The Trade-Off Between Performance and Security of Virtualized Trusted Execution Environment on Android

Abstract

Nowadays, with the significant growth of the mobile market, security issues on the Android Operation System have also become an urgent matter. Trusted execution environment (TEE) technologies are considered an option for satisfying the inviolable property by taking advantage of hardware security. However, for Android, TEE technologies still contain restrictions and limitations. The first issue is that non-original equipment manufacturer developers have limited access to the functionality of hardware-based TEE. Another issue of hardware-based TEE is the cross-platform problem. Since every mobile device supports different TEE vendors, it becomes an obstacle for developers to migrate their trusted applications to other Android devices. A software-based TEE solution is a potential approach that allows developers to customize, package and deliver the product efficiently. Motivated by that idea, this paper introduces a <b>VTEE</b> model, a software-based TEE solution, on Android devices. This research contributes to the analysis of the feasibility of using a virtualized TEE on Android devices by considering two metrics: computing performance and security. The experiment shows that the <b>VTEE</b> model can host other software-based TEE services and deliver various cryptography TEE functions on the Android environment. The security evaluation shows that adding the <b>VTEE</b> model to the existing Android does not add more security issues to the traditional design. Overall, this paper shows applicable solutions to adjust the balance between computing performance and security.