Skip to main content
SpringerLink
Log in

A Practical Hardware-Assisted Approach to Customize Trusted Boot for Mobile Devices

  • Conference paper
Information Security (ISC 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8783))

Included in the following conference series:

Abstract

Current efforts to increase the security of the boot sequence for mobile devices fall into two main categories: (i) secure boot: where each stage in the boot sequence is evaluated, aborting the boot process if a non expected component attempts to be loaded; and (ii) trusted boot: where a log is maintained with the components that have been loaded in the boot process for later audit. The first approach is often criticized for locking down devices, thus reducing users’ freedom to choose software. The second lacks the mechanisms to enforce any form of run-time verification. In this paper, we present the architecture for a two-phase boot verification that addresses these shortcomings. In the first phase, at boot-time the integrity of the bootloader and OS images are verified and logged; in the second phase, at run-time applications can check the boot traces and verify that the running software satisfies their security requirements. This is a first step towards supporting usage control primitives for running applications. Our approach relies on off-the-shelf secure hardware that is available in a multitude of mobile devices: ARM TrustZone as a Trusted Execution Environment, and Secure Element as a tamper-resistant unit.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. The Privacy Engineer’s Manifesto, pp. 242–243. Apress (2014)

    Google Scholar 

  2. Andrus, J., Dall, C., Hof, A.V., Laadan, O., Nieh, J.: Cells: A virtual mobile smartphone architecture. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp. 173–187. ACM (2011)

    Google Scholar 

  3. Arbaugh, W., Farber, D., Smith, J.: A secure and reliable bootstrap architecture. In: Symposium on Security and Privacy, pp. 65–71 (May 1997)

    Google Scholar 

  4. ARM Security Technology. Building a secure system using trustzone technology. Technical report, ARM (2009)

    Google Scholar 

  5. Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, MobiSys 2011, pp. 239–252. ACM, New York (2011)

    Google Scholar 

  6. Doctorow, C.: Lockdown, the coming war on general-purpose computing

    Google Scholar 

  7. Gasser, M., Goldstein, A., Kaufman, C., Lampson, B.: The digital distributed system security architecture. In: Proceedings of the 12th National Computer Security Conference, pp. 305–319 (1989)

    Google Scholar 

  8. González, J., Bonnet, P.: Towards an open framework leveraging a trusted execution environment. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds.) CSS 2013. LNCS, vol. 8300, pp. 458–467. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  9. Goodacre, J.: Technology preview: The armv8 architecture. White paper. Technical report, ARM (2011)

    Google Scholar 

  10. Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: Cold-boot attacks on encryption keys. Commun. ACM 52(5), 91–98 (2009)

    Article  Google Scholar 

  11. Höbarth, S., Mayrhofer, R.: A framework for on-device privilege escalation exploit execution on android. In: Proceedings of IWSSI/SPMU (June 2011)

    Google Scholar 

  12. Hölzl, M., Mayrhofer, R., Roland, M.: Requirements for an open ecosystem for embedded tamper resistant hardware on mobile devices. In: Proc. MoMM 2013: International Conference on Advances in Mobile Computing Multimedia, pp. 249–252. ACM, New York (2013)

    Google Scholar 

  13. Khan, S., Nauman, M., Othman, A., Musa, S.: How secure is your smartphone: An analysis of smartphone security mechanisms. In: Intl. Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec 2012), pp. 76–81 (2012)

    Google Scholar 

  14. King, S.T., Chen, P.M.: Backtracking intrusions. ACM SIGOPS Operating Systems Review 37, 223–236 (2003)

    Article  Google Scholar 

  15. La Polla, M., Martinelli, F., Sgandurra, D.: A survey on security for mobile devices. IEEE Communications Surveys Tutorials 15(1), 446–471 (2013)

    Article  Google Scholar 

  16. Lee, H.-C., Kim, C.H., Yi, J.H.: Experimenting with system and libc call interception attacks on arm-based linux kernel. In: Proceedings of the 2011 ACM Symposium on Applied Computing, pp. 631–632. ACM (2011)

    Google Scholar 

  17. Liebergeld, S., Lange, M.: Android security, pitfalls and lessons learned. In: Information Sciences and Systems (2013)

    Google Scholar 

  18. Madlmayr, G., Langer, J., Kantner, C., Scharinger, J.: NFC Devices: Security and Privacy, pp. 642–647 (2008)

    Google Scholar 

  19. Mobile Phone Work Group. TCG mobile trusted module sepecification version 1 rev 7.02. Technical report (April 2010)

    Google Scholar 

  20. Poeplau, S., Fratantonio, Y., Bianchi, A., Kruegel, C., Vigna, G.: Execute this! analyzing unsafe and malicious dynamic code loading in android applications. In: Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), San Diego, CA (February 2014)

    Google Scholar 

  21. Rouse, J.: Mobile devices - the most hostile environment for security? Network Security 2012(3), 11–13 (2012)

    Article  MathSciNet  Google Scholar 

  22. Trusted Computing Group. TPM main specification version 1.2 rev. 116. Technical report (March 2011)

    Google Scholar 

  23. Unified EFI. UEFI specification version 2.2. Technical report(November 2010)

    Google Scholar 

  24. Wu, T.: The secure remote password protocol. In: Proc. of the 1998 Internet Society Network and Distributed System Security Symposium, pp. 97–111 (November 1998)

    Google Scholar 

  25. Wurster, G., Van Oorschot, P.C.: A control point for reducing root abuse of file-system privileges. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 224–236. ACM (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IT University of Copenhagen, Denmark

    Javier González & Philippe Bonnet

  2. University of Applied Sciences Upper Austria, Campus Hagenberg, Austria

    Michael Hölzl, Peter Riedl & René Mayrhofer

Authors
  1. Javier González
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Hölzl
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peter Riedl
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Philippe Bonnet
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. René Mayrhofer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information Engineering, Chinese University of Hong Kong, Room 808, Ho Sin Hang Engineering Building, Sha Tin, N.T., Hong Kong, China

    Sherman S. M. Chow

  2. IBM Research Zurich, Säumerstrasse 4, 8803, Rüschlikon, Switzerland

    Jan Camenisch

  3. Department of Computer Science, The University of Hong Kong, Chow Yei Ching Building, Pokfulam Road, Hong Kong, China

    Lucas C. K. Hui  & Siu Ming Yiu  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

González, J., Hölzl, M., Riedl, P., Bonnet, P., Mayrhofer, R. (2014). A Practical Hardware-Assisted Approach to Customize Trusted Boot for Mobile Devices. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds) Information Security. ISC 2014. Lecture Notes in Computer Science, vol 8783. Springer, Cham. https://doi.org/10.1007/978-3-319-13257-0_35

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-13257-0_35

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-13256-3

  • Online ISBN: 978-3-319-13257-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation