A Practical Hardware-Assisted Approach to Customize Trusted Boot for Mobile Devices

  • Javier González
  • Michael Hölzl
  • Peter Riedl
  • Philippe Bonnet
  • René Mayrhofer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8783)


Current efforts to increase the security of the boot sequence for mobile devices fall into two main categories: (i) secure boot: where each stage in the boot sequence is evaluated, aborting the boot process if a non expected component attempts to be loaded; and (ii) trusted boot: where a log is maintained with the components that have been loaded in the boot process for later audit. The first approach is often criticized for locking down devices, thus reducing users’ freedom to choose software. The second lacks the mechanisms to enforce any form of run-time verification. In this paper, we present the architecture for a two-phase boot verification that addresses these shortcomings. In the first phase, at boot-time the integrity of the bootloader and OS images are verified and logged; in the second phase, at run-time applications can check the boot traces and verify that the running software satisfies their security requirements. This is a first step towards supporting usage control primitives for running applications. Our approach relies on off-the-shelf secure hardware that is available in a multitude of mobile devices: ARM TrustZone as a Trusted Execution Environment, and Secure Element as a tamper-resistant unit.


Secure Boot Trusted Boot Secure Element TrustZone 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    The Privacy Engineer’s Manifesto, pp. 242–243. Apress (2014)Google Scholar
  2. 2.
    Andrus, J., Dall, C., Hof, A.V., Laadan, O., Nieh, J.: Cells: A virtual mobile smartphone architecture. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp. 173–187. ACM (2011)Google Scholar
  3. 3.
    Arbaugh, W., Farber, D., Smith, J.: A secure and reliable bootstrap architecture. In: Symposium on Security and Privacy, pp. 65–71 (May 1997)Google Scholar
  4. 4.
    ARM Security Technology. Building a secure system using trustzone technology. Technical report, ARM (2009)Google Scholar
  5. 5.
    Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, MobiSys 2011, pp. 239–252. ACM, New York (2011)Google Scholar
  6. 6.
    Doctorow, C.: Lockdown, the coming war on general-purpose computingGoogle Scholar
  7. 7.
    Gasser, M., Goldstein, A., Kaufman, C., Lampson, B.: The digital distributed system security architecture. In: Proceedings of the 12th National Computer Security Conference, pp. 305–319 (1989)Google Scholar
  8. 8.
    González, J., Bonnet, P.: Towards an open framework leveraging a trusted execution environment. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds.) CSS 2013. LNCS, vol. 8300, pp. 458–467. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  9. 9.
    Goodacre, J.: Technology preview: The armv8 architecture. White paper. Technical report, ARM (2011)Google Scholar
  10. 10.
    Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: Cold-boot attacks on encryption keys. Commun. ACM 52(5), 91–98 (2009)CrossRefGoogle Scholar
  11. 11.
    Höbarth, S., Mayrhofer, R.: A framework for on-device privilege escalation exploit execution on android. In: Proceedings of IWSSI/SPMU (June 2011)Google Scholar
  12. 12.
    Hölzl, M., Mayrhofer, R., Roland, M.: Requirements for an open ecosystem for embedded tamper resistant hardware on mobile devices. In: Proc. MoMM 2013: International Conference on Advances in Mobile Computing Multimedia, pp. 249–252. ACM, New York (2013)Google Scholar
  13. 13.
    Khan, S., Nauman, M., Othman, A., Musa, S.: How secure is your smartphone: An analysis of smartphone security mechanisms. In: Intl. Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec 2012), pp. 76–81 (2012)Google Scholar
  14. 14.
    King, S.T., Chen, P.M.: Backtracking intrusions. ACM SIGOPS Operating Systems Review 37, 223–236 (2003)CrossRefGoogle Scholar
  15. 15.
    La Polla, M., Martinelli, F., Sgandurra, D.: A survey on security for mobile devices. IEEE Communications Surveys Tutorials 15(1), 446–471 (2013)CrossRefGoogle Scholar
  16. 16.
    Lee, H.-C., Kim, C.H., Yi, J.H.: Experimenting with system and libc call interception attacks on arm-based linux kernel. In: Proceedings of the 2011 ACM Symposium on Applied Computing, pp. 631–632. ACM (2011)Google Scholar
  17. 17.
    Liebergeld, S., Lange, M.: Android security, pitfalls and lessons learned. In: Information Sciences and Systems (2013)Google Scholar
  18. 18.
    Madlmayr, G., Langer, J., Kantner, C., Scharinger, J.: NFC Devices: Security and Privacy, pp. 642–647 (2008)Google Scholar
  19. 19.
    Mobile Phone Work Group. TCG mobile trusted module sepecification version 1 rev 7.02. Technical report (April 2010)Google Scholar
  20. 20.
    Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., Vigna, G.: Execute this! analyzing unsafe and malicious dynamic code loading in android applications. In: Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), San Diego, CA (February 2014)Google Scholar
  21. 21.
    Rouse, J.: Mobile devices - the most hostile environment for security? Network Security 2012(3), 11–13 (2012)CrossRefMathSciNetGoogle Scholar
  22. 22.
    Trusted Computing Group. TPM main specification version 1.2 rev. 116. Technical report (March 2011)Google Scholar
  23. 23.
    Unified EFI. UEFI specification version 2.2. Technical report(November 2010)Google Scholar
  24. 24.
    Wu, T.: The secure remote password protocol. In: Proc. of the 1998 Internet Society Network and Distributed System Security Symposium, pp. 97–111 (November 1998)Google Scholar
  25. 25.
    Wurster, G., Van Oorschot, P.C.: A control point for reducing root abuse of file-system privileges. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 224–236. ACM (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Javier González
    • 1
  • Michael Hölzl
    • 2
  • Peter Riedl
    • 2
  • Philippe Bonnet
    • 1
  • René Mayrhofer
    • 2
  1. 1.IT University of CopenhagenDenmark
  2. 2.University of Applied Sciences Upper AustriaCampus HagenbergAustria

Personalised recommendations