TZ-MRAS: A Remote Attestation Scheme for the Mobile Terminal Based on ARM TrustZone

Author:

Wang Ziwang1,Zhuang Yi1ORCID,Yan Zujia1

Affiliation:

1. Department of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 210008, China

Abstract

With the widespread use of mobile embedded devices in the Internet of Things, mobile office, and edge computing, security issues are becoming more and more serious. Remote attestation, one of the mobile security solutions, is a process of verifying the identity and integrity status of the remote computing device, through which the challenger determines whether the platform is trusted by discovering an unknown fingerprint. The remote attestation on the mobile terminal faces many security challenges presently because there is a lack of trusted roots, devices are heterogeneous, and hardware resources are strictly limited. To ARM’s mobile platform, we propose a mobile remote attestation scheme based on ARM TrustZone (TZ-MRAS), which uses the highest security authority of TrustZone to implement trusted attestation service. Compared with the existing mobile remote attestation scheme, it has the advantages of wide application, easy deployment, and low cost. To defend against the time-of-check-to-time-of-use (TOC-TOU) attack, we propose a probe-based dynamic integrity measurement model, ProbeIMA, which can dynamically detect unknown fingerprints that generate during kernel and process execution. Finally, according to the characteristics of the improved dynamic measurement model, that is, the ProbeIMA will expand the scale of the measurement dataset, an optimized stored measurement log construction algorithm based on the locality principle (LPSML) is proposed, which has the advantages of shortening the length of the authentication path and improving the verification efficiency of the platform configuration. As a proof of concept, we implemented a prototype for each service and made experimental evaluations. The experimental results show the proposed scheme has higher security and efficiency than some existing schemes.

Funder

National Natural Science Foundation of China

Publisher

Hindawi Limited

Subject

Computer Networks and Communications,Information Systems

Cited by 7 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

1. SoK: A Systematic Review of TEE Usage for Developing Trusted Applications;Proceedings of the 18th International Conference on Availability, Reliability and Security;2023-08-29

2. Construction of intelligent terminal equipment for Electric Internet of Things based on edge computing model;Applied Mathematics and Nonlinear Sciences;2023-06-06

3. Investigating TrustZone: A Comprehensive Analysis;Security and Communication Networks;2023-04-14

4. TZEAMM: An Efficient and Secure Active Measurement Method Based on TrustZone;Security and Communication Networks;2023-01-31

5. RAS2P: Remote Attestation via Self-Measurement for SGX-based Platforms;2022 IEEE International Conference on Systems, Man, and Cybernetics (SMC);2022-10-09

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3