Skip to main content
SpringerLink
Log in

Secure Application Execution in Mobile Devices

  • Chapter
  • First Online:
The New Codebreakers

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9100))

Abstract

Smart phones have rapidly become hand-held mobile devices capable of sustaining multiple applications. Some of these applications allow access to services including healthcare, financial, online social networks and are becoming common in the smart phone environment. From a security and privacy point of view, this seismic shift is creating new challenges, as the smart phone environment is becoming a suitable platform for security- and privacy-sensitive applications. The need for a strong security architecture for this environment is becoming paramount, especially from the point of view of Secure Application Execution (SAE). In this chapter, we explore SAE for applications on smart phone platforms, to ensure application execution is as expected by the application provider. Most of the proposed SAE proposals are based on having a secure and trusted embedded chip on the smart phone. Examples include the GlobalPlatform Trusted Execution Environment, M-Shield and Mobile Trusted Module. These additional hardware components, referred to as secure and trusted devices, provide a secure environment in which the applications can execute security-critical code and/or store data. These secure and trusted devices can become the target of malicious entities; therefore, they require a strong framework that will validate and guarantee the secure application execution. This chapter discusses how we can provide an assurance that applications executing on such devices are secure by validating the secure and trusted hardware.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The memory or communication buses mentioned are between a TPM and other components on a motherboard, rather than the on-chip memory and communication buses.

  2. 2.

    A list of logic gates and a textual description of their interconnections which make up an electronic circuit.

References

  1. GlobalPlatform: GlobalPlatform Card Specification, Version 2.2 (2006)

    Google Scholar 

  2. Java Card Platform Specification: Application Programming Interface, Runtime Environment Specification, Virtual Machine Specification (2006). http://java.sun.com/javacard/specs.html

  3. Device, G.: GPD/STIP Specification Overview, Specification Version 2.3, GlobalPlatform (2007)

    Google Scholar 

  4. GlobalPlatform Device Technology: Device Application Security Management - Concepts and Description Document Specification. Online (2008)

    Google Scholar 

  5. M-Shield Mobile Security Technology: Making Wireless Secure. Whilte Paper, Texas Instruments (2008). http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.eps

  6. TCG Mobile Trusted Module Specification. Online (2008)

    Google Scholar 

  7. ARM Security Technology: Building a Secure System using TrustZone Technology. White Paper PRD29-GENC-009492C, ARM (2009)

    Google Scholar 

  8. GlobalPlatform Device Technology: TEE System Architecture. Specification Version 0.4, GlobalPlatform (2011)

    Google Scholar 

  9. Trusted Platform Module Main Specification

    Google Scholar 

  10. Trusted Computing Group, Online (2011)

    Google Scholar 

  11. Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS 2004), pp. 132–145. ACM, New York (2004). http://doi.acm.org/10.1145/1030083.1030103, doi:10.1145/1030083.1030103

  12. Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold boot attacks on encryption keys. In: Proceedings of the 17th Conference on Security Symposium, pp. 45–60. USENIX Association, Berkeley, CA, USA (2008)

    Google Scholar 

  13. Kostiainen, K., Ekberg, J.E., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: Proceedings of the 4th International Symposium on Information. Computer, and Communications Security (ASIACCS 2009), pp. 104–115. ACM, New York (2009). http://doi.acm.org/10.1145/1533057.1533074

  14. Wilson, P., Frey, A., Mihm, T., Kershaw, D., Alves, T.: Implementing embedded security on dual-virtual-CPU systems. IEEE Des. Test Comput. 24, 582–591 (2007)

    Article  Google Scholar 

  15. Muchnick, S.S.: Advanced Compiler Design and Implementation. Morgan Kaufmann, San Francisco (1997)

    Google Scholar 

  16. Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. In: IACR Cryptology ePrint Archive (2004). http://eprint.iacr.org/2004/100

  17. Maebe, J., De Keulenaer, R., De Sutter, B., De Bosschere, K.: Mitigating smart card fault injection with link-time code rewriting: a feasibility study. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 221–229. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  18. Defense Advanced Research Projects Agency: DARPA BAA06-40, A TRUST for Integrated Circuits Visited, September 2014

    Google Scholar 

  19. Defense Science Board Task Force: High Performance Microchip Supply. http://www.acq.osd.mil/dsb/reports/ADA435563.eps. Accessed September 2014

  20. Lieberman, J.I.: The national security aspects of the global migration of the U.S. semiconductor industry. http://www.fas.org/irp/congress/2003_cr/s060503.html. Accessed September 2014

  21. Diablo: Diablo is a better link-time optimizer. https://diablo.elis.ugent.be/. Accessed October 2014

  22. Oxford Dictionaries: Definition of obfuscate. http://www.oxforddictionaries.com/definition/english/obfuscate

  23. U.S. Department Of Commerce: Defense Industrial Base Assessment: Counterfeit Electronics. Bureau of Industry and Security, Office of Technology Evaluation. http://www.bis.doc.gov/defenseindustrialbaseprograms/osies/defmarketresearchrpts/final_counterfeit_electronics_report.eps. Accessed January 2010

  24. Koushanfar, F., Sadeghi, A.-R., Seudie, H.: EDA for secure and dependable cybercars: Challenges and opportunities. In: 49th ACM/EDAC/IEEE Design Automation Conference (DAC), pp. 220–228 (2012)

    Google Scholar 

  25. Agrawal, D., Baktir, S., Karakoyunlu, D., Rohatgi, P., Sunar, B.: Trojan detection using IC fingerprinting. In: IEEE Symposium on Security and Privacy (SP 2007), pp. 296–310 (2007)

    Google Scholar 

  26. Arora, D., Ravi, S., Raghunathan, A., Jha, N.K.: Secure embedded processing through hardware-assisted run-time monitoring. In: Design, Automation and Test in Europe, vol. 1, pp. 178–183 (2005). doi:10.1109/DATE.2005.266

  27. Patel, K., Parameswaran, S., Shee, S.L.: Ensuring secure program execution in multiprocessor embedded systems: a case study. In: IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS), pp. 57–62 (2007)

    Google Scholar 

  28. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 388. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  29. Vermoen, D., Witteman, M., Gaydadjiev, G.N.: Reverse engineering java card applets using power analysis. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 138–149. Springer, Heidelberg (2007)

    Google Scholar 

  30. Quisquater, J.-J., Samyde, D.: Automatic code recognition for smartcards using a kohonen neural network. In: CARDIS, USENIX 21–22 November, San Jose, CA, USA (2002)

    Google Scholar 

  31. Eisenbarth, T., Paar, C., Weghenkel, B.: Building a side channel based disassembler. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds.) Transactions on Computational Science X. LNCS, vol. 6340, pp. 78–99. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  32. Msgna, M., Markantonakis, K., Mayes, K.: Precise instruction-level side channel profiling of embedded processors. In: Huang, X., Zhou, J. (eds.) ISPEC 2014. LNCS, vol. 8434, pp. 129–143. Springer, Heidelberg (2014). doi:10.1007/978-3-319-06320-1_11

    Chapter  Google Scholar 

  33. Msgna, M., Markantonakis, K., Naccache, D., Mayes, K.: Verifying software integrity in embedded systems: a side channel approach. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 261–280. Springer, Heidelberg (2014). doi:10.1007/978-3-319-10175-0_18

    Google Scholar 

  34. What is SHA-1. https://en.wikipedia.org/wiki/SHA-1

  35. Netlist Definition. Xilinx. http://www.xilinx.com/itp/xilinx10/help/iseguide/mergedProjects/constraints_editor/html/ce_d_netlist.htm

  36. iOS Security Sandbox white paper. https://www.cs.auckland.ac.nz/courses/compsci702s1c/lectures/rs-slides/6-iOS-SecuritySandbox.eps

  37. https://www.apple.com/privacy/docs/iOS_Security_Guide_Oct_2014.eps

  38. http://en.wikipedia.org/wiki/XNU

  39. http://en.wikipedia.org/wiki/Android

  40. http://developer.android.com/tools/publishing/app-signing.html

  41. http://developer.android.com/guide/topics/security/permissions.html

  42. What is MAC/DAC. https://www.internetsociety.org/sites/default/files/02_4.eps

  43. http://www.tclouds-project.eu/downloads/factsheets/tclouds-factsheet-07-attestation.eps

  44. Zeller, T.: The ghost in the CD; Sony BMG stirs a debate over software used to guard content, The New York Times, c1, November 14 (2005)

    Google Scholar 

  45. http://en.wikipedia.org/wiki/CIH_(computer_virus)

  46. Gratzer, V., Naccache, D.: Alien vs. quine, the vanishing circuit and other tales from the industry’s crypt. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 48–58. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  47. Chevallier-Mames, B., Naccache, D., Paillier, P., Pointcheval, D.: How to disembed a program? In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 441–454. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  48. Bellare, M., Garay, J.A., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  49. Benaloh, J.C., de Mare, M.: One-way accumulators: a decentralized alternative to digital signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 274–285. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

Download references

Acknowledgement

Mehari G. Msgna is sponsored by the Information Network Security Agency, Addis Ababa, Ethiopia.

Author information

Authors and Affiliations

  1. Information Security Group, Smart Card Centre, Royal Holloway, University of London, Egham, UK

    Mehari G. Msgna, Raja Naeem Akram & Konstantinos Markantonakis

  2. Ecole normale supérieure, Paris, France

    Houda Ferradi

Authors
  1. Mehari G. Msgna
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Houda Ferradi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Raja Naeem Akram
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Konstantinos Markantonakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mehari G. Msgna .

Editor information

Editors and Affiliations

  1. Université du Luxembourg , Luxembourg, Luxembourg

    Peter Y. A. Ryan

  2. Ecole normale supérieure , Paris, France

    David Naccache

  3. Université Catholique de Louvain , Louvain-la-Neuve, Belgium

    Jean-Jacques Quisquater

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Msgna, M.G., Ferradi, H., Akram, R.N., Markantonakis, K. (2016). Secure Application Execution in Mobile Devices. In: Ryan, P., Naccache, D., Quisquater, JJ. (eds) The New Codebreakers. Lecture Notes in Computer Science(), vol 9100. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-49301-4_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-49301-4_26

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-49300-7

  • Online ISBN: 978-3-662-49301-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation