The Design, Implementation And Application Of Trusted Mobile Cloud Platform Based On Trustzone

With the significant growth of mobile devices,more and more mobile devices communicate with the cloud platform frequently,which is called the mobile cloud platform.The trusted application on the mobile device provides security services to the user by interacting with the mobile cloud platform.With the development and popularization of the fingerprint payment and face recognition,the trusted application has brought a vast market and broad prospect.However,there are still some problems with the trusted application.First of all,the trusted application cannot deploy on mobile devices dynamically.Due to the existing security technology limitation,trusted applications are only pre-installed in mobile devices at the factory.After the mobile device leaves the factory,it is hard to dynamically deploy them through the mobile cloud platform like a standard App.Secondly,without the assistance from the mobile cloud server,it is difficult for trusted applications to communicate with each other in different devices.Until now,the trusted application only executes simple operations in local(such as encryption,signature,and authentication).Finally,the mobile cloud platform's interface is not efficient to develop a trusted interaction between the mobile cloud platform and the trusted application.Developers have to design their own methods,which may cause redundant development.What's worse,due to the non-strict code implementation,users have to suffer security risks.Therefore,it is necessary to build a trusted mobile cloud platform to provide good development experience,deploy trusted applications dynamically and expand trusted applications' function by the cross-device communication.Trust Zone is a security enhancement mechanism in ARM architecture.This thesis proposes a trusted mobile cloud platform based on Trust Zone for developers or cloud platform service providers.It provides a dynamically trusted application deployment mechanism and a trusted cross-device communication mechanism.The trusted mobile cloud platform also provides developer-friendly interfaces,which developers can develop the trusted application efficiently.Based on these interfaces,this thesis designs and implements a secure communication plug-in as a case study to show the good development experience of the trusted mobile cloud platform.· First of all,this paper designs and implements a mechanism for dynamically deploying trusted applications on the trusted mobile cloud platform.This mechanism utilizes an end-to-end security solution to design a trusted communication method between the trusted mobile cloud platform and the trusted execution environment on mobile devices.It expands the trusted execution environment's function to let the trusted mobile cloud platform instruct trusted execution environments(e.g.,install,update,and remove the trusted application)with the assistance of client application.This mechanism guarantees the trusted application's trusted source,trusted transmission,and trusted deployment.· Secondly,this paper designs and implements a trusted communication mechanism among mobile devices.Considering the new scenario of the ARM server machines and new generation cloud computing(e.g.,Joint Cloud),this paper proposes a distributed trusted key management service,which improves the availability and scalability of the key management service.By leveraging the trusted key management service,the trusted application could upload data to the trusted mobile cloud platform for encryption storage,decrypt and download this data on another device.Therefore,combining with the cloud storage service,the trusted key management service can support trusted communications among mobile devices.· Furthermore,by leveraging these interfaces above,this paper designs and develops a secure communication plug-in on the trusted mobile cloud platform to protect user communications.Without the modification of the existing communication software,the plug-in is easy to deploy and use.The plug-in could provide secure communication even in the untrusted cloud platform,and it has good compatibility applied for almost all social communication platforms on the market.· Finally,this thesis implements the trusted cloud platform mechanisms and its case study completely.It also deploys these components to the cloud server and mobile device in the real environment.This work has made some contribution to the Open Trusted Protocol(OTr P).