SaTC: CORE: Small: Expanding TrustZone: Enabling Mobile Apps to Transparently Leverage TrustZone for Attestation and Data Protection

SaTC：核心：小型：扩展 TrustZone：使移动应用程序能够透明地利用 TrustZone 进行证明和数据保护

• 批准号: 1718086
• 负责人: Wenliang Du
• 金额: $ 49.73万
• 依托单位: Syracuse University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-08-15 至 2021-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1718086&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Expanding; TrustZone

Mobile device security is critical to millions of users and mobile operating system vulnerabilities can lead to exposure of sensitive data (e.g., passwords, credit card numbers, medical data) or compromise of sensitive operations (e.g., banking transactions). This research project is working to answer the following question: If the device's operating system is compromised, is it still possible to protect user's sensitive data and operations? The researchers are using new hardware technology, "Trusted Execution Environments (TEEs)," to enable such protection.Many new processors offer a TEE, which is isolated from the normal operating system (OS) environment. Code and data inside the TEE is protected even when the OS running in the normal environment is compromised. In the mobile computing environment, only apps provided by the mobile system vendors are typically able to make use of the TEE, as some of the app logic must be installed within the TEE. This research project is developing techniques to enable device-neutral integration of third party apps with mobile TEEs, focusing on (1) app interaction with the TEE user interface, and (2) TEE-assisted interaction between app and server. The research team is designing interaction logic to hide TEE-specific details within the mobile OS, enabling third party app developers to use the TEE capabilities transparently from the mobile OS interface. The team is also designing app-to-cloud-server attestation techniques, to allow a mobile app to prove that communication (e.g., email, HTTP requests, phone calls, or SMS messages) was initiated by the app on the mobile device and not spoofed by a compromised mobile OS. The researchers are building their own TEE-enabled Android smartphone to support the security features developed by the project.

移动设备安全对数百万用户至关重要，移动操作系统漏洞可能导致敏感数据(例如密码、信用卡号码、医疗数据)泄露或敏感操作(例如银行交易)受损。这项研究项目致力于回答以下问题：如果设备的操作系统被攻破，还有可能保护用户的敏感数据和操作吗？研究人员正在使用新的硬件技术“可信执行环境(TEE)”来实现这种保护。许多新处理器提供了与正常操作系统(OS)环境隔离的TEE。即使在正常环境中运行的操作系统受到威胁，TEE内的代码和数据也会受到保护。在移动计算环境中，只有移动系统供应商提供的应用程序通常能够使用TEE，因为一些应用程序逻辑必须安装在TEE内。该研究项目正在开发技术，以实现第三方应用程序与移动TEE的设备中立集成，重点是(1)应用程序与TEE用户界面的交互，以及(2)应用程序与服务器之间的TEE辅助交互。研究团队正在设计交互逻辑，以隐藏移动操作系统中特定于TEE的细节，使第三方应用程序开发人员能够从移动操作系统界面透明地使用TEE功能。该团队还在设计应用程序到云服务器的认证技术，以允许移动应用程序证明通信(例如，电子邮件、HTTP请求、电话或短信)是由移动设备上的应用程序发起的，而不是被受攻击的移动操作系统欺骗。研究人员正在打造自己的支持TEE的Android智能手机，以支持该项目开发的安全功能。

项目成果

TruZ-View: Developing TrustZone User Interface for Mobile OS Using Delegation Integration Model

• DOI: 10.1145/3292006.3300035
• 发表时间: 2019-03
• 期刊: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy
• 作者: Kailiang Ying;Priyank Thavai;Wenliang Du

Protecting Sensitive Data in Android SQLite Databases Using TrustZone

使用 TrustZone 保护 Android SQLite 数据库中的敏感数据

• 发表时间: 2018
• 期刊: 2018 International Conference on Security & Management
• 作者: Francis Akowuah, Amit Ahlawat

TruzCall: Secure VoIP Calling on Android using ARM TrustZone

• DOI: 10.1109/mobisecserv48690.2020.9042945
• 发表时间: 2020-02
• 期刊: 2020 Sixth International Conference on Mobile And Secure Services (MobiSecServ)
• 作者: A. Ahlawat;Wenliang Du

TruZ-Droid: Integrating TrustZone with Mobile Operating System

• DOI: 10.1145/3210240.3210338
• 发表时间: 2018-06
• 期刊: Proceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services
• 作者: Kailiang Ying;A. Ahlawat;B. Alsharifi;Yuexin Jiang;Priyank Thavai;Wenliang Du