seTPM: Towards Flexible Trusted Computing on Mobile Devices Based on GlobalPlatform Secure Elements

Insufficiently protected mobile devices present a ubiquitous threat. Due to severe hardware constraints, such as limited printed circuit board area, hardware-based security as proposed by the Trusted Computing Group is usually not part of mobile devices, yet. We present the design and implementation of seTPM, a secure element based TPM, utilizing Java Card technology. seTPM establishes trust in mobile devices by enabling Trusted Computing based integrity measurement services, such as IMA for Linux. Our prototype emulates TPM functionality on a GlobalPlatform secure element, which allows seamless integration into the Trusted Software Stack of Linux-based mobile operating systems like Android. With our work, we provide a solution to run Trusted Computing based security protocols while supplying a similar security level as provided by hardware TPM chips. In addition, due to the flexible design of the seTPM, we further increase the security level as we are able to selectively replace the outdated SHA-1 hash algorithm of TPM 1.2 specification by the present Keccak algorithm. Further, our architecture comprises hybrid support for the TPM 1.2 and TPM 2.0 specifications to simplify the transition towards the TPM 2.0 standard.