TruZ-Droid: Integrating TrustZone with mobile operating system

Kailiang Ying, Amit Ahlawat, Bilal Alsharifi, Yuexin Jiang, Priyank Thavai, Wenliang Du

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Mobile devices today provide a hardware-protected mode called Trusted Execution Environment (TEE) to help protect users from a compromised OS and hypervisor. Today TEE can only be leveraged either by vendor apps or by developers who work with the vendor. Since vendors consider third-party app code untrusted inside the TEE, to allow an app to leverage TEE, app developers have to write the app code in a tailored way to work with the vendor’s SDK. We proposed a novel design to integrate TEE with mobile OS to allow any app to leverage the TEE. Our design incorporates TEE support at the OS level, allowing apps to leverage the TEE without adding app-specific code into the TEE, and while using existing interface to interact with the mobile OS. We implemented our design, called TruZ-Droid, by integrating TrustZone TEE with the Android OS. TruZ-Droid allows apps to leverage the TEE to protect the following: (i) user’s secret input and confirmation, and (ii) sending of user’s secrets to the authorized server. We built a prototype using the TrustZone-enabled HiKey board to evaluate our design. We demonstrated TruZ-Droid’s effectiveness by adding new security features to existing apps to protect user’s sensitive information and attest user’s confirmation. TruZ-Droid’s real-world use case evaluation shows that apps can leverage TrustZone while using existing OS APIs. Our usability study proves that users can correctly interact with TruZ-Droid to protect their security sensitive activities and data.

Original languageEnglish (US)
Title of host publicationMobiSys 2018 - Proceedings of the 16th ACM International Conference on Mobile Systems, Applications, and Services
PublisherAssociation for Computing Machinery, Inc
Pages14-27
Number of pages14
ISBN (Electronic)9781450357203
DOIs
StatePublished - Jun 10 2018
Event16th ACM International Conference on Mobile Systems, Applications, and Services,MobiSys 2018 - Munich, Germany
Duration: Jun 10 2018Jun 15 2018

Other

Other16th ACM International Conference on Mobile Systems, Applications, and Services,MobiSys 2018
CountryGermany
CityMunich
Period6/10/186/15/18

Fingerprint

Application programs
Application programming interfaces (API)
Mobile devices
Servers
Hardware

Keywords

  • Android
  • TrustZone

ASJC Scopus subject areas

  • Information Systems
  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

Ying, K., Ahlawat, A., Alsharifi, B., Jiang, Y., Thavai, P., & Du, W. (2018). TruZ-Droid: Integrating TrustZone with mobile operating system. In MobiSys 2018 - Proceedings of the 16th ACM International Conference on Mobile Systems, Applications, and Services (pp. 14-27). Association for Computing Machinery, Inc. https://doi.org/10.1145/3210240.3210338

TruZ-Droid : Integrating TrustZone with mobile operating system. / Ying, Kailiang; Ahlawat, Amit; Alsharifi, Bilal; Jiang, Yuexin; Thavai, Priyank; Du, Wenliang.

MobiSys 2018 - Proceedings of the 16th ACM International Conference on Mobile Systems, Applications, and Services. Association for Computing Machinery, Inc, 2018. p. 14-27.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ying, K, Ahlawat, A, Alsharifi, B, Jiang, Y, Thavai, P & Du, W 2018, TruZ-Droid: Integrating TrustZone with mobile operating system. in MobiSys 2018 - Proceedings of the 16th ACM International Conference on Mobile Systems, Applications, and Services. Association for Computing Machinery, Inc, pp. 14-27, 16th ACM International Conference on Mobile Systems, Applications, and Services,MobiSys 2018, Munich, Germany, 6/10/18. https://doi.org/10.1145/3210240.3210338
Ying K, Ahlawat A, Alsharifi B, Jiang Y, Thavai P, Du W. TruZ-Droid: Integrating TrustZone with mobile operating system. In MobiSys 2018 - Proceedings of the 16th ACM International Conference on Mobile Systems, Applications, and Services. Association for Computing Machinery, Inc. 2018. p. 14-27 https://doi.org/10.1145/3210240.3210338
Ying, Kailiang ; Ahlawat, Amit ; Alsharifi, Bilal ; Jiang, Yuexin ; Thavai, Priyank ; Du, Wenliang. / TruZ-Droid : Integrating TrustZone with mobile operating system. MobiSys 2018 - Proceedings of the 16th ACM International Conference on Mobile Systems, Applications, and Services. Association for Computing Machinery, Inc, 2018. pp. 14-27
@inproceedings{cdb55ff44eda48758a48c4b4b0c03062,
title = "TruZ-Droid: Integrating TrustZone with mobile operating system",
abstract = "Mobile devices today provide a hardware-protected mode called Trusted Execution Environment (TEE) to help protect users from a compromised OS and hypervisor. Today TEE can only be leveraged either by vendor apps or by developers who work with the vendor. Since vendors consider third-party app code untrusted inside the TEE, to allow an app to leverage TEE, app developers have to write the app code in a tailored way to work with the vendor’s SDK. We proposed a novel design to integrate TEE with mobile OS to allow any app to leverage the TEE. Our design incorporates TEE support at the OS level, allowing apps to leverage the TEE without adding app-specific code into the TEE, and while using existing interface to interact with the mobile OS. We implemented our design, called TruZ-Droid, by integrating TrustZone TEE with the Android OS. TruZ-Droid allows apps to leverage the TEE to protect the following: (i) user’s secret input and confirmation, and (ii) sending of user’s secrets to the authorized server. We built a prototype using the TrustZone-enabled HiKey board to evaluate our design. We demonstrated TruZ-Droid’s effectiveness by adding new security features to existing apps to protect user’s sensitive information and attest user’s confirmation. TruZ-Droid’s real-world use case evaluation shows that apps can leverage TrustZone while using existing OS APIs. Our usability study proves that users can correctly interact with TruZ-Droid to protect their security sensitive activities and data.",
keywords = "Android, TrustZone",
author = "Kailiang Ying and Amit Ahlawat and Bilal Alsharifi and Yuexin Jiang and Priyank Thavai and Wenliang Du",
year = "2018",
month = "6",
day = "10",
doi = "10.1145/3210240.3210338",
language = "English (US)",
pages = "14--27",
booktitle = "MobiSys 2018 - Proceedings of the 16th ACM International Conference on Mobile Systems, Applications, and Services",
publisher = "Association for Computing Machinery, Inc",

}

TY - GEN

T1 - TruZ-Droid

T2 - Integrating TrustZone with mobile operating system

AU - Ying, Kailiang

AU - Ahlawat, Amit

AU - Alsharifi, Bilal

AU - Jiang, Yuexin

AU - Thavai, Priyank

AU - Du, Wenliang

PY - 2018/6/10

Y1 - 2018/6/10

N2 - Mobile devices today provide a hardware-protected mode called Trusted Execution Environment (TEE) to help protect users from a compromised OS and hypervisor. Today TEE can only be leveraged either by vendor apps or by developers who work with the vendor. Since vendors consider third-party app code untrusted inside the TEE, to allow an app to leverage TEE, app developers have to write the app code in a tailored way to work with the vendor’s SDK. We proposed a novel design to integrate TEE with mobile OS to allow any app to leverage the TEE. Our design incorporates TEE support at the OS level, allowing apps to leverage the TEE without adding app-specific code into the TEE, and while using existing interface to interact with the mobile OS. We implemented our design, called TruZ-Droid, by integrating TrustZone TEE with the Android OS. TruZ-Droid allows apps to leverage the TEE to protect the following: (i) user’s secret input and confirmation, and (ii) sending of user’s secrets to the authorized server. We built a prototype using the TrustZone-enabled HiKey board to evaluate our design. We demonstrated TruZ-Droid’s effectiveness by adding new security features to existing apps to protect user’s sensitive information and attest user’s confirmation. TruZ-Droid’s real-world use case evaluation shows that apps can leverage TrustZone while using existing OS APIs. Our usability study proves that users can correctly interact with TruZ-Droid to protect their security sensitive activities and data.

AB - Mobile devices today provide a hardware-protected mode called Trusted Execution Environment (TEE) to help protect users from a compromised OS and hypervisor. Today TEE can only be leveraged either by vendor apps or by developers who work with the vendor. Since vendors consider third-party app code untrusted inside the TEE, to allow an app to leverage TEE, app developers have to write the app code in a tailored way to work with the vendor’s SDK. We proposed a novel design to integrate TEE with mobile OS to allow any app to leverage the TEE. Our design incorporates TEE support at the OS level, allowing apps to leverage the TEE without adding app-specific code into the TEE, and while using existing interface to interact with the mobile OS. We implemented our design, called TruZ-Droid, by integrating TrustZone TEE with the Android OS. TruZ-Droid allows apps to leverage the TEE to protect the following: (i) user’s secret input and confirmation, and (ii) sending of user’s secrets to the authorized server. We built a prototype using the TrustZone-enabled HiKey board to evaluate our design. We demonstrated TruZ-Droid’s effectiveness by adding new security features to existing apps to protect user’s sensitive information and attest user’s confirmation. TruZ-Droid’s real-world use case evaluation shows that apps can leverage TrustZone while using existing OS APIs. Our usability study proves that users can correctly interact with TruZ-Droid to protect their security sensitive activities and data.

KW - Android

KW - TrustZone

UR - http://www.scopus.com/inward/record.url?scp=85051550662&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85051550662&partnerID=8YFLogxK

U2 - 10.1145/3210240.3210338

DO - 10.1145/3210240.3210338

M3 - Conference contribution

AN - SCOPUS:85051550662

SP - 14

EP - 27

BT - MobiSys 2018 - Proceedings of the 16th ACM International Conference on Mobile Systems, Applications, and Services

PB - Association for Computing Machinery, Inc

ER -