Research And Implementation Of Smartphone Security Technology Based On Trust Zone

Intelligent terminal plays a very important role in the different scenes of life and work, as more and more user privacy stored in it. Data security issues become particularly prominent, and users tend to prevent data leakage accidents by setting the corresponding password to authentication. But in order to improve the security strength of the password, users have to remember the complex password and perform the operation of frequent password input and many other acts, which may greatly affect the user experience. However, with the rapid promotion of biological identification technology, the characteristics of its convenient and fast has been widely recognized. For example, fingerprint identification technology is rapidly applied to the field of intelligent terminals to identify users safely and quickly, instead of the traditional way of using password authentication.Therefore, how to ensure the security of fingerprint identification and to ensure the safety of the identification process are also increasingly prominent. A trusted execution environment(Trusted Execution Environment, TEE) is proposed currently, which aims to provide a secure execution environment for the trusted application. The concept of secure execution environment can be achieved from three mechanisms: Intel’s SVM and AMD’s TXT which can provide a secure execution environment, ARM Trust Zone security technology which provides isolation mechanisms of non-secure area and secure area directly on the CPU, and Virtualization mechanism of Hypervisor/VMM which provides security and non-security applications isolation between applications. ARM processor which is widely used in embedded platforms presents the security extension mechanism of Trust Zone. The SOC hardware and software resources are divided into processing the key resources of trusted execution environment and other resources of the rich execution environment(Rich Execution Environment, REE) by this security extension mechanism, which aims to build security framework from the underlying hardware architecture of the processor, so as to ensure devices against a large number of potential threats.This thesis aims to solve the security problems existing in the field of intelligent terminals adopting ARM Trust Zone security extensions technology and put forward a security framework of fingerprint identification based on TrustZone according to the biological characteristics of the fingerprint identification theory. This framework provides trusted execution environment for the application fingerprint identification to guard potential attacks against malicious programs to ensure the safety and reliable fingerprint identification process. At the same time, in order to prevent the fingerprint information from stolen, the Trust Zone provides the fingerprint characteristic data and encryption key protection. In addition, this thesis has designed and implemented a secure transmission channel and a fingerprint-data communication protocol to ensure the security of the transmission of the fingerprint. Finally, this program also designs and implements a prototype system by means of experimentally verify the effectiveness, and the experimental results prove the feasibility of technologies and methods mentioned herein.