Abstract
In recent years, the use of mobile devices including smartphones has increased significantly all over the world, and e-commerce using smartphones has also greatly increased. Furthermore, many people are using their smartphones to carry out certain aspects of their work according to the BYOD trend. Therefore, it is extremely important that mobile device users are authenticated securely by remote servers when using their smartphones. Digital certificates are one of the many solutions available for authentication, but they are easy to copy and leak. Mobile device services need to properly manage registered devices and users, and trusted means of authenticating their identities are needed. In this paper, we propose a secure certificate-based user authentication framework using the trusted mobile zone (TMZ) system into which the trusted platform is built. The TMZ system is a secure mobile device into which a hypervisor is built on the mobile device, and in which the hypervisor separates the mobile device into a normal zone and a secure zone. Android OS operates in the normal zone on the TMZ systems, and secure OS is run in the secure zone at the same time. The trusted platform is built in the normal zone and the secure zone in order to provide the user with secure services. In this paper, we propose a TMZ system founded on the TEE system of the global platform. The TMZ system provides a secure execution environment in which to store sensitive data and execute security functions securely. In conclusion, we describe the experimental results of generating the signature data in the TMZ system.
Highlights
The use of smartphones has increased dramatically in the last few years
We describe a Trusted Execution Environment (TEE)-based Trusted Mobile Zone (TMZ) system that builds the trusted platform into mobile devices using virtualization technology, and propose a secure certificate-based user authentication framework using the trusted mobile zone (TMZ) system that can increase the reliability of the authentication process performed for mobile devices in mobile networks
The TMZ system, including the trusted platform, provides security applications with a secure user authentication service within a secure execution environment that is isolated from the normal zone, where numerous threats such as malware, spyware, and viruses exist [22, 23]
Summary
The use of smartphones has increased dramatically in the last few years. the report of Strategy Analytics stated that universal smartphone shipments had increased by 12 % each year, reaching the record figure of 1.4 billion units in 2015 [1]. Since the development of mobile communications and the dissemination of mobile devices have rapidly grown and the services based on mobility have been increased, the authentication of users or mobile devices in mobile networks is very important. Traditional authentication methods such as the username and password are used in many cases of user authentication by a remote authentication server. We describe a TEE-based Trusted Mobile Zone (TMZ) system that builds the trusted platform into mobile devices using virtualization technology, and propose a secure certificate-based user authentication framework using the TMZ system that can increase the reliability of the authentication process performed for mobile devices in mobile networks. The protection of the private key through hardware such as TrustZone or HSM can provide more secure authentication, but the TMZ system coupled with the trusted platform provides a structure that increases the strength of security through software only, without the cost of additional hardware
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
