Skip to main content
SpringerLink
Log in

Analytical study of hardware-rooted security standards and their implementation techniques in mobile

  • Published:
Telecommunication Systems Aims and scope Submit manuscript

Abstract

Security of information in computers is of paramount importance. Considering the software security as inadequate, hardware rooted security standards were developed as Trusted Platform Module (TPM) 1.0 in 2003 and subsequently as TPM 2.0 in 2012. While trustworthy, these standards and their corresponding implementation in hardware as TPM chips were found to be inappropriate for mobile computing devices due to their small form factor, low computing resources, limited battery power and cost. Given these challenges, software derivative of TPM was devised for mobile devices as TPM Mobile. However, TPM Mobile was rarely implemented in real devices primarily due to lack of trust in its software nature. Another standard named as MTM also emerged as derivative of TPM but was never adopted widely due to physical limitations of the mobile devices that have been further constrained after introduction of Internet of Things. Subsequently, a software-cum-hardware combo implementation appeared in ARM-based mobile CPUs by the name of TrustZone as a trade-off between hardware and software. Although widely adopted ARM TrustZone has also been considered as inadequate vis-a-vis TPM standards. After conducting a comparative analysis of various security standards, this paper proposes mTPM, a comprehensive security standard. As such mTPM not only addresses prevalent information security requirements of mobile devices but also considers their physical constraints. mTPM primarily suggests an implementation of a security processor integrated within existing CPU, as stand-alone chip was considered infeasible for mobile devices. The detailed architectural model of mTPM has also been included as guidelines for uniformly secure implementation and standardization. In view of its advantages, mTPM is expected to find greater adoption and refinements over time.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21

Similar content being viewed by others

References

  1. Sallam, A., The new era of mega trends: Hardware rooted security. Hardware, Security, and Emerging Solutions, Citrix Solutions. Retrieved from https://www.citrix.com/articles-and-insights/trends-and-innovation/jan-2015/the-new-era-of-mega-trends-hardware-rooted-security.html.

  2. NIST SP 800-164 (2012). Guidelines on Hardware Rooted Security in Mobile Devices. Retrieved from https://csrc.nist.gov/publications/detail/sp/800-164/draft.

  3. NIST SP 800-124 Revision 1, Guidelines for Managing and Securing Mobile Devices in the Enterprise. Retrieved from https://csrc.nist.gov/publications/detail/sp/800-124/rev-1/final.

  4. NIST SP 800-111, Guide to Storage Encryption Technologies for End User Devices. Retrieved from https://csrc.nist.gov/publications/detail/sp/800-111/final.

  5. TCG Published (2011). “Mobile Trusted Module 2.0 Use Cases”, Specification Version 1.0, 4 March 2011.

  6. Großschadl, J. (2008). Reassessing the TCG specifications for trusted computing in mobile and embedded systems. In IEEE international workshop on hardware-oriented security and trust (pp. 84–90). IEEE Computer Society.

  7. Asokan, N. (2014). Mobile trusted computing. Proceedings of the IEEE,102(8), 1189–1206.

    Article  Google Scholar 

  8. TCG Published. (2008). TCG mobile reference architecture. Specification version 1.0, Revision 5.

  9. Kim, Mooseop, Hongil, Ju, Kim, Youngsae, Park, Jiman, & Park, Youngsoo. (2010). Design and implementation of mobile trusted module for trusted mobile computing. IEEE Transaction on Consumer Electronics,56(1), 134–140.

    Article  Google Scholar 

  10. Markantonakis, K., & Mayes, K. (2014). Secure smart embedded devices, platforms and applications (pp. 71–94). Berlin: Springer.

    Book  Google Scholar 

  11. McGill, K. N. (2013). Trusted mobile devices: requirements for a mobile trusted platform module. Johns Hopkins Technical Digest,32(2), 544–554.

    Google Scholar 

  12. Dickson, F. (2014). Hardening android: Building security into core mobile devices. Secure Networking in Frost and Sullivan, 2(4), 19–21.

    Google Scholar 

  13. Samsung Knox Security Solution, Samsung Electronics Whitepaper, Version 2.2, May 2017.

  14. MT2502ASOCProcessor Technical Brief (September 2014) MediaTek Corporation, Version 1.0.

  15. Enhanced Security Features for Applications and Data In-use (2019). Intel SGX Product Brief.

  16. iOS Security, iOS 12.3 (2019) Apple Corporation Whitepaper.

  17. Antutu Benchmark Report (2018). Global Android Smartphone User Preferences for Q2.

  18. NIST IR 8114 (2017). Report on lightweight cryptography. Retrieved from https://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8114.pdf.

  19. Beaulieu, R., Shors, D., Smith, J. (2015). Simon and speck: Block ciphers for the internet of things. NSA document.

  20. Cazorla, M., Marquet, K., & Minier M. (2013). Survey and benchmark of lightweight block ciphers for wireless sensor networks. In 2013 international conference on security and cryptography (SECRYPT) (pp. 1–6).

  21. Lara-Nino, C. A., & Morales-Sandoval, M. An evaluation of AES and present ciphers for lightweight cryptography on smartphones. https://doi.org/10.1109/conielecomp.2016.7338557.

  22. Hosseinzadeh, J., & Bafghi, A. (2017). Evaluation of lightweight block ciphers in hardware implementation: A comprehensive survey. IEEE International Conference on New Research Achievements in Electrical and computer Engineering, 1(1), 1–7.

    Google Scholar 

  23. Rinne, S., Eisenbarth, T., Paar C. (2007). Performance analysis of contemporary light-weight block ciphers on 8-bit microcontrollers. In Speed 2007.

  24. Hammad, B. T., Jamil, N., Rusli, M. E., & Reza, M. E. (2017). A survey of lightweight cryptographic hash function. International Journal of Scientific and Engineering Research,8(7), 806–814.

    Google Scholar 

  25. Badel, S., Dağtekin, N., Nakahara Jr., J., Ouafi, K., Reffé, N., Sepehrdad, P., & Vaudenay, S. (2010) “ARMADILLO: A multi-purpose cryptographic primitive dedicated to hardware. In Cryptographic hardware and embedded systems, CHES 2010 (pp. 398–412). Springer.

  26. Koyama, T., Sasaki, Y., & Kunihiro, N. (2012). Multi-differential cryptanalysis on reduced DM-PRESENT-80: Collisions and other differential properties. In Information security and cryptology–ICISC (pp. 352–367). Springer.

  27. Berger, T. P., D’Hayer, J., Marquet, K., Minier, M., & Thomas, G. (2012). The GLUON family: A lightweight hash function family based on FCSRs. In Progress in cryptology-AFRICACRYPT (pp. 306–323). Springer.

  28. Guo, J., Peyrin, T., & Poschmann, A. (2011). The PHOTON family of lightweight hash functions. In: Advances in cryptology–CRYPTO (pp. 222–239). Springer.

  29. Abdelraheem, M. A. (2012). Estimating the probabilities of low-weight differential and linear approximations on PRESENT-like ciphers. In Information security and cryptology–ICISC 2012 (pp. 368–382). Springer.

  30. Building a Secure System using TrustZone Technology (2009). ARM security technology whitepaper. Retrieved from http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf.

  31. Smc Calling Convention- System Software on ARM Platforms (2016). ARM Security Technology.

  32. TrustZone API Specification version 3.0 (2009). ARM Security Technology. Retrieved from http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.prd29-genc-009492c/index.html.

  33. Raj, H., Saroiu, S., Wolman, A., Aigner, R., Cox, J., England, P., Fenner, C., Kinshumann, K., Loeser, J., Mattoon, D., Nystrom, M., Robinson, D., Spiger, R., Thom, S., & Wooten, D. (2016). fTPM: A software-only implementation of a TPM Chip. In Proceedings of 25th USENIX security symposium.

  34. RFC 8017 (2016). PKCS #1: RSA Cryptography Specification Version 2.2”, ISSN: 2070-1721.

  35. Aututu Global Phone Users’ Preference Report for Q1 2019 (2019). Antutu Benchmark Report, doc/117726.

  36. Antutu Report: Global Android Smartphone User Preferences for Q2 2018 (2018). Antutu Benchmark Report, doc/115174.

  37. Top 10 Global Popular Phones and User Preferences, Q3 2016 (2016). Antutu Benchmark Report, doc/107641.

  38. Building a Titan: Better security through a tiny chip (2018). Android Developers Platform Blog by Google Inc., Retrieved 10 October, 2019 from https://android-developers.googleblog.com/2018/10/building-titan-better-security-through.html.

  39. Android Keystore System (2019). Android developers platform documentation by Google Inc., Retrieved 10 October, 2019 from https://developer.android.com/training/articles/keystore.html.

Download references

Acknowledgements

This research is supported by the Higher Education Commission (HEC), Pakistan through its initiative of National Center for Cyber Security for the affiliated lab “National Cyber Security Auditing and Evaluation Lab” (NCSAEL), Grant No. 2(1078)/HEC/M&E/2018/707.

Author information

Authors and Affiliations

  1. National University of Sciences and Technology, Islamabad, Pakistan

    Naveeda Ashraf, Ashraf Masood, Haider Abbas & Narmeen Shafqat

  2. College of Computer and Information Sciences, Prince Sultan University, Riyadh, 11586, Saudi Arabia

    Rabia Latif

Authors
  1. Naveeda Ashraf
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ashraf Masood
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Haider Abbas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rabia Latif
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Narmeen Shafqat
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Haider Abbas.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ashraf, N., Masood, A., Abbas, H. et al. Analytical study of hardware-rooted security standards and their implementation techniques in mobile. Telecommun Syst 74, 379–403 (2020). https://doi.org/10.1007/s11235-020-00656-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11235-020-00656-y

Keywords

Search

Navigation