Implementation Of Security Functions Based On Cryptography Algorithms In Trusted Execution Environment

By the development of digital information,people's pace of life has become faster and faster.Mobile terminals have become an important part and carrier of these new digital services.At present,IOS and Android are the most widely used mobile terminal devices which operating systems provide users with an open operating environment.Although the open operating environment allows personal mobile terminals to have personalized functions and a better user experience,these open operating systems are insecure operating environments that will expose the device to more and more attacks.Trojan horses,Viruses and malicious software with data-stealing functions have emerged in an endless stream,resulting in a surge in security issues such as user information leakage and password theft,and a trusted execution environment technology was born.The trusted execution environment technology isolates Rich Execution Environment(REE)systems such as Android and IOS from the secure Trusted Execution Environment(TEE)system through a hardware-based resource isolation mechanism.The resources of the security system do not allow direct access by the REE end,and are guaranteed by a set of access control policies and password algorithm mechanisms Security of user data.Now TEE technology has been widely used in our mobile payment applications.In order to guide the healthy development of TEE technology products in China's financial industry,the People's Bank of China issued GB/T 0156-2017"Mobile terminal payment trusted environment specification" in 2017,which describes that the Trusted Execution Environment(TEE)technology products should have Security features and cryptography algorithms.In addition,the "Cryptography Law of the People's Republic of China" formally implemented in January 2020 proposed that information security products used in the design,implementation,and use of infrastructure such as transportation,finance,water conservancy,and energy related to national economy and people's livelihood must be used It conforms to the cryptography algorithm approved by the National Cipher Management Department,and emphasizes that the national commercial cryptography algorithm(SM2,SM3,SM4)should be used first.However,at present,TEE technology is still in the development stage in China.The TEE technology products used in the financial industry are mainly developed with reference to the technical specifications formulated by the international standards organization GlobalPlatform(GP).Therefore,most TEE technology products only support international cryptography algorithms,among which Including cryptography algorithms(MD5,DES,RSA1024)that have been proven to have security risks,the use of these high-risk cryptography algorithms will result in the failure to guarantee the information security construction in China's financial industry.Therefore,the development of a TEE product based on a secure cryptography algorithm and compatible with existing devices has become an urgent need.After discussion,the company decided to use the open source OP_TEE operating system to develop a new TEE operating system.The new TEE operating system supports the security functions and business processes in the GP TEE specification,and joins the national commercial cryptography algorithm to ensure product safety;For compatibility,the new security function interface refers to the implementation of the Application Programming Interface(API)function interface in the GP specification to facilitate the use of TEE product developers and suppliers.In this project,the author's job is to implement the SM2,SM3,and SM4 algorithms,and refer to the process and interface implementation of calling the cryptography algorithm in the GP TEE specification to complete the development of the domestic commercial cryptography algorithm module.The main content of this article is to introduce the implementation of cryptography algorithms and related functional interfaces.In the first chapter introduction,the research and development background of this project is expounded.Explain the development of TEE technology at home and abroad.In Chapter 2,the Demand Analysis chapter will focus on the relevant requirements of China's financial industry's credible execution environment regulations and international regulations.In the third chapter,the architecture design chapter will analyze the TEE OS's overall design,safety function structure and algorithm safety function architecture from shallow to deep.Chapters 4 and 5 illustrate the specific contents of this work from the perspective of detailed design and implementation of safety functions and test verification.The final chapter will summarize the full text,make a statement on the receipt of the work and find the deficiencies,and look forward to the future work direction.