Secure Storage Based On ARM TrustZone Research And Implement

With the rapid development of the mobil communication industry, smart phones also develop and popularize fast. A variety of smart phone APPs appear, smartphones’ influence in people’s lives is becoming more and more important. As people growing reliance on smartphones, some important information will be stored in a smartphone or run on it. How to effectively protect smartphone user’s sensitive information is becoming more and more important. Aiming at the security problems of mobile terminals, ARM proposed the TrustZone technology——a system security extension that is integrated in the CPU kernel. It is a safety measure throughout the whole system design of hardware architecture and has a very high security.Based on the TrustZone technology and Trusted Operating System, a safe storage solution is proposed. The solution combines the TrustZone technology and traditional encryption technology, and provides better security for the sensitive data. The solution uses the TrustZone technology to isolates the system hardware and software resources into two worlds, the secure world and the normal world, corresponding to the Trusted Execution Environment and Rich Execution Environment. Once met an operation with high security requirements, the execution environment should switch to the TEE to ensure the safety. Hardware isolation is realize by setting the memory chip to safe state, and does not allow the application running in the REE to access it. Software isolation is mainly about operation system and some applications. According to Global Platform’s standard specification, an encryption module and a storage module are added into the T-OS. Encryption module implements a variety of encryption algorithms and it can be used for information encryption, authentication and signature, the users can choose any algorithm according to their needs. Storage module’s main function is to store the encrypted information, to read the cipher text from flash, and also need to manage the file. Then, a trusted application about secure storage is programmed by using the two modules. Finally, using a client application call the trusted application to verify the feasibility of the secure storage solution.