Research On Mobile Key Management Technology Based On TEE

Because Android operating system is based on Linux kernel and has the feature of open source, it has been supported by the majority of equipment manufacturers and developers. The number of applications based on Android platform is growing rapidly, in which social software is favored by the majority of users and has become an indispensable necessity in the lives of mobile users. When the users are enjoying the advantages of the social software, they are also facing the threats of information leakage while transfer the data by communication. To provent the information leakage, the end-to-end communication security should be achieved in the scheme of social software with cryptographic technology. Once using the encryption methods, the keys used in the scheme should be well pretected, otherwise the entire communication mechanism will has no security at all. Therefore, the secure key management mechanism has become the core issue of ensuring the security of communication data in mobile terminal.So far, the researchers have proposed many Android-based key management schemes to solve the security problem of end-to-end communication key. However, the majority of Android-based key management schemes focus only on the security of key agreement protocol, and have little or no consideration on the security of the key which is stored and used in mobile terminal. By exploiting the vulnerabilities in Android system, the attackers can obtain the "ROOT"permission so that they can not only easily access the local key which is stored in the terminal equipment, but also track the local cryptographic operations. Hence, in order to achieve truly secure key management in the mobile terminal, the key management scheme should guarantee the security of the communication key when the key is stored and used in terminal.Based on the analysis and the study of key security problem, the Trusted Execution Envrionment security mechanism and AndroidKeyStore framework, this paper designs an Extensible Android Key Management Frame (Referred to as EAKMF). EAKMF has inherited AndroidKeyStore framework and expanded the related components. In this framework, we have added key management service, which provide the function of key management and ensure the security of the communication key in the mobile terminal. The main contents are as follows.(1)Based on the study of overall framework and security mechanism of Android system, this paper analyzes the whole frame and functional module of AndroidKeyStore. In addition, this paper detailedly elaborates the concept, architecture of TEE and analyzes the standard specification and security mechanism related to TEE. It points out the deficiency of the existing Android key management mechanism, and the reason why the TEE can be used as the core component of the key management.(2)Based on the research of AndroidKeyStore framework, this paper designes Extensible Android Key Management Frame (EAKMF), and describes its hierarchical structure, core module and core process.According to the scheme, this paper presents the concrete implementation of the EAKMF and shows that the EAKMF has a higher security than the traditional key management scheme and has a better expandability than the AndroidKeyStore framework.(3)In the EAKMF, according to the TEE technology, this paper builds a software implementation environment of TEE with the help of OPTEE project, designs the TEE-based key management module(OTKMM) and develops the customized security services, for example key storage service and cryptographic operation service, which provides security services for upper application. The test shows that the TEE technology is feasible in practical.