The Research And Realization Of Software Security Module Based On ARM TrustZone Architecture

Mobile intelligent terminal has a strong hardware processing capability and is installed with a fully functional open operating system.It integrates rich functionalities such as communication,entertainment,network access,data storage,personal business processing and information exchange and so becomes an indispensable part of work and daily life.Most users carry mobile terminals everywhere to process business information and many of the terminal services are closely linked to tariffs,which drive criminals to shift their attention from the traditional desktop environment to the mobile environment.They use malwares to obtain user private data and cause great damage to user property security.Therefore,how to improve the security of mobile intelligent terminal has received widespread attention.The thought of trusted computing provides a good idea for solving the terminal security threat.The TPM(Trusted Platform Module)chip can provide a trusted root for the system on PC and form an all-round protection for computing platform from the system bottom.However,adding a hardware chip to a mobile terminal is not applicable from the standpoint of power consumption,performance,and design expansion.So it is reasonable to implement a software trusted module on a mobile terminal.Compared to hardware,there is no closed trusted area in software trusted module,so the execution environment is unbelievable and the private data storage is not secure.In order to solve the security problem in the existing mobile terminal,this paper researches the trusted computing technology and designs a software security module for mobile terminal base on ARM TrustZone architecture.We use the trusted execution environment isolated by TrustZone technology to ensure the dynamic runtime security of key components and private data in system,as well as to guarantee user private data from being stolen or tampered by the attacker during data processing.At the same time,we build the software security module(SSM)in TrustZone architecture to provide security support for the realization of secure services such as integrity measurement and data encryption and decryption.We also analyze the communication method between the original physical TPM chip and the upper application and study the execution environment switching process of TEE.To accommodate to the TrustZone architecture,we redesign the communication method between the upper user application and the SSM based on SMC instruction.Meanwhile,we design an important data protection method to protect the integrity and privacy of data.This method can prevent replay attack and effective protect the security of important data.Finally,this paper also realizes the software security module based on ARM TrustZone architecture and carries on the function test,performance test and important data safety test.The experimental results show that this design can realize the security function with a better efficiency than the hardware chip and can effectively guarantee the security of important data.The SSM can achieve trusted boot,trusted network connection and other functions to improve the security of mobile intelligent terminal.