research-article

Building trusted path on untrusted device drivers for mobile devices

Authors:

Cheng-Kang Chu,

Tieyan LiAuthors Info & Claims

APSys '14: Proceedings of 5th Asia-Pacific Workshop on Systems

Article No.: 8, Pages 1 - 7

https://doi.org/10.1145/2637166.2637225

Published: 25 June 2014 Publication History

Abstract

Mobile devices are frequently used as terminals to interact with many security-critical services such as mobile payment and online banking. However, the large client software stack and the continuous proliferation of malware expose such interaction under various threats, including passive attacks like phishing and active ones like direct code manipulation. This paper proposes TrustUI, a new trusted path design for mobile devices that enables secure interaction between end users and services based on ARM's TrustZone technology. TrustUI is built with a combination of key techniques including cooperative randomization of the trusted path and secure delegation of network interaction. With such techniques, TrustUI not only requires no trust of the commodity software stack, but also takes a step further by excluding drivers for user-interacting devices like touch screen from its trusted computing base (TCB). Hence, TrustUI has a much smaller TCB, requires no access to device driver code, and may easily adapt to many devices. A prototype of TrustUI has been implemented on a Samsung Exynos 4412 board and evaluation shows that TrustUI provides strong protection of users interaction.

References

[1]

T6, an operating system for trustzone based trusted execution environment (tee) in arm-based systems. http://www.liwenhaosuper.com/projects/t6.

[2]

K. Borders and A. Prakash. Securing network input via a trusted input proxy. In Proc. USENIX HotSec, 2007.

Digital Library

[3]

L. Cai and H. Chen. Touchlogger: inferring keystrokes on touch screen from smartphone motion. In Proc. Usenix HotSec, 2011.

Digital Library

[4]

M. Jakobsson and H. Siadati. Spoofkiller: You can teach people how to pay, but not how to pay attention. In IEEE Workshop on Socio-Technical Aspects in Security and Trust, 2012.

Digital Library

[5]

M. Lange and S. Liebergeld. Crossover: secure and usable user interface for mobile devices with multiple isolated os personalities. In Proc. ACSAC, pages 249--257. ACM, 2013.

Digital Library

[6]

D. Liu and L. P. Cox. Veriui: Attested login for mobile devices. In Mobile Computing Systems and Applications, 2007. HotMobile 2014. Eighth IEEE Workshop on. IEEE, 2014.

Digital Library

[7]

D. Liu, E. Cuervo, V. Pistol, R. Scudellari, and L. P. Cox. Screen-pass: Secure password entry on touchscreen devices. In Proc. MobiSys, 2013.

Digital Library

[8]

L. Martignoni, P. Poosankam, M. Zaharia, J. Han, S. McCamant, D. Song, V. Paxson, A. Perrig, S. Shenker, and I. Stoica. Cloud terminal: secure access to sensitive applications from untrusted systems. In Proc. USENIX ATC, 2012.

Digital Library

[9]

J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An execution infrastructure for tcb minimization. In OS Review, volume 42, pages 315--328. ACM, 2008.

Digital Library

[10]

J. M. McCune, A. Perrig, and M. K. Reiter. Safe passage for passwords and other sensitive data. In NDSS, 2009.

[11]

Microsoft. How interactive logon works. http://technet.microsoft.com/en-us/library/cc780332(v=ws.10).aspx, Jan 2009.

[12]

N. Santos, H. Raj, S. Saroiu, and A. Wolman. Using arm trustzone to build a trusted language runtime for mobile applications. In Proc. ASPLOS. ACM, 2014.

Digital Library

[13]

T. Tong and D. Evans. GuarDroid: A Trusted Path for Password Entry. pages 1--10, Apr 2013.

[14]

X. Zhou, Y. Lee, N. Zhang, M. Naveed, and X. Wang. The peril of fragmentation: Security hazards in android device driver customizations. In IEEE Symposium on Security and Privacy, 2014.

Digital Library

[15]

Z. Zhou, V. D. Gligor, J. Newsome, and J. M. McCune. Building verifiable trusted path on commodity x86 computers. In IEEE Symposium on Security and Privacy, 2012.

Digital Library

Cited By

Park JPark S(2025)TM-Chain: TCB Measurement Management Using Cloud Blockchain for IoT DevicesIEEE Access10.1109/ACCESS.2025.352580713(8941-8950)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2025.3525807
Ishiguro JShinjo YSoyama A(2024)Controlled Copying of Persistent Data Between end Users' SGX Enclaves over an Untrusted Network2024 International Symposium on Parallel Computing and Distributed Systems (PCDS)10.1109/PCDS61776.2024.10743591(1-10)Online publication date: 21-Sep-2024
https://doi.org/10.1109/PCDS61776.2024.10743591
Yaoyong WGongxuan Z(2024)An Embedded System I/O Isolation Technology for Raspberry Pi2024 4th International Conference on Intelligent Technology and Embedded Systems (ICITES)10.1109/ICITES62688.2024.10777465(15-20)Online publication date: 20-Sep-2024
https://doi.org/10.1109/ICITES62688.2024.10777465
Show More Cited By

Index Terms

Building trusted path on untrusted device drivers for mobile devices

Recommendations

Mobile device security
InfoSecCD '04: Proceedings of the 1st annual conference on Information security curriculum development

Because of their small size, memory capability, and the case with which information can be downloaded and removed from a facility, mobile devices pose a risk to organizations when used and transported outside physical boundaries. Mobile devices, ...
Evaluating the technological characteristics and trust affecting mobile device usage

The Technology Acceptance Model was extended to explain the acceptance of mobile devices. The technological characteristics of mobile devices and trust were hypothesised as predictors of mobile device usage. The study of 212 mobile users indicate that ...
Mobile devices as multi-DOF controllers
3DUI '10: Proceedings of the 2010 IEEE Symposium on 3D User Interfaces

Conventional input devices such as the mouse and keyboard lack in intuitiveness when it comes to 3D manipulation tasks. In this paper, we explore the use of accelerometer and magnetometer equipped mobile phones as 3-DOF controllers in a 3D rotation ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

APSys '14: Proceedings of 5th Asia-Pacific Workshop on Systems

June 2014

98 pages

ISBN:9781450330244

DOI:10.1145/2637166

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Chinese Academy of Sciences

In-Cooperation

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 June 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

APSys'14

Sponsor:

APSys'14: Asia-Pacific Workshop on Systems

June 25 - 26, 2014

Beijing, China

Acceptance Rates

APSys '14 Paper Acceptance Rate 14 of 35 submissions, 40%;

Overall Acceptance Rate 169 of 430 submissions, 39%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

55
Total Citations
View Citations
583
Total Downloads

Downloads (Last 12 months)41
Downloads (Last 6 weeks)2

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Park JPark S(2025)TM-Chain: TCB Measurement Management Using Cloud Blockchain for IoT DevicesIEEE Access10.1109/ACCESS.2025.352580713(8941-8950)Online publication date: 2025
https://doi.org/10.1109/ACCESS.2025.3525807
Ishiguro JShinjo YSoyama A(2024)Controlled Copying of Persistent Data Between end Users' SGX Enclaves over an Untrusted Network2024 International Symposium on Parallel Computing and Distributed Systems (PCDS)10.1109/PCDS61776.2024.10743591(1-10)Online publication date: 21-Sep-2024
https://doi.org/10.1109/PCDS61776.2024.10743591
Yaoyong WGongxuan Z(2024)An Embedded System I/O Isolation Technology for Raspberry Pi2024 4th International Conference on Intelligent Technology and Embedded Systems (ICITES)10.1109/ICITES62688.2024.10777465(15-20)Online publication date: 20-Sep-2024
https://doi.org/10.1109/ICITES62688.2024.10777465
Van Eyck TMichiels SDu XHughes D(2024)NetReach: Guaranteed Network Availability and Reachability to enable Resilient Networks for Embedded Systems2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00032(242-244)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00032
Scopelliti GPouyanrad SNoorman JAlder FBaumann CPiessens FMühlberg J(2023)End-to-End Security for Distributed Event-driven Enclave Applications on Heterogeneous TEEsACM Transactions on Privacy and Security10.1145/359260726:3(1-46)Online publication date: 26-Jun-2023
https://dl.acm.org/doi/10.1145/3592607
Park HLin FFedorova ANarayanan DDi Luna GQuerzoni L(2023)Safe and Practical GPU Computation in TrustZoneProceedings of the Eighteenth European Conference on Computer Systems10.1145/3552326.3567483(505-520)Online publication date: 8-May-2023
https://dl.acm.org/doi/10.1145/3552326.3567483
Hwang DYeleuov SSeo JChung MMoon HPaek Y(2023)Ambassy: A Runtime Framework to Delegate Trusted Applications in an ARM/FPGA Hybrid SystemIEEE Transactions on Mobile Computing10.1109/TMC.2021.308614322:2(708-719)Online publication date: 1-Feb-2023
https://doi.org/10.1109/TMC.2021.3086143
Lu DShi MMa XLiu XGuo RZheng TShen YDong XMa J(2023)Smaug: A TEE-Assisted Secured SQLite for Embedded SystemsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.321602020:5(3617-3635)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TDSC.2022.3216020
Yuhala P(2023)Enhancing IoT Security and Privacy with Trusted Execution Environments and Machine Learning2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S)10.1109/DSN-S58398.2023.00047(176-178)Online publication date: Jun-2023
https://doi.org/10.1109/DSN-S58398.2023.00047
Schwarz F(2022)TrustedGateway: TEE-Assisted Routing and Firewall Enforcement Using ARM TrustZoneProceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3545948.3545961(56-71)Online publication date: 26-Oct-2022
https://dl.acm.org/doi/10.1145/3545948.3545961
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten