Bo Zhao;Yu Xiao;Yuqing Huang;Xiaoyu Cui;

• 1:School of Computer
• 2: Wuhan University

摘要(Abstract)：

In Trust Zone architecture, the Trusted Application(TA) in the secure world does not certify the identity of Client Applications(CA) in the normal world that request data access, which represents a user data leakage risk. This paper proposes a private user data protection mechanism in Trust Zone to avoid such risks. We add corresponding modules to both the secure world and the normal world and authenticate the identity of CA to prevent illegal access to private user data. Then we analyze the system security, and perform validity and performance tests.The results show that this method can perform effective identity recognition and control of CA to protect the security of private user data. After adding authentication modules, the data operation time of system increases by about0.16 s, an acceptable price to pay for the improved security.

关键词(KeyWords)：

Abstract:

Keywords:

基金项目(Foundation): supported by the National HighTech Research and Development (863) Program (No. 2015AA016002);; the National Key Basic Research Program of China (No. 2014CB340600);; the National Natural Science Foundation of China (Nos. 61303024 and 61272452);; the Natural Science Foundation of Jiangsu Province (Nos. BK20130372)

作者(Authors): Bo Zhao;Yu Xiao;Yuqing Huang;Xiaoyu Cui;

参考文献(References)：

• [1]T.Alves and D.Felton,Trust Zone:Integrated hardware and software security,ARM White Paper,vol.3,no.4,pp.18-24,2004.
• [2]Global Platform Inc.,TEE system architecture v1.1,https://www.globalplatform.org/specificationsdevice.asp,Jan.2017.
• [3]Global Platform Inc.,The trusted execution environment:Delivering enhanced security at a lower cost to the mobile market,http://www.globalplatform.org/documents/Global Platform TEE White Paper Feb2011.pdf,Feb.2011.
• [4]J Hughes,IEEE standards for encrypted storage,Computer,vol.37,no.11,pp.110-112,2004.
• [5]L.Wei,Secure storage based on ARM Trust Zone research and implement,master’s dissertation,School of Information and Software Engineering,University of Electronic Science and Technology,Sichuan,China,2015.
• [6]S.Zhao,Q.Zhang,G.Hu,Y.Qin,and D.Feng,Providing root of trust for ARM Trust Zone using on-chip SRAM,in Proc.4th Int.Workshop on Trustworthy Embedded Devices,New York,NY,USA,2014,pp.25-36.
• [7]D.Hein,J.Winter,and A.Fitzek,Secure block device-secure,flexible,and efficient data storage for ARM Trust Zone systems,in Proc.2015 IEEETrustcom/Big Data SE/ISPA,New Yrok,NY,USA,2015,pp.222-229.
• [8]Global Platform Inc.,TEE Internal Core APISpecification v1.1.1,https://www.globalplatform.org/specificationsdevice.asp,June 2016.
• [9]W.Mauerer,Professional Linux Kernel Architecture.John Wiley&Sons,2010.
• [10]Z.Liu and D.Feng,TPM-based dynamic integrity measurement architecture,(in Chinese),Journal of Electronics and Information Technology,vol.32,no.4,pp.875-879,2010.
• [11]Y.Luo,Z.Wang,and X.Jia,Research of shell software technology based on Linux,(in Chinese),International Electronic Elements,vol.20,no.10,pp.13-15,2012.
• [12]B.Zhao,Z.Xia,Y.An,and S.Xiang,Research and implementation of process isolation under virtualization environment,(in Chinese),Journal of Huazhong University of Science and Technology:Natural Science Edition,no.11,pp.74-79,2014.
• [13]Y.Yang,Research of software protection on Android platform,master’s dissertation,College of Information Engineering,Beijing University of Posts and Telecommunications,Beijing,China,2014.
• [14]Datalight.What is e MMC,http://www.datalight.com/solutions/technologies/emmc/what-is-emmc,2015.
• [15]S.Thom,J.Cox,D.Linsley,M.Nystrom,H.Raj,D.Robinson,S.Saroiu,R.Spiger,and A.Wolman,Trust Zone-based integrity measurements and verification using a software-based trusted platform module,US Patent US20160048678A1,Feb.18,2016.
• [16]H.Wang,H.Zhang,and S.Tang,Key recovery on several matrix public-key encryption schemes,IET Information Security,vol.10,no.3,pp.152-155,2015.
• [17]H.Wang,H.Zhang,Z.Wang,and M.Tang,Extended multivariate public key cryptosystems with secure encrytion function,Science China Information Science,vol.54,no.6,pp.1161-1171,2011.
• [18]H.Wang,H.Zhang,Z.Xu,and H.Zhang,Multivariate public key encryption scheme based on error correcting codes,China Communications,vol.8,no.4,pp.22-31,2011.
• [19]W.Wu,H.Zhang,H.Wang,S.Mao,J.Jia,and J.Liu,Apublic key cryptosystem based on data complexity under quantum environment,Science China Information Science,vol.58,no.11,pp.44-54,2015.
• [20]STMicroelectronics and Linaro Security Working Group.OP-TEE,https://github.com/OP-TEE,2017.