Securing Mobile Systems GPS and Camera Functions Using TrustZone Framework

Ammar S. Salman, Wenliang (Kevin) Du

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Mobile phone devices constantly face new vulnerabilities for attackers to exploit. Many vulnerabilities allow attackers to gain full control over the operating system and thus putting security critical operations at risk. Mobile payment systems are gaining more traction and security countermeasures cannot rely on operating systems for protection. ARM TrustZone provides hardware-based security which is often used to protect key operations. In this work, we extended TrustZone functionality to offer robust security measures for specific I/O peripherals, namely, camera and location, to any application on demand. The work mainly ensures integrity of data retrieved by the peripherals. Applications that can utilize this functionality include merchant-presented QR payment systems, location attestation for payments and other applications. The work is designed to offer seamless integration for application developers, and transparency to end users. We demonstrated functionality on custom and modified existing applications. The added overhead is within expected margins. The work provides a feasible design for industrial implementations, where the vendors installed services do not need coordination with potential application developers, and that offers flexibility for both vendors and developers.

Original languageEnglish (US)
Title of host publicationIntelligent Computing - Proceedings of the 2021 Computing Conference
EditorsKohei Arai
PublisherSpringer Science and Business Media Deutschland GmbH
Pages868-884
Number of pages17
ISBN (Print)9783030801281
DOIs
StatePublished - 2021
EventComputing Conference, 2021 - Virtual, Online
Duration: Jul 15 2021Jul 16 2021

Publication series

NameLecture Notes in Networks and Systems
Volume285
ISSN (Print)2367-3370
ISSN (Electronic)2367-3389

Conference

ConferenceComputing Conference, 2021
CityVirtual, Online
Period7/15/217/16/21

Keywords

  • Android
  • ARM TrustZone
  • Attack surface
  • GPS
  • Mobile security
  • OP-TEE
  • QR payments
  • REE
  • Threat model
  • TruZ-Droid

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Signal Processing
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Securing Mobile Systems GPS and Camera Functions Using TrustZone Framework'. Together they form a unique fingerprint.

Cite this