×

zbMATH — the first resource for mathematics

Secure application execution in mobile devices. (English) Zbl 1405.94078
Ryan, Peter Y. A. (ed.) et al., The new codebreakers. Essays dedicated to David Kahn on the occasion of his 85th birthday. Berlin: Springer (ISBN 978-3-662-49300-7/pbk; 978-3-662-49301-4/ebook). Lecture Notes in Computer Science 9100, 417-438 (2016).
Summary: Smart phones have rapidly become hand-held mobile devices capable of sustaining multiple applications. Some of these applications allow access to services including healthcare, financial, online social networks and are becoming common in the smart phone environment. From a security and privacy point of view, this seismic shift is creating new challenges, as the smart phone environment is becoming a suitable platform for security- and privacy-sensitive applications. The need for a strong security architecture for this environment is becoming paramount, especially from the point of view of Secure Application Execution (SAE). In this chapter, we explore SAE for applications on smart phone platforms, to ensure application execution is as expected by the application provider. Most of the proposed SAE proposals are based on having a secure and trusted embedded chip on the smart phone. Examples include the GlobalPlatform Trusted Execution Environment, M-Shield and Mobile Trusted Module. These additional hardware components, referred to as secure and trusted devices, provide a secure environment in which the applications can execute security-critical code and/or store data. These secure and trusted devices can become the target of malicious entities; therefore, they require a strong framework that will validate and guarantee the secure application execution. This chapter discusses how we can provide an assurance that applications executing on such devices are secure by validating the secure and trusted hardware.
For the entire collection see [Zbl 1334.94030].
MSC:
94A60 Cryptography
68M11 Internet topics
Software:
Diablo
PDF BibTeX XML Cite
Full Text: DOI
References:
[1] GlobalPlatform: GlobalPlatform Card Specification, Version 2.2 (2006)
[2] Java Card Platform Specification: Application Programming Interface, Runtime Environment Specification, Virtual Machine Specification (2006). http://java.sun.com/javacard/specs.html
[3] Device, G.: GPD/STIP Specification Overview, Specification Version 2.3, GlobalPlatform (2007)
[4] GlobalPlatform Device Technology: Device Application Security Management - Concepts and Description Document Specification. Online (2008)
[5] M-Shield Mobile Security Technology: Making Wireless Secure. Whilte Paper, Texas Instruments (2008). http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.eps
[6] TCG Mobile Trusted Module Specification. Online (2008)
[7] ARM Security Technology: Building a Secure System using TrustZone Technology. White Paper PRD29-GENC-009492C, ARM (2009)
[8] GlobalPlatform Device Technology: TEE System Architecture. Specification Version 0.4, GlobalPlatform (2011)
[9] Trusted Platform Module Main Specification
[10] Trusted Computing Group, Online (2011)
[11] Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS 2004), pp. 132–145. ACM, New York (2004). http://doi.acm.org/10.1145/1030083.1030103 , doi: 10.1145/1030083.1030103 · doi:10.1145/1030083.1030103
[12] Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold boot attacks on encryption keys. In: Proceedings of the 17th Conference on Security Symposium, pp. 45–60. USENIX Association, Berkeley, CA, USA (2008)
[13] Kostiainen, K., Ekberg, J.E., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: Proceedings of the 4th International Symposium on Information. Computer, and Communications Security (ASIACCS 2009), pp. 104–115. ACM, New York (2009). http://doi.acm.org/10.1145/1533057.1533074 · doi:10.1145/1533057.1533074
[14] Wilson, P., Frey, A., Mihm, T., Kershaw, D., Alves, T.: Implementing embedded security on dual-virtual-CPU systems. IEEE Des. Test Comput. 24, 582–591 (2007) · Zbl 05333964 · doi:10.1109/MDT.2007.196
[15] Muchnick, S.S.: Advanced Compiler Design and Implementation. Morgan Kaufmann, San Francisco (1997)
[16] Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. In: IACR Cryptology ePrint Archive (2004). http://eprint.iacr.org/2004/100
[17] Maebe, J., De Keulenaer, R., De Sutter, B., De Bosschere, K.: Mitigating smart card fault injection with link-time code rewriting: a feasibility study. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 221–229. Springer, Heidelberg (2013) · Zbl 06226327 · doi:10.1007/978-3-642-39884-1_19
[18] Defense Advanced Research Projects Agency: DARPA BAA06-40, A TRUST for Integrated Circuits Visited, September 2014
[19] Defense Science Board Task Force: High Performance Microchip Supply. http://www.acq.osd.mil/dsb/reports/ADA435563.eps . Accessed September 2014
[20] Lieberman, J.I.: The national security aspects of the global migration of the U.S. semiconductor industry. http://www.fas.org/irp/congress/2003_cr/s060503.html . Accessed September 2014
[21] Diablo: Diablo is a better link-time optimizer. https://diablo.elis.ugent.be/ . Accessed October 2014
[22] Oxford Dictionaries: Definition of obfuscate. http://www.oxforddictionaries.com/definition/english/obfuscate
[23] U.S. Department Of Commerce: Defense Industrial Base Assessment: Counterfeit Electronics. Bureau of Industry and Security, Office of Technology Evaluation. http://www.bis.doc.gov/defenseindustrialbaseprograms/osies/defmarketresearchrpts/final_counterfeit_electronics_report.eps . Accessed January 2010
[24] Koushanfar, F., Sadeghi, A.-R., Seudie, H.: EDA for secure and dependable cybercars: Challenges and opportunities. In: 49th ACM/EDAC/IEEE Design Automation Conference (DAC), pp. 220–228 (2012) · doi:10.1145/2228360.2228402
[25] Agrawal, D., Baktir, S., Karakoyunlu, D., Rohatgi, P., Sunar, B.: Trojan detection using IC fingerprinting. In: IEEE Symposium on Security and Privacy (SP 2007), pp. 296–310 (2007) · doi:10.1109/SP.2007.36
[26] Arora, D., Ravi, S., Raghunathan, A., Jha, N.K.: Secure embedded processing through hardware-assisted run-time monitoring. In: Design, Automation and Test in Europe, vol. 1, pp. 178–183 (2005). doi: 10.1109/DATE.2005.266 · doi:10.1109/DATE.2005.266
[27] Patel, K., Parameswaran, S., Shee, S.L.: Ensuring secure program execution in multiprocessor embedded systems: a case study. In: IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS), pp. 57–62 (2007) · doi:10.1145/1289816.1289833
[28] Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 388. Springer, Heidelberg (1999) · Zbl 0942.94501 · doi:10.1007/3-540-48405-1_25
[29] Vermoen, D., Witteman, M., Gaydadjiev, G.N.: Reverse engineering java card applets using power analysis. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 138–149. Springer, Heidelberg (2007) · doi:10.1007/978-3-540-72354-7_12
[30] Quisquater, J.-J., Samyde, D.: Automatic code recognition for smartcards using a kohonen neural network. In: CARDIS, USENIX 21–22 November, San Jose, CA, USA (2002)
[31] Eisenbarth, T., Paar, C., Weghenkel, B.: Building a side channel based disassembler. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds.) Transactions on Computational Science X. LNCS, vol. 6340, pp. 78–99. Springer, Heidelberg (2010) · Zbl 05834536 · doi:10.1007/978-3-642-17499-5_4
[32] Msgna, M., Markantonakis, K., Mayes, K.: Precise instruction-level side channel profiling of embedded processors. In: Huang, X., Zhou, J. (eds.) ISPEC 2014. LNCS, vol. 8434, pp. 129–143. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-06320-1_11 · Zbl 06400418 · doi:10.1007/978-3-319-06320-1_11
[33] Msgna, M., Markantonakis, K., Naccache, D., Mayes, K.: Verifying software integrity in embedded systems: a side channel approach. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 261–280. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-10175-0_18 · Zbl 1440.94069 · doi:10.1007/978-3-319-10175-0_18
[34] What is SHA-1. https://en.wikipedia.org/wiki/SHA-1
[35] Netlist Definition. Xilinx. http://www.xilinx.com/itp/xilinx10/help/iseguide/mergedProjects/constraints_editor/html/ce_d_netlist.htm
[36] iOS Security Sandbox white paper. https://www.cs.auckland.ac.nz/courses/compsci702s1c/lectures/rs-slides/6-iOS-SecuritySandbox.eps
[37] https://www.apple.com/privacy/docs/iOS_Security_Guide_Oct_2014.eps
[38] http://en.wikipedia.org/wiki/XNU
[39] http://en.wikipedia.org/wiki/Android
[40] http://developer.android.com/tools/publishing/app-signing.html
[41] http://developer.android.com/guide/topics/security/permissions.html
[42] What is MAC/DAC. https://www.internetsociety.org/sites/default/files/02_4.eps
[43] http://www.tclouds-project.eu/downloads/factsheets/tclouds-factsheet-07-attestation.eps
[44] Zeller, T.: The ghost in the CD; Sony BMG stirs a debate over software used to guard content, The New York Times, c1, November 14 (2005)
[45] http://en.wikipedia.org/wiki/CIH_(computer_virus)
[46] Gratzer, V., Naccache, D.: Alien vs. quine, the vanishing circuit and other tales from the industry’s crypt. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 48–58. Springer, Heidelberg (2006) · Zbl 1140.94342 · doi:10.1007/11761679_4
[47] Chevallier-Mames, B., Naccache, D., Paillier, P., Pointcheval, D.: How to disembed a program? In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 441–454. Springer, Heidelberg (2004) · Zbl 1104.68469 · doi:10.1007/978-3-540-28632-5_32
[48] Bellare, M., Garay, J.A., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998) · Zbl 0929.68053 · doi:10.1007/BFb0054130
[49] Benaloh, J.C., de Mare, M.: One-way accumulators: a decentralized alternative to digital signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 274–285. Springer, Heidelberg (1994) · Zbl 0951.94532 · doi:10.1007/3-540-48285-7_24
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.