Research Of User Privacy Data Protection Based On TrustZone

With the rapid development of modern society,information technology is gradually applied to various fields of social life.The embedded system with its simple structure,low power consumption and customizable characteristics,gradually become the core of daily life,industrial production,traffic control,transportation and other important basis of power industry informatization construction,especially with the popularization and application of mobile Internet and IoT,embedded equipment greatly promote the development of production life.But on the other hand the new means of attack,more and more complex and changeable working environment and a serious threat to the safe operation of the embedded system,the embedded system not only brought great security risks to the national basic industry,but also brought great trouble to the user privacy.At present,for the protection of embedded device user privacy data,ARM proposed TrustZone technology can ensure the dynamic security of privacy data.In addition,many scholars have made effective work in this regard.The main idea is to encrypt the user's privacy data.However,the management of the users' key is not mentioned.The lack of an effective key management mechanism may result in key leakage,which seriously threatens the security of user privacy data.Although some schemes have proposed a trusted key generation scheme,the generated key is lack of user participation,and the users' data is still threatening.At the same time,according to the TrustZone and TEE standards,we can use the security world to build a trusted execution environment,but there are still some deficiencies in the existing trusted execution environment implementation.In this paper,aiming at the lack of encryption protection for user privacy data on embedded devices,a key management mechanism is proposed in TrustZone architecture.Combined with Physical Unclonable Function(PUF)technology and the user's PIN to generate the user key related to both device and user,the confidentiality and integrity of privacy data is protected.Meanwhile,a relatively thorough key management mechanism is designed formutli-user data protection scene in public embedded device to realize key generation,storage,update and destroy.Finally,this multi-user key management moduleis given and realizedin TrustZone.And its security and efficiencyis analyzed by experiments.The experiment result show that the mechanism is reliable secure and has high key management efficiency.In addition,The TrustZone architecture in embedded device divides the system into two worlds:Secure World and Normal World.The Client Application in normal world sends request to normal world for data object operation and the Trusted Application in secure world receives and delivers the request to kernel to complete data operation.While Secure World provides trusted execution environment for data operation,the Trusted Application doesn't certificate the identity of CA who request access to data and this would result to large user data leakage risks.Thus this paper proposes a user sensitive data protection mechanism in TrustZone.We add corresponding modules in Secure World and Normal World respectively and authenticate the identity of CA to prevent the illegal access of user sensitive data.Then we analyze the security of system and do the validity test,security test and performance test.The results show that this method could perform effective identity recognition and control of CA to protect the security of user sensitive data and resist forging attack,temping attack and replay attack.After adding authentication modules,the data operation tim,e of system increases by 0.16s and that's acceptable considering the improved security.