Building trusted path on untrusted device drivers for mobile devices

Nowadays, there is a trend to design complex, yet secure systems. In this context, the Trusted Execution Environment (TEE) was designed to enrich the previously defined trusted platforms. TEE is commonly known as an isolated processing environment in which applications can be securely executed irrespective of the rest of the system. However, TEE still lacks a precise definition as well as representative building blocks that systematize its design. Existing definitions of TEE are largely inconsistent and unspecific, which leads to confusion in the use of the term and its differentiation from related concepts, such as secure execution environment (SEE). In this paper, we propose a precise definition of TEE and analyze its core properties. Furthermore, we discuss important concepts related to TEE, such as trust and formal verification. We give a short survey on the existing academic and industrial ARM TrustZone-based TEE, and compare them using our proposed definition. Finally, we discuss some known attacks on deployed TEE as well as its wide use to guarantee security in diverse applications.

show abstract

“…It allows a human user to directly interact with applications running inside TEE. Examples of trusted userinterface can be found in [33]- [35].…”

Section: Tee Building Blocksmentioning

confidence: 99%

Trusted Execution Environment: What It is, and What It is Not

Sabt

Achemlal

Bouabdallah

2015

2015 IEEE Trustcom/BigDataSE/Ispa

403

186

View full text Add to dashboard Cite

show abstract

“…Prior work has built trusted path using TrustZone, with much focus on balancing the size of the secure TCB versus functionality. For instance, TrustUI [34] enables trusted paths without trusting device drivers by splitting drivers into an untrusted backend and trusted frontend that runs within the secure kernel. TrustUI uses ad-hoc techniques, such as randomizing keys on the on-screen keyboard after every touch, for ensuring that the information available to the non-secure kernel does not leak device data.…”

Section: Background and Related Workmentioning

confidence: 99%

SeCloak

Lentz

Sen

Druschel

et al. 2018

Proceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services

View full text Add to dashboard Cite

Reliable on-off control of peripherals on smart devices is a key to security and privacy in many scenarios. Journalists want to reliably turn off radios to protect their sources during investigative reporting. Users wish to ensure cameras and microphones are reliably off during private meetings. In this paper, we present SeCloak, an ARM TrustZone-based solution that ensures reliable on-off control of peripherals even when the platform software is compromised. We design a secure kernel that co-exists with software running on mobile devices (e.g., Android and Linux) without requiring any code modifications. An Android prototype demonstrates that mobile peripherals like radios, cameras, and microphones can be controlled reliably with a very small trusted computing base and with minimal performance overhead. CCS CONCEPTS• Security and privacy → Mobile platform security; Privacy protections; ACM Reference Format:

show abstract

“…SIMlets [35] splits the bill for mobile data using TrustZone and allows content providers to pay for the traffic generated by mobile users visiting their websites or using their services. TrustUI [25] uses TrustZone to provde trusted paths between mobile user and mobile device as well as between mobile device and remote service without trusting the device drivers.…”

Section: Related Workmentioning

confidence: 99%

AdAttester

Chen

et al. 2015

Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services

Self Cite

View full text Add to dashboard Cite

Mobile advertisement (ad for short) is a major financial pillar for developers to provide free mobile apps. However, it is frequently thwarted by ad fraud, where rogue code tricks ad providers by forging ad display or user clicks, or both. With the mobile ad market growing drastically (e.g., from $8.76 billion in 2012 to $17.96 billion in 2013), it is vitally important to provide a verifiable mobile ad framework to detect and prevent ad frauds. Unfortunately, this is notoriously hard as mobile ads usually run in an execution environment with a huge TCB.This paper proposes a verifiable mobile ad framework called AdAttester, based on ARM's TrustZone technology. AdAttester provides two novel security primitives, namely unforgeable clicks and verifiable display. The two primitives attest that ad-related operations (e.g., user clicks) are initiated by the end user (instead of a bot) and that the ad is displayed intact and timely. AdAttester leverages the secure world of TrustZone to implement these two primitives to collect proofs, which are piggybacked on ad requests to ad providers for attestation. AdAttester is non-intrusive to mobile users and can be incrementally deployed in existing ad ecosystem. A prototype of AdAttester is implemented for Android running on a Samsung Exynos 4412 board. Evaluation using 182 typical mobile apps with ad frauds shows that AdAttester can accurately distinguish ad fraud from legitimate ad operations, yet incurs small performance overhead and little impact on user experience.

show abstract

Building trusted path on untrusted device drivers for mobile devices

Cited by 59 publications

References 8 publications

Trusted Execution Environment: What It is, and What It is Not

Trusted Execution Environment: What It is, and What It is Not

SeCloak

AdAttester

Contact Info

Product

Resources

About