JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2017, Vol. 52 ›› Issue (6): 92-98.doi: 10.6040/j.issn.1671-9352.2.2016.219

Previous Articles     Next Articles

A key management mechanism basedon TrustZone architecture

CUI Xiao-yu1,2, ZHAO Bo1,2*, FAN Pei-ru1,2, XIAO Yu1,2   

  1. 1. Computer School, Wuhan University, Wuhan 430072, Hubei, China;
    2. Key Laboratory of Aerospace Information Security and Trusted Computing of Ministry of Education, Wuhan University, Wuhan 430072, Hubei, China
  • Received:2016-08-16 Online:2017-06-20 Published:2017-06-21

PDF (PC)

1053

Abstract: Aiming at the lack of encryption protection for user privacy data on embedded devices, a key management mechanism is proposed in TrustZone architecture. Combined with Physical Unclonable Function(PUF)technology and the users PIN to generate the user key related to both device and user, the confidentiality and integrity of privacy data is protected. Meanwhile, a relatively thorough key management mechanism is designed formutli-user data protection scene in public embedded device to realize key generation, storage, update and destroy. Finally, this multi-user key management moduleisgiven and realizedin TrustZone. And its security and efficiencyis analyzed by experiments. The experiment result show that the mechanism is reliable secure and has high key management efficiency.

Key words: TrustZone, key management, data privacy, PUF

CLC Number: 

  • TP309
[1] 郑显义, 李文, 孟丹. TrustZone技术的分析与研究[J]. 计算机学报, 2016, 9: 1912-1928. ZHENG Xianyi, LI Wen, MENG Dan.Analysis and research on TrustZonetechnology[J].Chinese Journal of Computers, 2016, 9: 1912-1928.
[2] ALVES T, FELTON D. Trustzone: Integrated hardware and software security[J]. ARM White Paper, 2004, 3(4): 18-24.
[3] HEIN D, WINTER J, FITZEK A. Secure block device-secure, flexible, and efficient data storage for ARM TrustZonesystems[C] //International Conference on Trust, Security and Privacy in Computing and Communications.Helsinki, Finland: IEEE, 2015: 222-229.
[4] 魏兰. 基于ARM TrustZone的安全存储研究与实现[D]. 成都:电子科技大学, 2015. WEI Lan. Securestoragebasedon ARM TrustZone research and implement[D].Chengdu: University of Electronic Science and Technology of China, 2015.
[5] ZHAO Shijun, ZHANG Qianying, HU Guangyao, et al. Providing root of trust for ARM TrustZone using on-chip SRAM[C] //Proceedings of the 4th International Workshop on Trustworthy Embedded Devices. Scottsdale, Arizona, USA: ACM, 2014: 25-36.
[6] 吕洋. 基于嵌入式可信平台的主密钥存储技术研究[D]. 南京:南京理工大学, 2015. LÜ Yang.Research on master key storage technology based on embedded trusted platform[D]. Nanjing: Nanjing University of Science and Technology, 2015.
[7] RAJ H, SAROIU S, WOLMAN A, et al. fTPM: A Firmware-based TPM 2.0 implementation: MSR-TR-2015-84[R]. [S.l.] :Microsoft Research, 2015.
[8] PARK C. DFCloud: A TPM-based secure data access control method of cloud storage in mobile devices[C] // International Conference on Cloud Computing Technology and Science.Taipei:IEEE, 2012:551-556.
[9] SHIN J, KIM Y, PARK W, et al. A method for data access control and key management in mobile cloud storage services[J]. IEMEK Journal of Embedded Systems and Applications, 2013, 8(6):303-309.
[10] WINTER J. Trusted computing building blocks for embedded Linux-based ARM TrustZone platforms[C] // ACM Workshop on Scalable Trusted Computing, Stc 2008. Alexandria, VA, USA: ACM, 2008:21-30.
[11] 杜文银, 张涛, 凌君. 基于ARM TrustZone技术的移动可信平台[C] //全国嵌入式技术和信息处理联合学术会议.北京:[s.n.] , 2009. DU Wenyin, ZHANG Tao, LING Jun. Mobile trusted platform based on ARM TrustZone technology[C] //National Joint Conference on Embedded Technology and Information Processing. Beijing:[s.n.] , 2009.
[12] 刘客. 嵌入式SoC片上SRAM PUF的设计与实现[D]. 武汉:华中科技大学, 2013. LIU Ke. Design and implementation of on-chip SRAM PUF for embedded SoC[D]. Wuhan: Huazhong University of Science and Technology, 2013.
[13] PLATFORM G. TEE System Architecture[EB/OL].(2016-09).http://www.globalplatform.org/specifications/review/GPD_TEE_SystemArch_v1.0.0.27_PublicReview.pdf.
[14] PLATFORM G. The Trusted Execution Environment: Delivering Enhanced Security at a Lower Cost to the Mobile Market[EB/OL].(2011-11). http://www.globalplatform.org/documents/GlobalPlatform_TEE_White_Paper_Feb2011.pdf.
[15] Linaro. Open Portable Trusted Execution Environment[EB/OL]. https://github.com/OP-TEE.
[1] LIU Meng-jun, LIU Shu-bo*, LIU Hong-hui, CAI Zhao-hui, TU Guo-qing. A research on dynamic and hybrid key management scheme of heterogeneous sensor network [J]. J4, 2012, 47(11): 67-73.
[2] LI Li, YUAN Fang, XI Ya-hui. Privacy preserving approaches for relational multiple sensitive attributes [J]. J4, 2011, 46(5): 82-85.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
Copyright 2018 © Editorial office of JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE)
Supported by Beijing Magtech Co.Ltd