当前位置:
X-MOL 学术
›
Secur. Commun. Netw.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
TZ-MRAS: A Remote Attestation Scheme for the Mobile Terminal Based on ARM TrustZone
Security and Communication Networks Pub Date : 2020-09-23 , DOI: 10.1155/2020/1756130 Ziwang Wang 1 , Yi Zhuang 1 , Zujia Yan 1
Security and Communication Networks Pub Date : 2020-09-23 , DOI: 10.1155/2020/1756130 Ziwang Wang 1 , Yi Zhuang 1 , Zujia Yan 1
Affiliation
With the widespread use of mobile embedded devices in the Internet of Things, mobile office, and edge computing, security issues are becoming more and more serious. Remote attestation, one of the mobile security solutions, is a process of verifying the identity and integrity status of the remote computing device, through which the challenger determines whether the platform is trusted by discovering an unknown fingerprint. The remote attestation on the mobile terminal faces many security challenges presently because there is a lack of trusted roots, devices are heterogeneous, and hardware resources are strictly limited. To ARM’s mobile platform, we propose a mobile remote attestation scheme based on ARM TrustZone (TZ-MRAS), which uses the highest security authority of TrustZone to implement trusted attestation service. Compared with the existing mobile remote attestation scheme, it has the advantages of wide application, easy deployment, and low cost. To defend against the time-of-check-to-time-of-use (TOC-TOU) attack, we propose a probe-based dynamic integrity measurement model, ProbeIMA, which can dynamically detect unknown fingerprints that generate during kernel and process execution. Finally, according to the characteristics of the improved dynamic measurement model, that is, the ProbeIMA will expand the scale of the measurement dataset, an optimized stored measurement log construction algorithm based on the locality principle (LPSML) is proposed, which has the advantages of shortening the length of the authentication path and improving the verification efficiency of the platform configuration. As a proof of concept, we implemented a prototype for each service and made experimental evaluations. The experimental results show the proposed scheme has higher security and efficiency than some existing schemes.
中文翻译:
TZ-MRAS:基于ARM TrustZone的移动终端远程认证方案
随着物联网,移动办公和边缘计算中移动嵌入式设备的广泛使用,安全问题变得越来越严重。远程证明是移动安全解决方案之一,它是验证远程计算设备的身份和完整性状态的过程,质询者通过发现未知指纹来确定平台是否受信任。当前,由于缺少受信任的根,设备是异构的并且硬件资源受到严格限制,因此移动终端上的远程认证面临许多安全挑战。对于ARM的移动平台,我们提出了一种基于ARM TrustZone(TZ-MRAS)的移动远程证明方案,该方案使用TrustZone的最高安全性机构来实现信任的证明服务。与现有的移动远程认证方案相比,具有应用范围广,易于部署,成本低廉的优点。为了抵御使用时间检查(TOC-TOU)攻击,我们提出了一种基于探针的动态完整性测量模型ProbeIMA,该模型可动态检测内核和进程执行期间生成的未知指纹。最后,根据改进后的动态测量模型的特点,即ProbeIMA将扩展测量数据集的规模,提出了一种基于局部性原理的优化存储测量日志构建算法(LPSML),具有以下优点:缩短了认证路径的长度,提高了平台配置的验证效率。作为概念证明,我们为每种服务实施了原型,并进行了实验评估。实验结果表明,该方案比现有方案具有更高的安全性和效率。
更新日期:2020-09-23
中文翻译:
TZ-MRAS:基于ARM TrustZone的移动终端远程认证方案
随着物联网,移动办公和边缘计算中移动嵌入式设备的广泛使用,安全问题变得越来越严重。远程证明是移动安全解决方案之一,它是验证远程计算设备的身份和完整性状态的过程,质询者通过发现未知指纹来确定平台是否受信任。当前,由于缺少受信任的根,设备是异构的并且硬件资源受到严格限制,因此移动终端上的远程认证面临许多安全挑战。对于ARM的移动平台,我们提出了一种基于ARM TrustZone(TZ-MRAS)的移动远程证明方案,该方案使用TrustZone的最高安全性机构来实现信任的证明服务。与现有的移动远程认证方案相比,具有应用范围广,易于部署,成本低廉的优点。为了抵御使用时间检查(TOC-TOU)攻击,我们提出了一种基于探针的动态完整性测量模型ProbeIMA,该模型可动态检测内核和进程执行期间生成的未知指纹。最后,根据改进后的动态测量模型的特点,即ProbeIMA将扩展测量数据集的规模,提出了一种基于局部性原理的优化存储测量日志构建算法(LPSML),具有以下优点:缩短了认证路径的长度,提高了平台配置的验证效率。作为概念证明,我们为每种服务实施了原型,并进行了实验评估。实验结果表明,该方案比现有方案具有更高的安全性和效率。
京公网安备 11010802027423号