Trusted Computing Platforms: TCPA Technology in Context
Trusted Computing Platforms: TCPA Technology in Context
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Trust in a small package: minimized MRTM software implementation for mobile secure environments
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Practical property-based attestation on mobile devices
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Practical and lightweight domain isolation on Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
YouProve: authenticity and fidelity in mobile sensing
Proceedings of the 9th ACM Conference on Embedded Networked Sensor Systems
On leveraging stochastic models for remote attestation
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Defending users against smartphone apps: techniques and future directions
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
A sense of others: behavioral attestation of UNIX processes on remote platforms
Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication
POAuth: privacy-aware open authorization for native apps on smartphone platforms
Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication
Software abstractions for trusted sensors
Proceedings of the 10th international conference on Mobile systems, applications, and services
Mutual remote attestation: enabling system cloning for TPM based platforms
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Attestation of mobile baseband stacks
NSS'12 Proceedings of the 6th international conference on Network and System Security
Hi-index | 0.00 |
Increasing adoption of smartphones in recent times has begun to attract more and more malware writers towards these devices. Among the most prominent and widely adopted open source software stacks for smartphones is Android that comes with a strong security infrastructure for mobile devices. However, as with any remote platform, a service provider or device owner needs assurance that the device is in a trustworthy state before releasing sensitive information to it. Trusted Computing provides a mechanism of establishing such an assurance. Through remote attestation, TC allows a service provider or a device owner to determine whether the device is in a trusted state before releasing protected data to or storing private information on the phone. However, existing remote attestation techniques cannot be deployed on Android due to the unique, VM-based architecture of the software stack. In this paper, we present an attestation mechanism tailored specifically for Android that can measure the integrity of a device at two levels of granularity. Our approach allows a challenger to verify the integrity of Android not only at the operating system level but also that of code executing on top of the VM. We present the implementation details of our architecture and show through evaluation that our architecture is feasible both in terms of time complexity and battery consumption.