| With the advent of the mobile Internet,people are inseparable fr-om the Internet everywhere,and the performance of the supporting terminal equipment is getting better and better.But some security problems come with it as well.Users need to store their private data securely.The traditional solution is to encrypt data.However,traditional encryption solution has two major problems:First,the runtime security problem in the encryption process,how to ensure that the malicious application does not monitor and tamper with data during the encryption process;Second,how encrypted key is stored and managed.Based on the ARM TrustZone technology and OP-TEE,this thesis isolates a secure Trusted Execution Environment(TEE)from the hardware level,and proposes a data security encryption method,to ensure the security of user data.The research work of this thesis is divided into two parts:data encryption and key management.Based on the TrustZone technology and the OP-TEE,this thesis builds a trusted execution environment.On this basis,the data encryption and key management are implemented,which provides a solution to the security risks in the process of encrypting private data.At the same time,in order to realize the security of data transmission outside the security environment,the secure encrypted file structure and the encapsulation format of the network transmission key are designed and implemented,which extends the application scenario of the method.Finally,through simulating the ARM chip architecture on the qemu virtual hardware platform,this thesis builds a system environment including the rich execution environment(REE)based on Linux and the trusted execution environment(TEE)based on OP-TEE,and realizes the secure encryption of data by running the data encryption and the key management in the above environment.The data security encryption method designed and implemented in this thesis has certain reference value for protecting user privacy data on the mobile devcies. |
PDF Full Text Request