As the game industry is moving from PC to smartphone platforms, security problems related to mobile games are becoming critical. Considering the characteristics of mobile games such as having short life-cycles and high communication costs, the server/network-side security technologies designed for PC games are not appropriate for mobile games. In this study, we propose TZMon, a client-side game protection mechanism based on the ARM TrustZone, which protects the confidentiality and integrity of mobile games. TZMon is composed of application integrity protocol, secure update protocol, data hiding protocol, and timer synchronization protocol. To adequately safeguard game codes and data, TZMon is designed considering an environment of frequent communications with the game server, a stand-alone operation environment, and an unreliable environment using a rooted OS. Furthermore, flexibility is provided to game application developers who apply security policies by using the Java Native Interface (JNI). In this study, we use Android and the Open Portable Trusted Execution Environment (OPTEE) as the OS platforms for Normal World and Secure World, respectively. After implementing a full-featured prototype of TZMon, we apply it to several open-source mobile games. We prove through the experiments that the application of the proposed TZMon does not cause any noticeable performance degradation and can detect major cheating techniques of mobile games.
Read full abstract