OCRAM-Assisted Sensitive Data Protection on ARM-Based Platform

On mobile devices, security-sensitive tasks (e.g., mobile payment, one-time password) involve not only sensitive data such as cryptographic keying material, but also sensitive I/O operations such as inputting PIN code via touchscreen and showing the authentication verification code on the display. Therefore, a comprehensive protection of these services should enforce a Trusted User Interface (TUI) to protect the sensitive user inputs and system outputs, in addition to preventing both software attacks and physical memory disclosure attacks. In this paper, we present an On-Chip RAM (OCRAM) assisted sensitive data protection mechanism named Oath on ARM-based platform to protect the sensitive data, particularly, sensitive I/O data, against both software attacks and physical memory disclosure attacks. The basic idea is to store and process the sensitive data in the OCRAM that is only accessible to the TrustZone secure world. After figuring out how to enable TrustZone protection for iRAM, we develop a trusted user interface with an OCRAM allocation mechanism to efficiently share the OCRAM between the secure OS and the rich OS. A prototype implemented on the OP-TEE system shows that Oath works well and has a small system overhead.

[1]  Alec Wolman,et al.  Using ARM trustzone to build a trusted language runtime for mobile applications , 2014, ASPLOS.

[2]  Tilo Müller,et al.  FROST - Forensic Recovery of Scrambled Telephones , 2013, ACNS.

[3]  Tilman Wolf,et al.  Reconfigurable Hardware for High-Security/ High-Performance Embedded Systems: The SAFES Perspective , 2008, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[4]  Peng Ning,et al.  SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms , 2011, CCS '11.

[5]  Patrick Simmons,et al.  Security through amnesia: a software-based solution to the cold boot attack on disk encryption , 2011, ACSAC '11.

[6]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[7]  Kang G. Shin,et al.  Using hypervisor to provide data secrecy for user applications on a per-page basis , 2008, VEE '08.

[8]  Zhi Wang,et al.  HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity , 2010, 2010 IEEE Symposium on Security and Privacy.

[9]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[10]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[11]  Carter Bays,et al.  A comparison of next-fit, first-fit, and best-fit , 1977, CACM.

[12]  Jingqiang Lin,et al.  Copker: Computing with Private Keys without RAM , 2014, NDSS.

[13]  Brent Byunghoon Kang,et al.  SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment , 2015, NDSS.

[14]  Yuewu Wang,et al.  TrustICE: Hardware-Assisted Isolated Computing Environments on Mobile Devices , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[15]  Yue Chen,et al.  ARMlock: Hardware-based Fault Isolation for ARM , 2014, CCS.

[16]  Alec Wolman,et al.  Protecting Data on Smartphones and Tablets from Memory Attacks , 2015, ASPLOS.

[17]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[18]  Quan Chen,et al.  Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World , 2014, CCS.

[19]  Adrian Perrig,et al.  Lockdown: Towards a Safe and Practical Architecture for Security Applications on Commodity Platforms , 2012, TRUST.

[20]  Yubin Xia,et al.  AdAttester: Secure Online Mobile Advertisement Attestation Using TrustZone , 2015, MobiSys.

[21]  Claudio Soriente,et al.  Smartphones as Practical and Secure Location Verification Tokens for Payments , 2014, NDSS.

[22]  Andreas Dewald,et al.  TRESOR Runs Encryption Securely Outside RAM , 2011, USENIX Security Symposium.

[23]  Dan Tsafrir,et al.  True IOMMU Protection from DMA Attacks: When Copy is Faster than Zero Copy , 2016 .

[24]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[25]  Yuewu Wang,et al.  TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens , 2015, CCS.

[26]  Trent Jaeger,et al.  TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone , 2017, MobiSys.

[27]  Ning Zhang,et al.  CaSE: Cache-Assisted Secure Execution on ARM Processors , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[28]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[29]  Johannes Götzfried,et al.  ARMORED: CPU-Bound Encryption for Android-Driven ARM Devices , 2013, 2013 International Conference on Availability, Reliability and Security.

[30]  Emmett Witchel,et al.  InkTag: secure applications on an untrusted operating system , 2013, ASPLOS '13.

[31]  Yubin Xia,et al.  Building trusted path on untrusted device drivers for mobile devices , 2014, APSys.

[32]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[33]  Tilo Müller,et al.  PRIME: private RSA infrastructure for memory-less encryption , 2013, ACSAC.