The Research And Implementation Of Reinforcement Technology For Trusted Execution Environment Based On Secure Element

At present,the widespread application of mobile devices has made people pay more and more attention to its security issues.The kernel of mobile operating system may have security flaws and imperfect management mechanisms.Due to these probl-ems,the existing solution at home and abroad is improving hardware layer security by complying with related technologies of the Global Platform's Trusted Execute Environ-ment specification.Although,a trusted operating environment can reach a moderately protected level at a lower cost,there are still some deficiencies.While facing attacks such as chip attacks and shared resource attacks,there are still some problems,such as insufficient storage security,insufficient protection against tamper,and so on.Therefore,the reinforcement of the trusted execute environment is imminent.The purpose of this thesis is to improve the integrity and confidentiality of the existing trusted operating environment.The main research topics are as follows:(1)The existing boot process was studied.Based on the trust root and trust chain defined by the TCG organization,a new trusted boot process was established using the digital signature technology.It solves the problem that the integrity of the existing boot process is not guaranteed.(2)There is a problem that the trustworthiness of the trusted operating system kernel image which should be loaded in the existing boot process is not guaranteed.This thesis puts forward a method of adopting the security element.To implement the method,the software architecture and hardware architecture are designed.Finally,the image can be load from the security element.(3)The thesis has a research on the existing security service process.Combining with cryptographic operation related theory,the thesis defines the specification interface for cryptographic operations,which solves the problem that CA and TA need multiple data exchange in cryptographic operations.(4)The existing TEE OS cryptographic operations relies on software library.What's more,the existing TEE OS does not support national cryptographic algorithms.To solve these phenomenons,the thesis studys existing cryptographic operation flow and defines a frame in which a security element was used as the core hardware to support cryptographic operations.These work help achieving the purpose of improvingthe confidentiality of the TEE OS cryptographic operations and supporting the national cryptographic algorithm.The experimental results show that the digital signature technology guarantees the integrity of the image in each phase of the trusted startup.The security element guarantees the confidentiality of the OS image during the trusted boot phase and ensures the confidentiality of the cryptographic operations in the interface.The entire operating environment is reinforced.