately, neglecting the trustworthiness of mobile devices. Mobile devices consist of many elements in hardware, software (firmware) and a combination of both. Some of these elements on mobile devices are tr...
متن کاملHardware-Assisted On-Demand Hypervisor Activation for Efficient Security Critical Code Execution on Mobile Devices
As more and more mobile applications need to run security critical codes (SCCs) for secure transactions and critical information handling, the demand for a Trusted Execution Environment (TEE) to ensure safe execution of SCCs is rapidly escalating. Although a number of studies have implemented TEEs using TrustZone or hypervisors and have evinced the effectiveness in terms of security, they face ...
متن کاملMobile Trusted Computing Based on MTM
Trusted computing (TC) denotes a set of security-related hardware and software mechanisms that make a computing device work in a consistent manner, even in the presence of external attacks. For personal computers, TC typically is interpreted to be a software architecture designed around the trusted platform module (TPM), a hardware chip residing on the motherboard and implemented according to t...
متن کاملSecure Application Execution in Mobile Devices
Smart phones have rapidly become hand-held mobile devices capable of sustaining multiple applications. Some of these applications allow access to services including healthcare, financial and online social networks and are becoming common in the smart phone environment. From a security and privacy point of view, this seismic shift is creating new challenges, as the smart phone environment is bec...
متن کامل