Design,Implementation And Application Of Mobile Platform Trusted Path Based On TrustZone

The current intelligent mobile platform are changing people's work and way of life in business,technology,education,health care and entertainment fields.However,in recent years,due to the proliferation of malicious software platform and attack,smart mobile operating system security are suffering from a major threat.For intelligent mobile platform security issues,academic and industry based on trusted computing environment put forward a lot of security solutions from different angles.Trusted computing environment refers to the system is divided into multiple isolated execution domain each other,and each domain internal level permissions,address space isolation mechanism of computing environment.Because of the trusted computing environment has good security isolation effect,especially suitable for improving the safety of the system.However,the trusted computing environment system software from the following two important questions:One is the trusted computing base size is too large.Now many of the solution also failed to use multiple domain isolation,trusted computing base size is very large.Expansion of mobile platform hardware security ARM TrustZone mechanism can be used to build a double field computing environment,protect the security of the system software by means of isolation,but such hardware isolation double domain environment has not been to good use: on the one hand,part of the system in the isolated domain run a simple program to provide security services for another execution domain,credible base is small but as a result of single function,general not flexible;on the other hand,some researchers try to run in two domains a complicated operating system,the use of security isolation between the domain provides flexible security services,but this led to the trusted computing base of the system platform is too large,the safety is not high.The second is to switch between different execution environment of poor performance.Many current security system software using virtualization technology to provide more domains computing environment,safety operation level different service for different domains in order to protect the platform of security.Virtualization technology in the construction of multi-domain computing environment at the same time,make the whole system has a different level of authority and hierarchy,the interaction between different domains need to span multiple hierarchy and authority level,has a large performance overhead,as a direct result of the performance of the system greatly reduced.Many security system is not for the sake of performance has been applied in the actual scene.Based on ARM TrustZone hardware architecture characteristic,based on the research of the system software,in the trusted computing environment for small trusted computing base to solve the several important security issues,provides a credible for intelligent mobile platform user application environment.Academic contribution in this paper,mainly including the following three aspects:In order to solve the current mobile platform without a safe,flexible and reliable base small trusted computing environment problems,the paper in the open source security kernel T6 operating system,on the basis of using ARM TrustZone hardware architecture,for mobile trusted computing security framework provides a reliable basis.T6 secure operating system running in the security world,for ordinary commercial application in the operating system of the world to provide a trusted execution environment and safety with smaller size of trusted computing base.Based on the T6 secure operating system to achieve a reliable starting with the application to load a verification mechanism,and ensure the system perform the application code for proven reliable code.In order to solve the aggressive behavior for display data,user input data,this article on the basis of T6 secure operating system to achieve the established the path of trusted mobile platform,can resist screenshots,input record attacked,phishing attacks and other attacks on user privacy data or property safety,produced only on the performance of the existing system is low,the influence of the trusted computing base size less than ten thousand lines of code.For one-time password generation scheme based on software trusted computing base larger,easy to be attacked,and the traditional one-time password generation scheme based on hardware and carry inconvenience,upgrade,update the difficulties shortcomings,using ARM TrustZone trusted hardware with hardware level security isolation guarantee,on the mobile device to realize the TrustDPG one-time password generation solution,and to achieve the solution based on software usability and based on the safety of the hardware solution.In view of the existing mobile payment,authentication,such as daily communication behavior dependence on text messages with the current Android OS for the application of rights management lack most malicious programs can be very easy to steal user text data this contradiction,based on ARM TrustZone trusted hardware with hardware level security isolation TrustSMS SMS encryption system,ensure the SMS user data in the process of network transmission and the safety of the operating system.