Abstract
With the widespread use of mobile embedded devices in the Internet of Things, mobile office, and edge computing, security issues are becoming more and more serious. Remote attestation, one of the mobile security solutions, is a process of verifying the identity and integrity status of the remote computing device, through which the challenger determines whether the platform is trusted by discovering an unknown fingerprint. The remote attestation on the mobile terminal faces many security challenges presently because there is a lack of trusted roots, devices are heterogeneous, and hardware resources are strictly limited. To ARM’s mobile platform, we propose a mobile remote attestation scheme based on ARM TrustZone (TZ-MRAS), which uses the highest security authority of TrustZone to implement trusted attestation service. Compared with the existing mobile remote attestation scheme, it has the advantages of wide application, easy deployment, and low cost. To defend against the time-of-check-to-time-of-use (TOC-TOU) attack, we propose a probe-based dynamic integrity measurement model, ProbeIMA, which can dynamically detect unknown fingerprints that generate during kernel and process execution. Finally, according to the characteristics of the improved dynamic measurement model, that is, the ProbeIMA will expand the scale of the measurement dataset, an optimized stored measurement log construction algorithm based on the locality principle (LPSML) is proposed, which has the advantages of shortening the length of the authentication path and improving the verification efficiency of the platform configuration. As a proof of concept, we implemented a prototype for each service and made experimental evaluations. The experimental results show the proposed scheme has higher security and efficiency than some existing schemes.
Highlights
With the popularity of the Internet of ings, edge computing, and FIDO (Fast IDentity Online) devices, more and more enterprises are launching different devices to provide services to customers. e security-critical and privacy-sensitive data stored on these devices is increasing, and the security of mobile devices has caused great concern in the industry and academia
Aiming to implement remote credibility verification on the resource-constrained mobile terminal, we propose a TrustZone-based remote attestation scheme (TZMRAS), perform real-time integrity monitoring, and maintain the stored measurement log (SML) updates with low cost
(ii) We propose ProbeIMA, an approach that uses the probe-based mechanism to implement dynamic SML update, which provides an effective solution for achieving the binary-based remote attestation scheme against TOC-TOU attacks
Summary
With the popularity of the Internet of ings, edge computing, and FIDO (Fast IDentity Online) devices, more and more enterprises are launching different devices to provide services to customers. e security-critical and privacy-sensitive data stored on these devices is increasing, and the security of mobile devices has caused great concern in the industry and academia. Aiming to implement remote credibility verification on the resource-constrained mobile terminal, we propose a TrustZone-based remote attestation scheme (TZMRAS), perform real-time integrity monitoring, and maintain the SML updates with low cost. (ii) We propose ProbeIMA, an approach that uses the probe-based mechanism to implement dynamic SML update, which provides an effective solution for achieving the binary-based remote attestation scheme against TOC-TOU attacks. Xu et al [26] proposed a remote attestation mechanism based on the Merkle hash tree in which some module measurements are hidden and do not need to be reported To some extent, this method can avoid the privacy leak of the prover and improve the efficiency of verification but has a low construction efficiency. Aiming at the shortcoming of the mobile terminal integrity dynamical measurement and the lightweight SML mechanisms, we present a TrustZone-based innovation framework called TZ-MRAS, which has higher security and performance
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
