A Practical Hardware-Assisted Approach to Customize Trusted Boot for Mobile Devices

Javier Gonzales; Michael Hölzl; Peter Riedl; Philippe Bonnet; Rene Mayrhofer

doi:10.1007/978-3-319-13257-0_35

A Practical Hardware-Assisted Approach to Customize Trusted Boot for Mobile Devices

Javier Gonzales
, Michael Hölzl
, Peter Riedl
, Philippe Bonnet
, Rene Mayrhofer

Research Center Hagenberg

Publikation: Beitrag in Buch/Bericht/Tagungsband › Kapitel › Begutachtung

8 Zitate (Scopus)

Abstract

Current efforts to increase the security of the boot sequence for mobile devices fall into two main categories: (i) secure boot: where each stage in the boot sequence is evaluated, aborting the boot process if a non expected component attempts to be loaded; and (ii) trusted boot: where a log is maintained with the components that have been loaded in the boot process for later audit. The first approach is often criticized for locking down devices, thus reducing users’ freedom to choose software. The second lacks the mechanisms to enforce any form of run-time verification. In this paper, we present the architecture for a two-phase boot verification that addresses these shortcomings. In the first phase, at boot-time the integrity of the bootloader and OS images are verified and logged; in the second phase, at run-time applications can check the boot traces and verify that the running software satisfies their security requirements. This is a first step towards supporting usage control primitives for running applications. Our approach relies on off-the-shelf secure hardware that is available in a multitude of mobile devices: ARM TrustZone as a Trusted Execution Environment, and Secure Element as a tamper-resistant unit.

Originalsprache	Englisch
Titel	Information Security - 17th International Conference, ISC 2014, Proceedings
Redakteure/-innen	Sherman S.M. Chow, Jan Camenisch, Lucas C.K. Hui, Siu Ming Yiu
Herausgeber (Verlag)	Springer
Seiten	542-554
Seitenumfang	13
ISBN (elektronisch)	9783319132563
ISBN (Print)	978-3-319-13257-0
DOIs	https://doi.org/10.1007/978-3-319-13257-0_35
Publikationsstatus	Veröffentlicht - 2014
Veranstaltung	Information Security Conference (ISC) - Hong Kong, China Dauer: 12 Okt. 2014 → 14 Okt. 2014 http://isc14.ie.cuhk.edu.hk/

Publikationsreihe

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Band	8783
ISSN (Print)	0302-9743
ISSN (elektronisch)	1611-3349

Konferenz

Konferenz	Information Security Conference (ISC)
Land/Gebiet	China
Ort	Hong Kong
Zeitraum	12.10.2014 → 14.10.2014
Internetadresse	http://isc14.ie.cuhk.edu.hk/

Zugriff auf Dokument

10.1007/978-3-319-13257-0_35

Andere Dateien und Links

Link zur Publikation in Scopus

Zitieren

Gonzales, J., Hölzl, M., Riedl, P., Bonnet, P., & Mayrhofer, R. (2014). A Practical Hardware-Assisted Approach to Customize Trusted Boot for Mobile Devices. in S. S. M. Chow, J. Camenisch, L. C. K. Hui, & S. M. Yiu (Hrsg.), Information Security - 17th International Conference, ISC 2014, Proceedings (S. 542-554). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Band 8783). Springer. https://doi.org/10.1007/978-3-319-13257-0_35

Gonzales, Javier ; Hölzl, Michael ; Riedl, Peter et al. / A Practical Hardware-Assisted Approach to Customize Trusted Boot for Mobile Devices. Information Security - 17th International Conference, ISC 2014, Proceedings. Hrsg. / Sherman S.M. Chow ; Jan Camenisch ; Lucas C.K. Hui ; Siu Ming Yiu. Springer, 2014. S. 542-554 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inbook{1a1d4181313e45a6bc4c83e223bc0ffb,

title = "A Practical Hardware-Assisted Approach to Customize Trusted Boot for Mobile Devices",

abstract = "Current efforts to increase the security of the boot sequence for mobile devices fall into two main categories: (i) secure boot: where each stage in the boot sequence is evaluated, aborting the boot process if a non expected component attempts to be loaded; and (ii) trusted boot: where a log is maintained with the components that have been loaded in the boot process for later audit. The first approach is often criticized for locking down devices, thus reducing users{\textquoteright} freedom to choose software. The second lacks the mechanisms to enforce any form of run-time verification. In this paper, we present the architecture for a two-phase boot verification that addresses these shortcomings. In the first phase, at boot-time the integrity of the bootloader and OS images are verified and logged; in the second phase, at run-time applications can check the boot traces and verify that the running software satisfies their security requirements. This is a first step towards supporting usage control primitives for running applications. Our approach relies on off-the-shelf secure hardware that is available in a multitude of mobile devices: ARM TrustZone as a Trusted Execution Environment, and Secure Element as a tamper-resistant unit.",

keywords = "Secure boot, Secure element, Trusted boot, TrustZone",

author = "Javier Gonzales and Michael H{\"o}lzl and Peter Riedl and Philippe Bonnet and Rene Mayrhofer",

year = "2014",

doi = "10.1007/978-3-319-13257-0\_35",

language = "English",

isbn = "978-3-319-13257-0",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "542--554",

editor = "Chow, \{Sherman S.M.\} and Jan Camenisch and Hui, \{Lucas C.K.\} and Yiu, \{Siu Ming\}",

booktitle = "Information Security - 17th International Conference, ISC 2014, Proceedings",

address = "Germany",

note = "Information Security Conference (ISC) ; Conference date: 12-10-2014 Through 14-10-2014",

url = "http://isc14.ie.cuhk.edu.hk/",

}

Gonzales, J, Hölzl, M, Riedl, P, Bonnet, P & Mayrhofer, R 2014, A Practical Hardware-Assisted Approach to Customize Trusted Boot for Mobile Devices. in SSM Chow, J Camenisch, LCK Hui & SM Yiu (Hrsg.), Information Security - 17th International Conference, ISC 2014, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Bd. 8783, Springer, S. 542-554, Information Security Conference (ISC), Hong Kong, China, 12.10.2014. https://doi.org/10.1007/978-3-319-13257-0_35

A Practical Hardware-Assisted Approach to Customize Trusted Boot for Mobile Devices. / Gonzales, Javier; Hölzl, Michael; Riedl, Peter et al.
Information Security - 17th International Conference, ISC 2014, Proceedings. Hrsg. / Sherman S.M. Chow; Jan Camenisch; Lucas C.K. Hui; Siu Ming Yiu. Springer, 2014. S. 542-554 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Band 8783).

Publikation: Beitrag in Buch/Bericht/Tagungsband › Kapitel › Begutachtung

TY - CHAP

T1 - A Practical Hardware-Assisted Approach to Customize Trusted Boot for Mobile Devices

AU - Gonzales, Javier

AU - Hölzl, Michael

AU - Riedl, Peter

AU - Bonnet, Philippe

AU - Mayrhofer, Rene

PY - 2014

Y1 - 2014

N2 - Current efforts to increase the security of the boot sequence for mobile devices fall into two main categories: (i) secure boot: where each stage in the boot sequence is evaluated, aborting the boot process if a non expected component attempts to be loaded; and (ii) trusted boot: where a log is maintained with the components that have been loaded in the boot process for later audit. The first approach is often criticized for locking down devices, thus reducing users’ freedom to choose software. The second lacks the mechanisms to enforce any form of run-time verification. In this paper, we present the architecture for a two-phase boot verification that addresses these shortcomings. In the first phase, at boot-time the integrity of the bootloader and OS images are verified and logged; in the second phase, at run-time applications can check the boot traces and verify that the running software satisfies their security requirements. This is a first step towards supporting usage control primitives for running applications. Our approach relies on off-the-shelf secure hardware that is available in a multitude of mobile devices: ARM TrustZone as a Trusted Execution Environment, and Secure Element as a tamper-resistant unit.

AB - Current efforts to increase the security of the boot sequence for mobile devices fall into two main categories: (i) secure boot: where each stage in the boot sequence is evaluated, aborting the boot process if a non expected component attempts to be loaded; and (ii) trusted boot: where a log is maintained with the components that have been loaded in the boot process for later audit. The first approach is often criticized for locking down devices, thus reducing users’ freedom to choose software. The second lacks the mechanisms to enforce any form of run-time verification. In this paper, we present the architecture for a two-phase boot verification that addresses these shortcomings. In the first phase, at boot-time the integrity of the bootloader and OS images are verified and logged; in the second phase, at run-time applications can check the boot traces and verify that the running software satisfies their security requirements. This is a first step towards supporting usage control primitives for running applications. Our approach relies on off-the-shelf secure hardware that is available in a multitude of mobile devices: ARM TrustZone as a Trusted Execution Environment, and Secure Element as a tamper-resistant unit.

KW - Secure boot

KW - Secure element

KW - Trusted boot

KW - TrustZone

UR - https://www.scopus.com/pages/publications/84921803748

U2 - 10.1007/978-3-319-13257-0_35

DO - 10.1007/978-3-319-13257-0_35

M3 - Chapter

SN - 978-3-319-13257-0

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 542

EP - 554

BT - Information Security - 17th International Conference, ISC 2014, Proceedings

A2 - Chow, Sherman S.M.

A2 - Camenisch, Jan

A2 - Hui, Lucas C.K.

A2 - Yiu, Siu Ming

PB - Springer

T2 - Information Security Conference (ISC)

Y2 - 12 October 2014 through 14 October 2014

ER -

Gonzales J, Hölzl M, Riedl P, Bonnet P, Mayrhofer R. A Practical Hardware-Assisted Approach to Customize Trusted Boot for Mobile Devices. in Chow SSM, Camenisch J, Hui LCK, Yiu SM, Hrsg., Information Security - 17th International Conference, ISC 2014, Proceedings. Springer. 2014. S. 542-554. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-13257-0_35

A Practical Hardware-Assisted Approach to Customize Trusted Boot for Mobile Devices

Abstract

Publikationsreihe

Konferenz

Zugriff auf Dokument

Andere Dateien und Links

Fingerprint

Zitieren