|
Mobile device security is critical to millions of users and mobile operating system vulnerabilities can lead to exposure of sensitive data (e.g., passwords, credit card numbers, medical data) or compromise of sensitive operations (e.g., banking transactions). This research project is working to answer the following question: If the device's operating system is compromised, is it still possible to protect user's sensitive data and operations? The researchers are using new hardware technology, "Trusted Execution Environments (TEEs)," to enable such protection.
Many new processors offer a TEE, which is isolated from the normal operating system (OS) environment. Code and data inside the TEE is protected even when the OS running in the normal environment is compromised. In the mobile computing environment, only apps provided by the mobile system vendors are typically able to make use of the TEE, as some of the app logic must be installed within the TEE. This research project is developing techniques to enable device-neutral integration of third party apps with mobile TEEs, focusing on (1) app interaction with the TEE user interface, and (2) TEE-assisted interaction between app and server. The research team is designing interaction logic to hide TEE-specific details within the mobile OS, enabling third party app developers to use the TEE capabilities transparently from the mobile OS interface. The team is also designing app-to-cloud-server attestation techniques, to allow a mobile app to prove that communication (e.g., email, HTTP requests, phone calls, or SMS messages) was initiated by the app on the mobile device and not spoofed by a compromised mobile OS. The researchers are building their own TEE-enabled Android smartphone to support the security features developed by the project.
|
SaTC: CORE: Small: Expanding TrustZone: Enabling Mobile Apps to Transparently Leverage TrustZone for Attestation and Data Protection