Abstract
Owing to lack of authentication for client application (CA), traditional protection mechanism based on ARM TrustZone may lead to the sensitive data leakage within trusted execution environment (TEE). Furthermore, session resources will be occupied by malicious CA due to the design drawback for session mechanism between CA and trusted application (TA). Therefore, attackers can initiate a request to read the data stored in secure world or launch DoS attack by forging malicious CA. In order to address the authentication problems, this paper proposes a CA authentication scheme using ARM TrustZone. When CA establishes a session with trusted application, a CA authentication will be executed in TEE to prevent sensitive data from being accessed by malicious. At the same time, TA closes the session and releases occupied resources. The proposed authentication scheme is implemented on simulation platform built by QEMU and OP-TEE. The experimental results show that the proposed scheme can detect the content change of CA, avoid sensitive data leakage and prevent DoS attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Yang, X., Liu, Z., Lei, H., et al.: Research and implementation of fingerprint identification security technology based on ARM TrustZone. Comput. Sci. 43(7), 147–152 (2016)
Zhang, N., Sun, K., Lou, W., et al.: CaSE: cache-assisted secure execution on ARM processors. In: 2016 IEEE Symposium on Security and Privacy, pp. 72–90. IEEE, San Jose (2016)
Ge, X., Vijayakumar, H., Jaeger, T.: Sprobes: enforcing kernel code integrity on the TrustZone architecture. Comput. Sci. 25(6), 1793–1795 (2014)
Wool, A., Wool, A.: Secure containers in Android: the Samsung KNOX case study. In: The Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3–12. ACM, Vienna (2016)
Shen, D.: Exploiting Trustzone on Android. Black Hat USA Briefings. https://www.blackhat.com/docs/us-15/materials/us-15-Shen-Attacking-Your-Trusted-CoreExploiting-Trustzone-On-Android-wp.pdf
ARM Limited.: ARM Security Technology: Building a Secure System using TrustZone® Technology
OP-TEE. https://github.com/OP-TEE/optee_os. Accessed 1 Oct 2017
Linaro. https://www.linaro.org/blog/core-dump/op-tee-open-source-security-mass-market/
Fitzek, A., Achleitner, F., Winter, J., et al.: The ANDIX research OS — ARM TrustZone meets industrial control systems security. In: 13th International Conference on Industrial Informatics, pp. 88–93. IEEE, Cambridge (2015)
Sun, H., Sun, K., Wang, Y., et al.: TrustICE: hardware-assisted isolated computing environments on mobile devices. In: 15th IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 367–378. IEEE, Rio de Janeiro (2015)
Winter, J., Wiegele, P., Pirker, M., Tögl, R.: A flexible software development and emulation framework for ARM TrustZone. In: Chen, L., Yung, M., Zhu, L. (eds.) INTRUST 2011. LNCS, vol. 7222, pp. 1–15. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32298-3_1
Rijswijk-Deij, R.V., Poll, E.: Using trusted execution environments in two-factor authentication: comparing approaches. Open Identity Summit, pp. 387–393 (2013)
Coombs, R: Securing the future of authentication with ARM TrustZone-based trusted execution environment and fast identity online (FIDO). ARM White paper (2015)
Jang, J., Kong, S., Kim, M., et al.: SeCReT: secure channel between rich execution environment and trusted execution environment. In: Network and Distributed System Security Symposium (2015)
Zhao, X., Yu, Q., et al.: A private user data protection mechanism in TrustZone architecture based on identity authentication. Tsinghua Sci. Technol. 22(2), 218–225 (2017)
Zhao, B., Ma, J., Xiao, Y., et al.: TSSP: a session scheduling method in TrustZone architecture. Adv. Eng. Sci. 49(1), 151–158 (2017)
Acknowledgment
Thanks to project supported by the National Natural Science Foundation of China (No. 61572516).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Jiang, H., Chang, R., Ren, L., Dong, W., Jiang, L., Yang, S. (2017). An Effective Authentication for Client Application Using ARM TrustZone. In: Liu, J., Samarati, P. (eds) Information Security Practice and Experience. ISPEC 2017. Lecture Notes in Computer Science(), vol 10701. Springer, Cham. https://doi.org/10.1007/978-3-319-72359-4_50
Download citation
DOI: https://doi.org/10.1007/978-3-319-72359-4_50
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72358-7
Online ISBN: 978-3-319-72359-4
eBook Packages: Computer ScienceComputer Science (R0)