Research On Trusted Technology Of Android Based On TEE

As an open platform,the Android operating system has many security problems such as system cracking and malicious software,and it is difficult for service providers on the remote side to determine whether the local appli-cation and operating system are both in a trusted state.At the same time,the Trusted Execution Environment(TEE)technology provides the trusted appli-cations running in the TEE security abilities based on the TrustZone hardware.However,it is still very difficult for common applications to prove their security to the remote server.This paper studies how to use the chip-level security enhancement capa-bility provided by TEE technology to build a hardware-based Android trusted platfonn.This platform ensures the real-time credibility of the Android kernel and provides an application-level authentication mechanism to achieve the goal of protecting common applications with the help of the TEE.Our main work and achievements of this paper are as follows.1.Analyzing and finding a vulnerability of an authentication protocol on the Android platform:we studied a large number of domestic FIDO Android applications,summarized the implementation models of the FIDO UAF pro-tocol on the Android platform,and found a medium-risk vulnerability called"Authenticator Rebinding Vulnerability",which is caused by the lack of effec-tive application-level authentication.Based on the above research,we proposed the requirements of our Android trusted platform.2.Designing the technical scheme of the Android trusted platform:ac-cording to the proposed requirements,we designed the Android trusted platform prototype system based on the ARM TrustZone technology,which includes the Real-time Kernel Protection,the Periodic Kernel Measurement,and the System Attestation.The Real-time Kernel Protection and Periodic Kernel Measurement ensure the security of the Android operating environment,and the System au-thentication provides a system and application attestation for the remote server with the designed protocol based on"challenge-response".3.Implementing and testing the prototype system of the Android trusted platform and eliminating the vulnerability of the FIDO UAF protocol radically:we implemented the prototype system based on TEE.We also redesigned the FIDO UAF protocol based on our prototype system to eliminating its vulnera-bility radically,which had shown the potential scenario and value of this plat-form in the reality.