Security and Privacy in Mobile Information and Communication Systems. First International ICST Conference, MobiSec 2009, Turin, Italy, June 3-5, 2009, Revised Selected Papers

Research Article

Building Efficient Integrity Measurement and Attestation for Mobile Phone Platforms

Download
444 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-04434-2_7,
        author={Xinwen Zhang and Onur Acıi\`{e}mez and Jean-Pierre Seifert},
        title={Building Efficient Integrity Measurement and Attestation for Mobile Phone Platforms},
        proceedings={Security and Privacy in Mobile Information and Communication Systems. First International ICST Conference, MobiSec 2009, Turin, Italy, June 3-5, 2009, Revised Selected Papers},
        proceedings_a={MOBISEC},
        year={2012},
        month={5},
        keywords={},
        doi={10.1007/978-3-642-04434-2_7}
    }
    
  • Xinwen Zhang
    Onur Acıiçmez
    Jean-Pierre Seifert
    Year: 2012
    Building Efficient Integrity Measurement and Attestation for Mobile Phone Platforms
    MOBISEC
    Springer
    DOI: 10.1007/978-3-642-04434-2_7
Xinwen Zhang1,*, Onur Acıiçmez1,*, Jean-Pierre Seifert2,*
  • 1: Samsung Information Systems America
  • 2: Deutsche Telekom Laboratories and Technical University of Berlin
*Contact email: xinwen.z@samsung.com, o.aciicmez@samsung.com, jean-pierre.seifert@telekom.de

Abstract

Integrity measurement and attestation mechanisms have already been developed for PC and server platforms, however, porting these technologies directly on mobile and resource-limited devices does not truly satisfy their performance constraints. Therefore, there are ongoing research efforts on mobile-efficient integrity measurement and attestation mechanisms. In this paper we propose a simple and efficient solution for this problem by considering the unique features of mobile phone devices. Our customized secure boot mechanism ensures that a platform can boot to a secure state. During runtime an information flow–based integrity model is leveraged to maintain high integrity status of the system. Our solution satisfies identified security goals of integrity measurement and attestation. We have implemented our solution on a LiMo compatible mobile phone platform.