A Solution to Make Trusted Execution Environment More Trustworthy

doi:10.23940/ijpe.18.09.p21.21272136

Abstract

Abstract: Trusted Execution Environment is an execution environment that resides in connected devices and ensures that sensitive data are stored, processed, and protected isolated from general-purpose OS such as Android. The TrustZone TEE solution can achieve a medium protection level with comparatively low cost, so it is widely used. However, related researches show that the TrustZone TEE solution has security defects; for example, hardware isolation provided by TrustZone is insufficient. In this paper, we propose a security enhancement scheme based on TEE. According to the existing problems in the TrustZone TEE scheme, a corresponding protection mechanism is established to fully enhance the reliability of connected devices. In our scheme, TEE is used alongside other security technology such as secure elements and microkernel and kernel real-time protection to provide multi-layered defense mechanisms. In our scheme, we introduce a security element as the root of trust (ROT) of connected devices. The secure element is used to store sensitive data such as the first-stage bootloader, various secret keys, and the certificate of the second-stage bootloader. The secure element is also used to execute sensitive operations such as encryption and decryption.

Key words: trusted execution environment, secure element, TrustZone, secure boot, Microkernel

Xiao Kun and Luo Lei. A Solution to Make Trusted Execution Environment More Trustworthy [J]. Int J Performability Eng, 2018, 14(9): 2127-2136.

Add to citation manager EndNote|Reference Manager|ProCite|BibTeX|RefWorks

References

[1] A. Chou, J. Yang, B. Chelf, S. Hallem,D. Engler, “An Empirical Study of Operating Systems Errors?”ACM SIGOPS Operating Systems Review, Vol. 35, pp. 73-88, 2001
[2] Y. Qin, H. Dai,Y. YAN, “Study on Defects Relate to Device Driver in Monolithic Kernel of Operating System,” Computer Science, Vol. 38, No.4, 2011
[3] M. Nauman, S. Khan,X. Zhang, “Apex: Extending Android Permission Model and Enforcement with User-Defined Runtime Constraints?” inProceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 328-332, 2010
[4] B. Morrow, “BYOD Security Challenges: Control and Protect Your Most Sensitive Data,” Network Security, Vol. 2012, No. 12, pp. 5-8, 2012
[5] M. Becher, F. C. Freiling, J. Hoffmann, T. Holz, S. Uellenbeck,C. Wolf, “Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices?”Security and Privacy (SP), IEEE Symposium, pp. 96-111, May 2011
[6] J. E. Ekberg, K. Kostiainen,N. Asokan, “Trusted Execution Environments on Mobile Devices?” inProceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pp. 1497-1498, November 2013
[7] B. McGillion, T. Dettenborn, T. Nyman,N. Asokan, “Open-TEE--An Open Virtual Trusted Execution Environment?” Trustcom/BigDataSE/ISPA, Vol. 1, pp. 400-407, August 2015
[8] J. Winter, “Trusted Computing Building Blocks for Embedded Linux-Based ARM Trustzone Platforms?” inProceedings of the 3rd ACM workshop on Scalable trusted computing, pp. 21-30, October 2008
[9] J. González and P. Bonnet, “Towards an Open Framework Leveraging a Trusted Execution Environment,”Cyberspace Safety and Security, pp. 458-467, 2013
[10] T. Müller and M. Spreitzenbarth, “Frost?” inProceedings of International Conference on Applied Cryptography and Network Security, pp. 373-388, Berlin, Germany, June 2013
[11] G. Arfaoui, S. Gharout,J. Traoré, “Trusted Execution Environments: A Look under the Hood?” inProceedings of IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud), pp. 259-266, April 2014
[12] M. Lipp, D. Gruss, R. Spreitzer, C. Maurice,S. Mangard, “ARMageddon: Cache Attacks on Mobile Devices?” USENIX Security Symposium, pp. 549-564, August 2016
[13] A. Atamli-Reineh, R. Borgaonkar, R. A. Balisane, G. Petracca,A. Martin, “Analysis of Trusted Execution Environment Usage in Samsung KNOX?” inProceedings of the 1st Workshop on System Software for Trusted Execution, pp. 7, December 2016
[14] J. Viega and H. Thompson, “The State of Embedded-Device Security (Spoiler Alert: It’s bad),” IEEE Security & Privacy, Vol. 10, No. 5, pp. 68-70, 2012
[15] X. Ren, R. D. Blanton,V. G. Tavares, “A Learning-based Approach to Secure JTAG Against Unseen Scan-based Attacks?” IEEE Computer Society Annual Symposium on VLSI (ISVLSI), pp. 541-546, July 2016
[16] H. Salmani, “Design Techniques for Hardware Trojans Prevention and Detection at the Layout Level,”Trusted Digital Circuits, pp. 93-107, 2018
[17] T. H. Le, J. Clédière, C. Servière,J. L. Lacoume, “Noise Reduction in Side Channel Attack using Fourth-Order Cumulant,” IEEE Transactions on Information Forensics and Security, Vol. 2, No. 4, pp. 710-720, 2007
[18] M. W. Shih, S. Lee, T. Kim,M. Peinado, “T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs?” in Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS), San Diego, USA, February 2017
[19] A. Ukil, J. Sen,S. Koilakonda, “Embedded Security for Internet of Things?,”in Proceedings of 2nd National Conference on Emerging Trends and Applications in Computer Science (NCETACS), pp. 1-6, March 2011
[20] M. Ezzeddine and H. Akkary, “Issues in Trustworthy Software Systems?” IEEE Trustcom/BigDataSE/ISPA, Vol. 1, pp. 1142-1147, August 2015
[21] T. Cooijmans, J. de Ruiter, and E. Poll, “Analysis of Secure Key Storage Solutions on Android?” inProceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, pp. 11-20, November 2014
[22] H. Lopes,R. Lopes, “Comparative Analysis of Mobile Security Threats And Solution,” Int. Journal of Engineering Research and Applications, Vol. 3, No. 5, pp. 499-502, 2013
[23] J. E. Ekberg, K. Kostiainen,N. Asokan, “The Untapped Potential of Trusted Execution Environments on Mobile Devices,” IEEE Security & Privacy, Vol. 12, No. 4, pp. 29-37, 2014
[24] D. Kim, Y. Jung, K. A. Toh, B. Son,J. Kim, “An Empirical Study on Iris Recognition in a Mobile Phone,”Expert Systems with Applications, Vol. 54, pp. 328-339, 2016
[25] J. N. Herder, H. Bos, B. Gras, P. Homburg,A. S. Tanenbaum, “Construction of a Highly Dependable Operating System?” inProceedings of European Dependable Computing Conference, pp. 3-12, October 2006
[26] G. Heiser, K. Elphinstone, I. Kuz, G. Klein,S. M. Petters, “Towards Trustworthy Computing Systems: Taking Microkernels to the Next Level,” ACM SIGOPS Operating Systems Review, Vol. 41, No. 4, pp. 3-11, 2007