Research On Secure Startup And Data Encryption Of Android System Based On Trustzone

Android is the most popular mobile platform in the world.While users feel the convenience it brings,they also store more and more personal data in the Android system.However,the emergence of malicious applications poses a great threat to the information security of users.There are two main reasons why user data is threatened.One is that there are various vulnerabilities in Android system.Malicious applications use these vulnerabilities to attack people's devices and steal people's privacy.Although the existing security mechanisms of Android system can be protected to a certain extent,these security mechanisms depend on the trustworthiness of the underlying system.Another reason is that most of people's data information is directly stored or sent in plaintext,which increases the risk of being stolen.The traditional scheme solves this problem by encryption technology,but the traditional encryption scheme considers more about the security of the key at the protocol level,less about the security of the static storage of the key and the encryption process.Therefore,how to ensure the integrity of Android system and solve the security risks of the original data encryption mechanism is an important problem to improve the security of Android system.This thesis uses TrustZone technology,aiming at the above two problems,puts forward the corresponding security protection scheme,to maximize the security of Android system.This thesis mainly includes the following two aspects:1.In order to ensure the integrity of the Android system during the startup process,This thesis proposes and implements a method of Android system security startup based on TrustZone.From the perspective of trusted computing,according to the trusted system standard proposed by TCG,this thesis constructs a trust root and designs a startup trust chain for Android system to measure and verify the key static objects of the system layer,so as to ensure the integrity and credibility of the system during Android startup.Then we analyze the feasibility of this method from two aspects.The experimental results show that this method can detect malicious attacks against Android framework layer during the startup process and detect the self startup problem based on rootkit in time.The startup time is only 23.4%more than that of native Android.We considers that the performance loss is acceptable.2.In order to ensure the security of data encryption process and key static storage of Android system,this thesis designs and implements a data security encryption scheme of Android system based on TrustZone.According to the TEE standard specification and related protocols,we designs a reasonable encryption file structure to store the key in the secure environment.In addition,we design a data encryption module in TEE to ensure that the whole data encryption process will not leave the TEE.The experimental results show that the scheme can effectively guarantee the security of data encryption process and key storage.