Abstract
Today’s mobile phone platforms are powerful enough to be used as personal assistants that render and edit even complex document formats. However, short development cycles in combination with high complexity and extendability make these devices not secure enough for security-critical tasks. Therefore, end-users either have to use another secure device, or to accept the risk of losing sensitive information in the case of a loss of the device or a successful attack against it.
We propose a security architecture to operate on security-critical documents using a commercial off-the-shelf (COTS) mobile phone hardware platform offering two working environments. The first one is under full control of the user while the second is isolated and restricted by additional security and mobile trusted computing services.
The realizability of such an architecture has been proven based on a ’TrustedSMS’ prototype developed on top of an OMAP-35xx development board, a hardware platform similar to many actual mobile phone platforms. The prototype includes nearly all components required to securely isolate the two compartments and implements use cases such as SMS writing, signing, receiving, verification, and key management.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alkassar, A., Gnaida, U., Quirin, T.: MoTrust-TCG: Manipulationsschutz für mobile Signaturanwendungen mittels Trusted Computing. In: Sicherheit 2008, pp. 575–580 (2008)
Alkassar, A., Husseiki, R.: Data Leakage Prevention in Trusted Virtual Domains. In: Pohlmann, N., Reimer, H., Schneider, W. (eds.) Information Security Solutions Europe (ISSE 2009). Vieweg + Teubner Verlag (2009)
Alkassar, A., Scheibel, M., Sadeghi, A.-R., Stüble, C., Winandy, M.: Security architecture for device encryption and VPN. In: Information Security Solution Europe (ISSE 2006). Vieweg Verlag (2006)
Alves, T., Felton, D.: TrustZone: Integrated hardware and software security. Technical report, ARM (July 2004)
Armknecht, F., Gasmi, Y., Sadeghi, A.-R., Ramunno, G., Vernizzi, D., Stewin, P., Unger, M.: An Efficient Implementation of Trusted Channels based on OpenSSL. In: Proceedings of ACM STC 2008 (2008)
Azema, J., Fayad, G.: M-Shield: Mobile Security Technology: making wireless secure. Technical report, Texas Instruments (June 2008)
Basili, V., Perricone, B.: Software Errors and Complexity: An Empirical Investigation. Communications of the ACM, 42–52 (1984)
Brygier, J., Fuchsen, R., Blasum, H.: PikeOS: Safe and Secure Virtualization in a Separation Microkernel. Technical report, Sysgo (September 2009)
Cheng, Z.: Mobile Malware: Threats and Prevention (2007), http://www.mcafee.com/us/local_content/white_papers/threat_center/wp_malware_r2_en.pdf
Diedrich, K., Winter, J.: Implementation Aspects of Mobile and Embedded Trusted Computing. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 29–44. Springer, Heidelberg (2009)
Ekberg, J.-E., Bugiel, S.: Trust in a small package: minimized MRTM software implementation for mobile secure environments. In: STC 2009: Proceedings of the 2009 ACM workshop on Scalable Trusted Computing, pp. 9–18. ACM, New York (2009)
Epstein, J.: A bibliography of windowing systems and security. ACM SIGSAC Review 10(4), 7–11 (1992)
Epstein, J., McHugh, J., Orman, H., Pascale, R., Marmor-Squires, A., Danner, B., Martin, C.R., Branstad, M., Benson, G., Rothnie, D.: A high assurance window system prototype. Journal of Computer Security 2(2), 159–190 (1993)
Feske, N., Helmuth, C.: A nitpicker’s guide to a minimal-complexity secure GUI. In: 21st Annual Computer Security Applications Conference. ACM, New York (2005)
Fischer, T., Sadeghi, A.-R., Winandy, M.: A Pattern for Secure Graphical User Interface Systems. In: 3rd International Workshop on Secure Systems Methodologies Using Patterns (2009)
Forler, C., Käß, S.: D03.5 - Embedded TSS: Technical specification. Technical report, Trusted Embedded Computing (January 2009)
Heiser, G., Elphinstone, K., Kuz, I., Klein, G., Petters, S.M.: Towards trustworthy computing systems: taking microkernels to the next level. ACM Operating Systems Review 4, 3–11 (2007)
Liedtke, J.: Towards real micro-kernels. Communications of the ACM 39(9) (1996)
Mobile Phone Working Group. TCG Mobile Trusted Module Specification. Technical Report version 1.0, Trusted Computing Group (June 2008)
Pfitzmann, B., Riordan, J., Stüble, C., Waidner, M., Weber, A.: The PERSEUS system architecture. Technical Report RZ 3335 (#93381), IBM Research Division, Zurich Laboratory (April 2001)
Sadeghi, A.-R., Stüble, C., Pohlmann, N.: European multilateral secure computing base - open trusted computing for you and me. Datenschutz und Datensicherheit DuD, Verlag Friedrich Vieweg & Sohn, Wiesbaden 28(9), 548–554 (2004)
Schulz, S., Sadeghi, A.-R.: Extending IPsec for Efficient Remote Attestation. In: 14th International Conference on Financial Cryptography and Data Security, FC 2010 (2010)
Shapiro, J.S., Vanderburgh, J., Northup, E.: Design of the EROS trusted window system. In: Proceedings of the 13th USENIX Security Symposium, August 2004, USENIX (2004)
Stüble, C., Zaerin, A.: μTSS - A Simplied Trusted Software Stack. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 124–140. Springer, Heidelberg (2010)
Trusted Computing Group. TPM main specification. Main Specification Version 1.2 rev. 85, Trusted Computing Group (February 2005)
Trusted Computing Group. Trusted Network Connect. Specification Version 1.2 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Selhorst, M., Stüble, C., Feldmann, F., Gnaida, U. (2010). Towards a Trusted Mobile Desktop. In: Acquisti, A., Smith, S.W., Sadeghi, AR. (eds) Trust and Trustworthy Computing. Trust 2010. Lecture Notes in Computer Science, vol 6101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13869-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-13869-0_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13868-3
Online ISBN: 978-3-642-13869-0
eBook Packages: Computer ScienceComputer Science (R0)