Research On The Security Technologies Of Mobile Smart Terminal By Using Trusted Computing

With the rapid development of wireless communication technology, the communicationcapability of mobile network increases day by day, mobile smart terminals with morepowerful processing capabilities and storage space are becoming the developing trend ofmobile computing. Different from traditional feature phone, the data-centric mobile smartterminal is featured with independent operating system and the ability to install and runthird-party software, and it provides mobile Internet surfing service, data computing andstorage service for the individual user. Mobile smart terminal becomes the informationprocessing center and office assistant in people’s daily work and life, however, that attractsattacks from viruses and malicious software, bringing secure threats to personal privacyinformation. Due to the complexity of mobile environment, the security issues faced by themobile terminals are much more serious than the PCs, and so it is with the damage. Thesecurity of mobile smart terminal has become today’s unsolved social problems, which isone of the key factors restricting the development of mobile Internet. The security solutionsbased on anti-virus technology can only reduce the risk of being attack, but can not solvethe security problem essentially. Therefore, it is necessary to construct trust mobile terminalarchitecture to eliminate the security threats and risk from the essence of security issues.For the existed security issues, this dissertation studies the trust architecture of mobilesmart terminal and several key security technologies from the viewpoint of system. Themain research results are as follows:(1)The trusted mobile terminal based on trusted computing technology uses the existedsmartphone hardware architecture, and implements a software-based MTM module insidethe secure element and the secure storage memory in secure boundaries. By using themicro-kernel as the Trusted Computing Based (TCB), the trust software structure is builtbased on paravirtualization technology. The secure boot procedure in the micro-kernelensures the establishment of trust chain in TCB; after the trust boot, the trust relationship isextended to the core components to ensure the system bootstrap into a trust runningenvironment. After analysis, the smartcard hardware feature and Applet isolation feature can meet the security requirements of the MTM. By using the formal Analysis method, thetrustworthy and security of the secure boot can be demonstrated in theory. According to theTMP Specification, the proposed architecture can meet the security requirements of ClassLevel2, which can protect user privacy and carry out secure transaction.(2)The application behavior dynamic measurement mechanism is proposed byintroducing a behavior-based usage control (UCON) model and it divides the dynamicmeasurement into two stages in accordance with the running state of application: thepre-start static usage control and the on-running dynamic usage control. The first stageaccomplishes the usage control authorization relies on the integrity measurement resultsand the capability level based access control. When the control policy is met, application isauthorized to start. The second stage intercepts the key system call of application behavior,and analyzes the trusted property of the key behavior chain and the integrity impact on thesystem data and user data by busing the heuristic algorithm, then authorizes the applicationcontinue to run according to dynamic control policy. Based on the dynamic trust runningenvironment of the system, a proposed threshold property remote attestation scheme canprove that the platform have the required security properties to the remote platform. Suchscheme is featured with fine-grained and flexibility.(3)One mobile trust network connection (MTNC) authentication architecture isproposed by extending the TNC technology to mobile network environment, suchauthentication mechanism depends not only on user identification, but also the trust statusof mobile platform. Based on port access control mechanism and improved EAPauthentication protocols, the MTNC adopts direct anonymous authentication (DAA) andremote attestation to prove the authenticity of the MTM module and the trust status of themobile platform, which realizes the Home Network and Roaming Network accessauthentication. User anonymous authentication mechanism used in the identificationprocedure can protect user privacy and prevent tracking attacks. For the problem that theexisting DAA scheme can not be achieved directly in multi trust domains in mobileenvironment, a trust domain Union DAA (UDAA) is proposed. Mobile terminal whichobtains the domain union credential can use the DAA to prove the legitimacy of the MTMmodule effectively to the remote cross-domain verifier by using the UDAA scheme. (4)Under the mobile trust network architecture, for the existing security threats inOMA DRM v2.0, especially the security issues exposed when rendering digital content inmobile platform, an improvement OMA DRM scheme suitable for the trust mobileenvironment is proposed by introducing trust computing technology to the digital rightsprotection. In accordance with the usage procedure of digital content, four main processessuch as trusted DRM application downloading, DCF downloading, trust ROAP protocoland DRM content rendering are analyzed in detail. By using the behavior-based trustmeasurement, the proposed scheme can protect the integrity of DRM application and thetrustworthiness of the DRM content rending behavior. With the secure storage mechanismprovide by the trust terminal, the decrypted content and related key in rending procedurecan be protected effectively, and the time and count protection mechanism can ensure theenforcement digital usage rights.Finally, an identification protocol is designed to transfer control command to the securestorage card with high-speed. One prototype system is completed to realize full protectionin the mobile phone system based on smart TF card.