Browse > Article
http://dx.doi.org/10.13089/JKIISC.2021.31.2.167

Secure Mobile TPM Adoption for the Trusted Execution Environment  

Han, Seung-Kyun (Chungnam National University)
Jang, JinSoo (Chungnam National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.31, no.2, 2021 , pp. 167-174 More about this Journal
Abstract
The trusted execution environment (TEE) such as ARM TrustZone is widely adopted to protect security-critical logic and data. Specifically, the crypto operation is generally hosted in the TEE and leveraged to build various trusted services (e.g., DRM). Although the crypto operation plays a critical role in the TEE, low-end devices depend on a software-based crypto service, which provides a limited randomness-entropy than that of the hardware-based crypto service. To alleviate this problem, we propose a way to efficiently combine the mobile trusted platform module (TPM) with the TEE. We utilize hardware-assisted virtualization to reuse and protect the TPM kernel driver instead of directly porting it to the TEE. By doing so, we minimize the potential threat that may be introduced by bloating the TEE.
Keywords
Trusted Execution Environment; Trusted Platform Module; Virtualization; Mobile Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Cho, Yeongpil, et al., "Dynamic Virtual Address Range Adjustment for Intra-Level Privilege Separation on ARM," Network and Distributed Systems Security (NDSS), pp. 1-1, Feb. 2017.
2 McCune, Jonathan M., et al., "Flicker: An execution infrastructure for TCB minimization," Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems, pp. 315-328, April 2008.
3 Raj, Himanshu, et al., "fTPM: A Software-Only Implementation of a {TPM} Chip," USENIX Security Symposium, pp. 841-856, Aug. 2016.
4 ARM, "Arm Architecture Reference Manual," Armv8, June 2020.
5 McVoy, Larry W., and Carl Staelin, "lmbench: Portable Tools for Performance Analysis," USENIX annual technical conference, pp. 23-39, Jan. 1996.
6 Sun, He, et al., "Trustice: Hardware-assisted isolated computing environments on mobile devices," 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 367-378, June 2015.
7 Jang, Jinsoo, et al., "Privatezone: Providing a private execution environment using arm trustzone," IEEE Transactions on Dependable and Secure Computing, pp. 797-810, Oct. 2016.   DOI
8 Halderman, J. Alex, et al., "Lest we remember: cold-boot attacks on encryption keys," Usenix Security Symposium, pp. 45-60, Aug. 2008
9 ARM, "Arm® TrustZone® CryptoCell-712 Revision 1.19," ARM limited, June 2018.
10 Linaro, "OP-TEE Documentation," TrustedFirmware.org, April 2021.
11 Brasser, Ferdinand, et al., "SANCTUARY: ARMing TrustZone with User-space Enclaves," Network and Distributed Systems Security (NDSS), pp. 1-1, Feb. 2019.
12 Azab, Ahmed M., et al., "SKEE: A lightweight Secure Kernel-level Execution Environment for ARM," Network and Distributed Systems Security (NDSS), pp. 1-1, Feb. 2016.
13 McCune, Jonathan M., et al., "TrustVisor: Efficient TCB reduction and attestation," 2010 IEEE Symposium on Security and Privacy, pp. 1-1, May 2010.
14 Kocher, Paul, et al., "Spectre attacks: Exploiting speculative execution," IEEE Symposium on Security and Privacy (SP), pp. 1-19, May 2019.
15 Lipp, Moritz, et al., "Meltdown: Reading kernel memory from user space," USENIX Security Symposium, pp. 973-990, Aug. 2018.
16 Ahmed M. Azab, et al., "Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World," Proceedings of the 2014 {ACM} {SIGSAC} Conference on Computer and Communications Security, pp. 90-102, Nov. 2014
17 Cho, Yeongpil, et al., "Hardware-assisted on-demand hypervisor activation for efficient security critical code execution on mobile devices," USENIX Annual Technical Conference, pp. 565-578, June 2016.