14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services

Research Article

Trusted Operations On Mobile Phones

  • @INPROCEEDINGS{10.4108/eai.7-11-2017.2274952,
        author={Hassaan Abdul Khaliq Janjua and Wouter Joosen and Sam Michiels and Danny Hughes},
        title={Trusted Operations On Mobile Phones},
        proceedings={14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services},
        publisher={ACM},
        proceedings_a={MOBIQUITOUS},
        year={2018},
        month={4},
        keywords={trusted execution environment (tee) rich execution environment (ree) trustzone secure world normal world trusted application authenticity fidelity},
        doi={10.4108/eai.7-11-2017.2274952}
    }
    
  • Hassaan Abdul Khaliq Janjua
    Wouter Joosen
    Sam Michiels
    Danny Hughes
    Year: 2018
    Trusted Operations On Mobile Phones
    MOBIQUITOUS
    ACM
    DOI: 10.4108/eai.7-11-2017.2274952
Hassaan Abdul Khaliq Janjua1,*, Wouter Joosen1, Sam Michiels1, Danny Hughes1
  • 1: KU Leuven
*Contact email: HassaanAbdulKhaliq.Janjua@cs.kuleuven.be

Abstract

The widespread use of mobile devices has allowed the development of participatory sensing systems that capture various types of data using the existing sensors on mobile devices in order to upload the data to cloud based services for later use. Gathering data from such sources requires a mechanism to establish trust on the sensor data. For example an application may require a proof of authenticity of sensor readings originating from anonymous sources. Establishment of trust on the sensor data has been addressed in the literature. However, in many cases this sensor data needs to be preprocessed on the device itself before being uploaded to the target server. This processing could include resizing of images, hiding identifiable faces and sensitive data in images, anonymization of GPS data etc. while ensuring the chain of trust from data capture to the delivery of data to the consumer. There is a need for a framework that provides a means to implement arbitrary operations to be performed on trusted sensor data while guaranteeing the authenticity of the data. This paper presents the design and implementation of a framework that allows the capture of trusted sensor data, the development of trusted operations on sensor data, and provides a mechanism for performing predefined trusted operations on the sensor data such that the chain of trust is maintained. Evaluation shows that the performance of the proposed system is reasonable and that the trust guarantees are strong.