Advertisement

An Effective Authentication for Client Application Using ARM TrustZone

  • Hang Jiang
  • Rui Chang
  • Lu Ren
  • Weiyu Dong
  • Liehui Jiang
  • Shuiqiao Yang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10701)

Abstract

Owing to lack of authentication for client application (CA), traditional protection mechanism based on ARM TrustZone may lead to the sensitive data leakage within trusted execution environment (TEE). Furthermore, session resources will be occupied by malicious CA due to the design drawback for session mechanism between CA and trusted application (TA). Therefore, attackers can initiate a request to read the data stored in secure world or launch DoS attack by forging malicious CA. In order to address the authentication problems, this paper proposes a CA authentication scheme using ARM TrustZone. When CA establishes a session with trusted application, a CA authentication will be executed in TEE to prevent sensitive data from being accessed by malicious. At the same time, TA closes the session and releases occupied resources. The proposed authentication scheme is implemented on simulation platform built by QEMU and OP-TEE. The experimental results show that the proposed scheme can detect the content change of CA, avoid sensitive data leakage and prevent DoS attack.

Keywords

ARM TrustZone Trusted execution environment Identity authentication 

Notes

Acknowledgment

Thanks to project supported by the National Natural Science Foundation of China (No. 61572516).

References

  1. 1.
    Yang, X., Liu, Z., Lei, H., et al.: Research and implementation of fingerprint identification security technology based on ARM TrustZone. Comput. Sci. 43(7), 147–152 (2016)Google Scholar
  2. 2.
    Zhang, N., Sun, K., Lou, W., et al.: CaSE: cache-assisted secure execution on ARM processors. In: 2016 IEEE Symposium on Security and Privacy, pp. 72–90. IEEE, San Jose (2016)Google Scholar
  3. 3.
    Ge, X., Vijayakumar, H., Jaeger, T.: Sprobes: enforcing kernel code integrity on the TrustZone architecture. Comput. Sci. 25(6), 1793–1795 (2014)Google Scholar
  4. 4.
    Wool, A., Wool, A.: Secure containers in Android: the Samsung KNOX case study. In: The Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3–12. ACM, Vienna (2016)Google Scholar
  5. 5.
  6. 6.
    ARM Limited.: ARM Security Technology: Building a Secure System using TrustZone® TechnologyGoogle Scholar
  7. 7.
    OP-TEE. https://github.com/OP-TEE/optee_os. Accessed 1 Oct 2017
  8. 8.
  9. 9.
    Fitzek, A., Achleitner, F., Winter, J., et al.: The ANDIX research OS — ARM TrustZone meets industrial control systems security. In: 13th International Conference on Industrial Informatics, pp. 88–93. IEEE, Cambridge (2015)Google Scholar
  10. 10.
    Sun, H., Sun, K., Wang, Y., et al.: TrustICE: hardware-assisted isolated computing environments on mobile devices. In: 15th IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 367–378. IEEE, Rio de Janeiro (2015)Google Scholar
  11. 11.
    Winter, J., Wiegele, P., Pirker, M., Tögl, R.: A flexible software development and emulation framework for ARM TrustZone. In: Chen, L., Yung, M., Zhu, L. (eds.) INTRUST 2011. LNCS, vol. 7222, pp. 1–15. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32298-3_1 CrossRefGoogle Scholar
  12. 12.
    Rijswijk-Deij, R.V., Poll, E.: Using trusted execution environments in two-factor authentication: comparing approaches. Open Identity Summit, pp. 387–393 (2013)Google Scholar
  13. 13.
    Coombs, R: Securing the future of authentication with ARM TrustZone-based trusted execution environment and fast identity online (FIDO). ARM White paper (2015)Google Scholar
  14. 14.
    Jang, J., Kong, S., Kim, M., et al.: SeCReT: secure channel between rich execution environment and trusted execution environment. In: Network and Distributed System Security Symposium (2015)Google Scholar
  15. 15.
    Zhao, X., Yu, Q., et al.: A private user data protection mechanism in TrustZone architecture based on identity authentication. Tsinghua Sci. Technol. 22(2), 218–225 (2017)CrossRefGoogle Scholar
  16. 16.
    Zhao, B., Ma, J., Xiao, Y., et al.: TSSP: a session scheduling method in TrustZone architecture. Adv. Eng. Sci. 49(1), 151–158 (2017)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Hang Jiang
    • 1
  • Rui Chang
    • 1
  • Lu Ren
    • 1
  • Weiyu Dong
    • 1
  • Liehui Jiang
    • 1
  • Shuiqiao Yang
    • 2
  1. 1.State Key Laboratory of Mathematic Engineering and Advanced ComputingZhengzhouChina
  2. 2.School of Information TechnologyDeakin UniversityGeelongAustralia

Personalised recommendations