Abstract
On mobile devices, security-sensitive tasks (e.g., mobile payment, one-time password) involve not only sensitive data such as cryptographic keying material, but also sensitive I/O operations such as inputting PIN code via touchscreen and showing the authentication verification code on the display. Therefore, a comprehensive protection of these services should enforce a Trusted User Interface (TUI) to protect the sensitive user inputs and system outputs, in addition to preventing both software attacks and physical memory disclosure attacks. In this paper, we present an On-Chip RAM (OCRAM) assisted sensitive data protection mechanism named Oath on ARM-based platform to protect the sensitive data, particularly, sensitive I/O data, against both software attacks and physical memory disclosure attacks. The basic idea is to store and process the sensitive data in the OCRAM that is only accessible to the TrustZone secure world. After figuring out how to enable TrustZone protection for iRAM, we develop a trusted user interface with an OCRAM allocation mechanism to efficiently share the OCRAM between the secure OS and the rich OS. A prototype implemented on the OP-TEE system shows that Oath works well and has a small system overhead.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Quad-core Cortex-A15 SoC features 6MB on-chip RAM (2014). http://linuxgizmos.com/quad-core-cortex-a15-soc-features-6mb-on-chip-ram/
Android KeyStore System (2017). https://developer.android.com/training/articles/keystore.html
GlobalPlatform made simple guide: Trusted Execution Environment (TEE) Guide (2017). https://www.globalplatform.org/mediaguidetee.asp
i.MX 6Dual/6Quad Applications Processors Reference Manual (2017). http://www.nxp.com/products/microcontrollers-and-processors/arm-based-processors-and-mcus/i.mx-applications-processors/i.mx-6-processors
Lookup Table (2017). https://en.wikipedia.org/wiki/Lookup_table#Lookup_tables_in_image_processing
optee-os (2017). https://github.com/OP-TEE
Platforms Supported by OP-TEE (2017). https://github.com/OP-TEE/optee_os#3-platforms-supported
Press Guidance Samsung Pay (2017). http://security.samsungmobile.com/doc/Press_Guidance_Samsung_Pay.pdf
ARM1176JZF Development Chip On-Chip Memory (2018). http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0375a/Cegegajh.html
Arria 10 SoC Hard Processor System (2018). https://www.altera.com/products/soc/portfolio/arria-10-soc/arria10-soc-hps.html
OP-TEE sanity testsuite (2018). https://github.com/OP-TEE/optee_test
Alves, T., Felton, D.: TrustZone: Integrated hardware and software security. ARM White Paper 3(4) (2004)
ARM.: TrustZone Secure White Paper (2005). http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf
Azab, A.M., et al.: Hypervision across worlds: real-time Kernel protection from the arm TrustZone secure world, pp. 90–102 (2014)
Azab, A.M., Ning, P., Zhang, X.: SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms. In: ACM Conference on Computer and Communications Security, pp. 375–388 (2011)
Baumann, A., Peinado, M., Hunt, G.C.: Shielding applications from an untrusted cloud with haven. ACM Trans. Comput. Syst. 33(3), 8:1–8:26 (2015). https://doi.org/10.1145/2799647
Bays, C.: A comparison of next-fit, first-fit, and best-fit. Commun. ACM 20(3), 191–192 (1977)
Chen, X., et al.: Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems, pp. 2–13 (2008)
Colp, P., et al.: Protecting data on smartphones and tablets from memory attacks. In: Architectural Support for Programming Languages and Operating Systems, vol. 50, no. 4, pp. 177–189 (2015)
Coombs, R.: FIDO&TEE: Simpler, Stronger, Authentication (2017). http://www.armtechforum.com.cn/2014/sz/A-8_FIDOandTEE-SimplerStrongerAuthenticat-ion.pdf
CVEdetails.com.: VMware: Vulnerability statistics (2018). http://www.cvedetails.com/vendor/252/Vmware.html
CVEdetails.com.: XEN: Vulnerability statistics (2018). http://www.cvedetails.com/vendor/6276/XEN.html
Samsung Electronics: Samsung KNOX (2018). http://www.samsung.com/global/business/mobile/solution/security/samsung-knox
Evatronix: Evatronix Launches Display Processor based on Latest ARM Security Technology (2012). http://www.electronicsweekly.com/noticeboard/general/evatronix-launches-display-processor-based-on-latest-arm-security-techno-logy-2012-05/
Freescale: Hardware Reference Manual for i.MX53 Quick Start (2011). https://www.nxp.com/docs/en/reference-manual/IMX53QSBRM.pdf
Freescale: i.MX 6Solo/6DualLite Applications Processor Reference Manual (2015). http://cache.freescale.com/files/32bit/doc/ref_manual/IMX6SDLRM.pdf
Garmany, B., Müller, T.: PRIME: private RSA infrastructure for memory-less encryption. In: Annual Computer Security Applications Conference, ACSAC 2013, New Orleans, LA, USA, 9–13 December 2013, pp. 149–158 (2013). https://doi.org/10.1145/2523649.2523656
Gogniat, G., Wolf, T., Burleson, W., Diguet, J., Bossuet, L., Vaslin, R.: Reconfigurable hardware for high-security/ high-performance embedded systems: the SAFES perspective. IEEE Trans. Very Large Scale Integr. Syst. 16(2), 144–155 (2008)
Götzfried, J., Müller, T.: ARMORED: CPU-bound encryption for android-driven ARM devices. In: 2013 International Conference on Availability, Reliability and Security, ARES 2013, Regensburg, Germany, 2–6 September 2013, pp. 161–168 (2013). https://doi.org/10.1109/ARES.2013.23
Guan, L., Lin, J., Luo, B., Jing, J.: Copker: computing with private keys without RAM. In: Network and Distributed System Security Symposium (2014)
Guan, L., Liu, P., Xing, X., Ge, X., Zhang, S., Yu, M., Jaeger, T.: TrustShadow: secure execution of unmodified applications with ARM TrustZone. In: Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services, MobiSys 2017, Niagara Falls, NY, USA, 19–22 June 2017, pp. 488–501 (2017). https://doi.org/10.1145/3081333.3081349
Halderman, J.A., et al.: Lest we remember: cold-boot attacks on encryption keys. Commun. ACM 52(5), 91–98 (2009)
Hofmann, O.S., Kim, S., Dunn, A.M., Lee, M.Z., Witchel, E.: InkTag: secure applications on an untrusted operating system. In: ASPLOS, pp. 265–278 (2013)
Jang, J.S., Kong, S., Kim, M., Kim, D., Kang, B.B.: SeCReT: secure channel between rich execution environment and trusted execution environment. In: 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California, USA, 8–11 February 2015 (2015). https://www.ndss-symposium.org/ndss2015/secret-secure-channel-between-rich-execution-environment-and-trusted-execution-environment
Bech, J.: Testing a Trusted Execution Environment (2016). https://www.linaro.org/blog/testing-a-trusted-execution-environment/
Li, W., Li, H., Chen, H., Xia, Y.: AdAttester: secure online mobile advertisement attestation using TrustZone. In: Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services, MobiSys 2015, Florence, Italy, 19–22 May 2015, pp. 75–88 (2015). https://doi.org/10.1145/2742647.2742676
Li, W., et al.: Building trusted path on untrusted device drivers for mobile devices. In: Proceedings of 5th Asia-Pacific Workshop on Systems, p. 8. ACM (2014)
Marforio, C., Karapanos, N., Soriente, C., Kostiainen, K., Capkun, S.: Smartphones as practical and secure location verification tokens for payments. In: 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, 23–26 February 2014 (2014). https://www.ndss-symposium.org/ndss2014/smartphones-practical-and-secure-location-verification-tokens-payments
Markuze, A., Morrison, A., Tsafrir, D.: True IOMMU protection from DMA attacks: when copy is faster than zero copy. In: Architectural Support for Programming Languages and Operating Systems, vol. 50, no. 2, pp. 249–262 (2016)
McCune, J.M., et al.: TrustVisor: efficient TCB reduction and attestation. In: IEEE Symposium on Security and Privacy, pp. 143–158 (2010)
McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for TCB minimization. In: EuroSys, pp. 315–328 (2008)
McKeen, F., et al.: Innovative instructions and software model for isolated execution. In: HASP 2013, The Second Workshop on Hardware and Architectural Support for Security and Privacy, Tel-Aviv, Israel, 23–24 June 2013, p. 10 (2013). https://doi.org/10.1145/2487726.2488368
Muller, T., Spreitzenbarth, M.: FROST: forensic recovery of scrambled telephones. In: Applied Cryptography and Network Security, pp. 373–388 (2013)
Muller, T., Freiling, F.C., Dewald, A.: TRESOR runs encryption securely outside RAM. In: Usenix Security Symposium (2011)
Pawel Duc: Secure Mobile Payments - Protecting display data in TrustZone-enabled SoCs with the Evatronix PANTA Family of Display Processors (2013). http://www.design-reuse.com/articles/30675
Samsung: Samsung Exynos 4412 (2017). http://linux-exynos.org/wiki/Samsung_Exynos_4412
Santos, N., Raj, H., Saroiu, S., Wolman, A.: Using ARM TrustZone to build a trusted language runtime for mobile applications. In: Architectural Support for Programming Languages and Operating Systems, ASPLOS 2014, Salt Lake City, UT, USA, 1–5 March 2014, pp. 67–80 (2014). https://doi.org/10.1145/2541940.2541949
Simmons, P.: Security through amnesia: a software-based solution to the cold boot attack on disk encryption. In: Annual Computer Security Applications Conference, pp. 73–82 (2011)
Simmons, P.: Security through amnesia: a software-based solution to the cold boot attack on disk encryption. In: Twenty-Seventh Annual Computer Security Applications Conference, ACSAC 2011, Orlando, FL, USA, 5–9 December 2011, pp. 73–82 (2011). https://doi.org/10.1145/2076732.2076743
Sun, H., Sun, K., Wang, Y., Jing, J.: TrustOTP: transforming smartphones into secure one-time password tokens. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12–16 October 2015, pp. 976–988 (2015). https://doi.org/10.1145/2810103.2813692
Sun, H., Sun, K., Wang, Y., Jing, J., Wang, H.: TrustICE: hardware-assisted isolated computing environments on mobile devices, pp. 367–378 (2015)
TEXAS INSTRUMENTS: AM5K2E0x Multicore ARM KeyStone II System-on-Chip (SoC) DataSheet (2015). http://www.ti.com/lit/ds/symlink/am5k2e04.pdf
Vasudevan, Amit, Parno, Bryan, Qu, Ning, Gligor, Virgil D., Perrig, Adrian: Lockdown: towards a safe and practical architecture for security applications on commodity platforms. In: Katzenbeisser, Stefan, Weippl, Edgar, Camp, L.Jean, Volkamer, Melanie, Reiter, Mike, Zhang, Xinwen (eds.) Trust 2012. LNCS, vol. 7344, pp. 34–54. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30921-2_3
Wang, Z., Jiang, X.: HyperSafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: IEEE Symposium on Security and Privacy, pp. 380–395 (2010)
Yang, J., Shin, K.G.: Using hypervisor to provide data secrecy for user applications on a per-page basis, pp. 71–80 (2008)
Zhang, N., Sun, K., Lou, W., Hou, Y.T.: Case: cache-assisted secure execution on arm processors. In: IEEE Symposium on Security and Privacy, pp. 72–90 (2016)
Zhou, Y., Wang, X., Chen, Y., Wang, Z.: ARMlock: hardware-based fault isolation for ARM. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, 3–7 November 2014, pp. 558–569 (2014). https://doi.org/10.1145/2660267.2660344
Acknowledgment
This work is supported by the National Key Research and Development Program of China under Grant No. 2016YFB0800102 and No. 2017YFB0802401, the National Natural Science Foundation of China under Grant No. 61802398, the National Cryptography Development Fund under Award No. MMJJ20180222 and MMJJ20170215, the U.S. ONR grants N00014-16-1-3214 and N00014-16-1-3216, and the NSF grants CNS-1815650.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Chu, D., Wang, Y., Lei, L., Li, Y., Jing, J., Sun, K. (2019). OCRAM-Assisted Sensitive Data Protection on ARM-Based Platform. In: Sako, K., Schneider, S., Ryan, P. (eds) Computer Security – ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science(), vol 11736. Springer, Cham. https://doi.org/10.1007/978-3-030-29962-0_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-29962-0_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-29961-3
Online ISBN: 978-3-030-29962-0
eBook Packages: Computer ScienceComputer Science (R0)