Securing Smartphones: A µTCB Approach

Author

Gilad, Yossi ; Herzberg, Amir ; Trachtenberg, Ari

Author_Institution

Bar-Ilan Univ., Ramat-Gan, Israel

Volume

13

Issue

4

fYear

2014

fDate

Oct.-Dec. 2014

Firstpage

72

Lastpage

79

Abstract

As mobile phones have evolved into smartphones, with complex operating systems running third-party software, they have become increasingly vulnerable to malicious applications (malware). The authors introduce a new design for mitigating malware attacks against smartphone users based on a small trusted computing base module, denoted μTCB. The μTCB manages sensitive data and sensors and provides core services to applications, independently of the operating system. The user invokes μTCB by pressing a simple secure attention key that validates physical possession of the device and authorizes a sensitive action. This approach protects private information even if the device is infected with malware. This article presents a proof-of-concept implementation of μTCB based on ARM´s TrustZone, a secure execution environment increasingly found in smartphones. It also includes an evaluation of the implementation using simulations.

Keywords

invasive software; mobile computing; smart phones; trusted computing; μTCB approach; ARM TrustZone; complex operating systems; core services; malicious applications; malware attacks; mobile phones; operating system; physical possession; proof-of-concept implementation; securing smartphones; sensitive action; trusted computing base module; Computer architecture; Cryptography; Malware; Mobile communication; Mobile handsets; Smart phones; mobile; pervasive computing; security; security kernels; invasive software; smartphones; trusted physical interfaces;

fLanguage

English

Journal_Title

Pervasive Computing, IEEE

Publisher

ieee

ISSN

1536-1268

Type

jour

DOI

10.1109/MPRV.2014.72

Filename

6926719