AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
Powered by AMiner. Clicking this button will take you away from SciOpen.
Home Tsinghua Science and Technology Article
PDF (1 MB)
Cite
EndNote(RIS) BibTeX
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

A Private User Data Protection Mechanism in TrustZone Architecture Based on Identity Authentication

Bo ZhaoYu Xiao( )Yuqing HuangXiaoyu Cui
School of Computer, Wuhan University, Wuhan 430072, China.
Show Author Information

Abstract

In TrustZone architecture, the Trusted Application (TA) in the secure world does not certify the identity of Client Applications (CA) in the normal world that request data access, which represents a user data leakage risk. This paper proposes a private user data protection mechanism in TrustZone to avoid such risks. We add corresponding modules to both the secure world and the normal world and authenticate the identity of CA to prevent illegal access to private user data. Then we analyze the system security, and perform validity and performance tests. The results show that this method can perform effective identity recognition and control of CA to protect the security of private user data. After adding authentication modules, the data operation time of system increases by about 0.16 s, an acceptable price to pay for the improved security.

Keywords

embedded systemTrustZoneTrusted Application (TA)identity authenticationprivate data protection

References

[1]
Alves T. and Felton D., TrustZone: Integrated hardware and software security, ARM White Paper, vol. 3, no. 4, pp. 18-24, 2004.
Google Scholar
[2]
GlobalPlatform Inc., TEE system architecture v1.1, https://www.globalplatform.org/specificationsdevice.asp, Jan. 2017.
[3]
GlobalPlatform Inc., The trusted execution environment: Delivering enhanced security at a lower cost to the mobile market, http://www.globalplatform.org/documents/GlobalPlatform_TEE_White_Paper_Feb2011.pdf, Feb. 2011.
[4]
Hughes J, IEEE standards for encrypted storage, Computer, vol. 37, no. 11, pp. 110-112, 2004.
Crossref Google Scholar
[5]
Wei L., Secure storage based on ARM TrustZone research and implement, master’s dissertation, School of Information and Software Engineering, University of Electronic Science and Technology, Sichuan, China, 2015.
[6]
Zhao S., Zhang Q., Hu G., Qin Y., and Feng D., Providing root of trust for ARM TrustZone using on-chip SRAM, in Proc. 4th Int. Workshop on Trustworthy Embedded Devices, New York, NY, USA, 2014, pp. 25-36.
Crossref
[7]
Hein D., Winter J., and Fitzek A., Secure block device–secure, flexible, and efficient data storage for ARM TrustZone systems, in Proc. 2015 IEEE Trustcom/BigDataSE/ISPA, New Yrok, NY, USA, 2015, pp. 222-229.
Crossref
[8]
GlobalPlatform Inc., TEE Internal Core API Specification v1.1.1, https://www.globalplatform.org/specificationsdevice.asp, June 2016.
[9]
Mauerer W., Professional Linux Kernel Architecture. John Wiley & Sons, 2010.
[10]
Liu Z. and Feng D., TPM-based dynamic integrity measurement architecture, (in Chinese), Journal of Electronics and Information Technology, vol. 32, no. 4, pp. 875-879, 2010.
Crossref Google Scholar
[11]
Luo Y., Wang Z., and Jia X., Research of shell software technology based on Linux, (in Chinese), International Electronic Elements, vol. 20, no. 10, pp. 13-15, 2012.
Google Scholar
[12]
Zhao B., Xia Z., An Y., and Xiang S., Research and implementation of process isolation under virtualization environment, (in Chinese), Journal of Huazhong University of Science and Technology: Natural Science Edition, no. 11, pp. 74-79, 2014.
Google Scholar
[13]
Yang Y., Research of software protection on Android platform, master’s dissertation, College of Information Engineering, Beijing University of Posts and Telecommunications, Beijing, China, 2014.
[14]
Datalight. What is eMMC, http://www.datalight.com/solutions/technologies/emmc/what-is-emmc, 2015.
[15]
Thom S., Cox J., Linsley D., Nystrom M., Raj H., Robinson D., Saroiu S., Spiger R., and Wolman A., TrustZone-based integrity measurements and verification using a software-based trusted platform module, US Patent US20160048678A1, Feb. 18, 2016.
[16]
Wang H., Zhang H., and Tang S., Key recovery on several matrix public-key encryption schemes, IET Information Security, vol. 10, no. 3, pp. 152-155, 2015.
Crossref Google Scholar
[17]
Wang H., Zhang H., Wang Z., and Tang M., Extended multivariate public key cryptosystems with secure encrytion function, Science China Information Science, vol. 54, no. 6, pp. 1161-1171, 2011.
Crossref Google Scholar
[18]
Wang H., Zhang H., Xu Z., and Zhang H., Multivariate public key encryption scheme based on error correcting codes, China Communications, vol. 8, no. 4, pp. 22-31, 2011.
Google Scholar
[19]
Wu W., Zhang H., Wang H., Mao S., Jia J., and Liu J., A public key cryptosystem based on data complexity under quantum environment, Science China Information Science, vol. 58, no. 11, pp. 44-54, 2015.
Crossref Google Scholar
[20]
STMicroelectronics and Linaro Security Working Group. OP-TEE, https://github.com/OP-TEE, 2017.
Tsinghua Science and Technology
Volume 22 Issue 2,
April 2017
Pages 218-225
DOI: 10.23919/TST.2017.7889643
Cite this article:
Zhao B, Xiao Y, Huang Y, et al. A Private User Data Protection Mechanism in TrustZone Architecture Based on Identity Authentication. Tsinghua Science and Technology, 2017, 22(2): 218-225. https://doi.org/10.23919/TST.2017.7889643

622

Views

35

Downloads

8

Crossref

N/A

Web of Science

11

Scopus

2

CSCD

Altmetrics
Received: 29 September 2016
Accepted: 21 December 2016
Published: 06 April 2017
© The author(s) 2017
Return