Abstract
Android system has been one of the main targets of hacker attacks for a long time. At present, it is faced with security risks such as privilege escalation attacks, image tampering, and malicious programs. In view of the above risks, the current detection of the application layer can no longer guarantee the security of the Android system. The security of mobile terminals needs to be fully protected from the bottom to the top, and the consistency test of the hardware system is realized from the hardware layer of the terminal. However, there is not a complete set of security measures to ensure the reliability and integrity of the Android system at present. Therefore, from the perspective of trusted computing, this paper proposes and implements a trusted static measurement method of the Android system based on TrustZone to protect the integrity of the system layer and provide a trusted underlying environment for the detection of the Android application layer. This paper analyzes from two aspects of security and efficiency. The experimental results show that this method can detect the Android system layer privilege escalation attack and discover the rootkit that breaks the integrity of the Android kernel in time during the startup process, and the performance loss of this method is within the acceptable range.
Highlights
In recent years, with the rapid development of mobile Internet technology, the number of users using Android mobile devices has increased rapidly
For the protection of attacks, most of the current research is in the application layer [10,11,12,13,14,15,16], but these solutions cannot fundamentally solve the security problems encountered by the current mobile terminal, and the terminal may still be threatened by malicious attackers and malware, so we should start from the system layer of the mobile intelligent terminal and build a secure and reliable mobile terminal system from bottom to top to ensure the security of intelligent terminal
From the perspective of trusted computing, this paper proposes and implements a trust static measurement method for the Android system based on TrustZone, which takes bl1.bin image in ARM trusted firmware (ATF) as the trusted root, combines TrustZone technology with the Android system, and measures the kernel modules and executable files in the system startup process statically, and extends the trusted root to the Android system application framework layer that provides a reliable underlying environment for the detection of the Android system application layer
Summary
With the rapid development of mobile Internet technology, the number of users using Android mobile devices has increased rapidly. By 2018, the share of the Android system in the global smartphone has reached 85% [1]. According to CVE details [2], in 2017 and 2016, the vulnerability of the Android operating system was 842 and 523, respectively. According to the classification of these vulnerabilities in literature [3], the ratio of kernel vulnerabilities and standard libraries is the largest, accounting for 41% and 32%, respectively. The Android system is mainly faced with cross script attack, privilege promotion attack, malware attack, privacy stealing attack, replay attack, communication attack, NFC attack, denial of service attack, etc. For the protection of attacks, most of the current research is in the application layer [10,11,12,13,14,15,16], but these solutions cannot fundamentally solve the security problems encountered by the current mobile terminal, and the terminal may still be threatened by malicious attackers and malware, so we should start from the system layer of the mobile intelligent terminal and build a secure and reliable mobile terminal system from bottom to top to ensure the security of intelligent terminal
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
