1 / 1

Building Trusted Path on Untrusted Device Drivers for Mobile Devices

Building Trusted Path on Untrusted Device Drivers for Mobile Devices. Wenhao Li, Mingyang Ma, Jinchen Han, Yubin Xia, Binyu Zang , Cheng-Kang Chu, Tieyan Li Shanghai Jiao Tong University , Fudan University, China Huawei Technologies Pte Ltd, Singapore. Lack of Trusted Path in Mobile.

kera
Télécharger la présentation

Building Trusted Path on Untrusted Device Drivers for Mobile Devices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Building Trusted Path on Untrusted Device Drivers for Mobile Devices Wenhao Li, Mingyang Ma, Jinchen Han, Yubin Xia, BinyuZang, Cheng-Kang Chu, TieyanLi Shanghai Jiao Tong University, Fudan University, China Huawei Technologies Pte Ltd, Singapore Lack of Trusted Path in Mobile Using TrustZone for Security • Mobiles are used in security-critical services • Shopping, Payment, Online banking • Mobile OS are vulnerable • The Trusted Computing Base (TCB) is huge • Over 650,000 individual malware for Android • Malware can snoop touch input, network traffic and tamper with screen display • Users may ask • Are my input and screen output of the phone in a secure state? • Can security-critical applications run without OS trust? • TrustZone: A security extension introduced by ARM, widely deployed in mobile devices • Split CPU mode • normal world(ns), secure world(sw), monitor mode • Memory and peripheral protection • Configure regions of memory and peripherals as secure world accessible only • Interrupt and exception isolation • Each mode has its own exception table • Can configure interrupt as normal or secure Fig: Split CPU Mode with TrustZone Support Security Challenges Goals • Protect Communication between user and service • Secure process of display, input and network • Achieve Small TCB • leverage hardware feature: TrustZone • OS is untrusted, small trusted kernel in secure world • Reuse drivers of rich OS, but do not trust them • Potential Attacks • System Image Tempered ① • Screen capture attack ② • Framebuffer overlay attack ③ • Touch-logger attack ④ • Phishing attack ⑤ • Fake input data attack ⑥ • Network eavesdropping ⑦ Our Solution:TrustUI 1: • Overall Idea & Architecture • Extract critical app logic that handles display, touch input and network into secure world • Small Trusted Kernel in secure world: T61 • Driver Reuse • Wrap the unmodified driver(the backend) with a frontend, • Do not need include backend into TCB • LED & Display color randomization, ②, ③, ⑤ • LED accessible only in secure world • Tell user which world the system is in • Soft keyboard randomization④, ⑥ • Malware can not guess input from touch position • Network delegation, ⑦ • Protect the network communication with SSL • Secure Boot, ① • ROM  Secure Bootloader  TrustUI( : checked before loaded ) Background LED indicator Foreground LED indicator Screen Background Color Screen Foreground Color Fig: use LED to show display color Fig: TrustUI Architecture Fig: Keyboard Randomization 1http://www.liwenhaosuper.com/projects/t6

More Related