An Architecture for Virtualization-Based Trusted Execution Environment on Mobile Devices

In this paper, we present an architecture for a trusted execution environment on mobile devices that allows applications with a wide range of security requirements to run safely in an isolated environment, by using a mobile virtualization technology. These applications can take advantage of the semantics of running on secure area which is isolated from non-secure area that suffers from hacking, malignant code, or the like, while retaining the ability to run side-by-side with normal applications on a general execution environment. We achieve this synthesis by use of a mobile virtual machine monitor (mVMM) that partitions single mobile hardware platform into the separated and isolated virtual machines (VMs), providing the trusted execution environment and the trusted paths. In VM on which the secure OS runs, authentication credentials (e.g. Private keys) for electronic transactions and security sensitive data are stored and security sensitive processing is executed with no external network interfaces provided and only with a secure communication channel provided by mVMM. We explore the strengths and limitations of this architecture by describing and analyzing our prototype implementation and a simple mobile payment service that can be one of the important applications for the trusted execution environment. Through the architecture analysis, the proposed architecture can provide a reasonably trustworthy execution environment to a user in the run-time execution point of view.

[1]  H. Harb,et al.  SecureSMSPay: Secure SMS Mobile Payment model , 2008, 2008 2nd International Conference on Anti-counterfeiting, Security and Identification.

[2]  E. Heindl,et al.  Mobile Payment , 2021, Fintech Regulation in China.

[3]  Lei da Chen,et al.  A model of consumer acceptance of mobile payment , 2008, Int. J. Mob. Commun..

[4]  Chris I. Dalton,et al.  Separating hypervisor trusted computing base supported by hardware , 2010, STC '10.

[5]  Bernd W. Wirtz,et al.  Understanding consumer acceptance of mobile payment services: An empirical analysis , 2010, Electron. Commer. Res. Appl..

[6]  Claudio Soriente,et al.  Secure enrollment and practical migration for mobile trusted execution environments , 2013, SPSM '13.

[7]  Stamatis Karnouskos,et al.  Mobile payment: A journey through existing procedures and standardization initiatives , 2004, IEEE Communications Surveys & Tutorials.

[8]  Manoj A. Thomas,et al.  Mobile Payment , 2013, Springer Fachmedien Wiesbaden.

[9]  Gernot Heiser,et al.  The OKL4 microvisor: convergence point of microkernels and hypervisors , 2010, APSys '10.

[10]  Claudia Eckert,et al.  An Approach to a Trustworthy System Architecture Using Virtualization , 2007, ATC.

[11]  James Newsome,et al.  Trustworthy Execution on Mobile Devices: What Security Properties Can My Mobile Platform Give Me? , 2012, TRUST.

[12]  Bala Srinivasan,et al.  A secure account-based mobile payment protocol , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[13]  Sugata Sanyal,et al.  A Multi-Factor Security Protocol for Wireless Payment - Secure Web Authentication using Mobile Devices , 2011, ArXiv.

[14]  Robert P. Goldberg,et al.  Formal requirements for virtualizable third generation architectures , 1973, SOSP 1973.

[15]  SchierzPaul Gerhardt,et al.  Understanding consumer acceptance of mobile payment services , 2010 .

[16]  Ik Rae Jeong,et al.  Relations among Security Models for Authenticated Key Exchange , 2014 .

[17]  Xiaomin Zhu,et al.  A system model and protocol for mobile payment , 2005, IEEE International Conference on e-Business Engineering (ICEBE'05).

[18]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[19]  Gerald J. Popek,et al.  Formal requirements for virtualizable third generation architectures , 1974, SOSP '73.

[20]  Dongho Won,et al.  A Practical Analysis of Smartphone Security , 2011, HCI.

[21]  Jason Nieh,et al.  KVM/ARM: the design and implementation of the linux ARM hypervisor , 2014, ASPLOS.