SEARCH

SEARCH BY CITATION

Keywords:

  • mobile security;
  • MTM;
  • trust chain;
  • trusted computing;
  • trust transition;
  • turing machine

ABSTRACT

  1. Top of page
  2. ABSTRACT
  3. 1 INTRODUCTION
  4. 2 RELATED WORKS
  5. 3 TURING MACHINE OF TRUSTED COMPUTING
  6. 4 USING TM TO ACCOMPLISH TRADITIONAL TRUST CHAIN
  7. 5 EFFICIENT TRUST CHAIN MODEL FOR MOBILE TERMINALS
  8. 6 EXPERIMENTS AND EVALUATION
  9. 6.3 DISCUSSION
  10. 7 CONCLUSION
  11. ACKNOWLEDGEMENT
  12. REFERENCES

Trust chain, which focuses on the security in trusted computing platform, is the key technology to ensure system security. Aiming to establish the trust chain for mobile terminals, this paper proposes a trusted turing machine to formally describe the trust transitive process and construct an efficient trust chain model during the system boot time and the run time. The model consists of the following two characteristics. First, the boot code and operating system image are stored in Root of Trusted Storage. This structure provides more safety, reliability, and efficiency than that proposed by Trusted Computing Group. Second, a resource-oriented protecting scheme is designed during the system run time. A process can access specific resources on the condition that it has been granted trust property by the related verifying program. In addition, we also develop a prototype of trusted mobile terminal systems. Results show that the system boot time is shortened by 5.2 s. In the meantime, the dynamic trusted mechanism executed during system run time can efficiently protect platform from malicious attack while it has little impact to system performance. The proposed model has the trust transitive property of the trust chain and can be applied to build a high efficiency trusted mobile terminal. Copyright © 2013 John Wiley & Sons, Ltd.

1 INTRODUCTION

  1. Top of page
  2. ABSTRACT
  3. 1 INTRODUCTION
  4. 2 RELATED WORKS
  5. 3 TURING MACHINE OF TRUSTED COMPUTING
  6. 4 USING TM TO ACCOMPLISH TRADITIONAL TRUST CHAIN
  7. 5 EFFICIENT TRUST CHAIN MODEL FOR MOBILE TERMINALS
  8. 6 EXPERIMENTS AND EVALUATION
  9. 6.3 DISCUSSION
  10. 7 CONCLUSION
  11. ACKNOWLEDGEMENT
  12. REFERENCES

Trust chain is an important concept introduced by Trusted Computing Group (TCG) [1]. To maintain integrity in the computing environment, TCG has proposed a tamper-resistant root and a series of verifying methods to grant trust serially to BIOS, loader programs, operating system (OS) and applications [2], thus constructing the trust chain logically. Intuitively, if each component and the establishing process of trust chain are reliable, the entire trust chain is trustable, so that the computing environment under the trust chain is trustable.

Many researchers have abstracted the aforementioned chain with logic language. For example, Chen et al. [3] formally described the deductive rule of the transitive mechanism using the predicate logic as follows.

Let E be a set of entities. Then, ∀e1, e2E, define

  1. Trusted loading: Trusted(e1), which means e1 is trusted.
  2. Trusted measuring: Measure(e1, e2, Integ), which means e1 verifies the integrity of e2.
  3. Trust chain extending: (Trusted(e1), Measure(e1, e2, Integ)) / (Trusted(e1) ∧ Trusted(e2)), which means that if e1 is trusted and e2 has been verified by e1, then e2 is trusted.

Using the aforementioned logic framework, two typical configurations of boot process based on the trusted computing base (TCB) are shown in Figures 1 and 2, where Figure 1 depicts a multi-level trusted booting process and Figure 2 shows a centralized trusted booting process.

image

Figure 1. Multi-level trusted boot.

Download figure to PowerPoint

image

Figure 2. Centralized trusted boot.

Download figure to PowerPoint

The multi-level trusted booting method (Figure 1) is defined in the TCG specifications. When the current level grants a “loading permission” to next level, “permission of integrity measurement” is also granted to the next level [4]. Chen et al. improved this “level to level” trust granted scheme [3] and obtained a centralized trusted booting method (Figure 2). The current level loads next level through the instruction of TCB, and the trusted measurements are always executed by TCB.

Existing models only focus on the trust chain during boot time. If a validated entity is modified during run time, its integrity is destroyed. Recently, because of the restriction of dynamic trusted measurement theory, dynamic trust transition becomes a difficult problem. Thus, some researchers proposed the notion of dynamic trust measurement. The research criteria of dynamic trust can be cast into two parts: (i) how to measure integrity of a specific variable at a specific time (e.g., IMA system addressed by IBM [1] and Terra system designed by Garfinkey et al. [5]); and (ii) replace the notion of integrity trust with trust measurement scheme based on the software behavior (also known as “property” [6] or “semantic” [7]). The former can only reduce tampering possibility of a system. It does not protect the system from potential threats. The latter focuses on how to detect the known security threats rather than the essential purpose of trusted computing—how to resist unknown security threats.

The trust chain also requires to be described formally. Many logics and approaches were proposed to construct trust chain model. Apart from the aforementioned predicate logic, other models such as information flow [15], non-interference [11, 12] and process algebra [10, 16], and so on are proposed for constructing trust model. As these models do not consider the accomplishment and computation of an actual machine, they cannot tell whether the potential security threats are from model's computation flaw or from accomplishment mistakes.

This paper proposes a novel trust transitive model—trusted turing machine. First, we abstract the computation process of a trust chain's transition based on turing machine (TM) [8, 9]. Then, the execution process of trusted computing is formally described. We also present a new method to construct the efficient trust transitive model for mobile terminals. During the boot time, the OS kernel is stored in the Root of Trust Storage (RTS) to shorten the length of static trust chain. During system run time, once an entity wants to access specific resources, it must be granted trust from the related trusted agent. Our model efficiently accomplishes the dynamic protection of system resources.

The rest of this paper is organized as follows. Section 2 reviews the related works. Section 3 proposes a trusted computing turing machine. Section 4 shows that the proposed trusted computing TM can be used to formally describe the trust transitive process. On the basis of the trusted turing machine, Section 5 presents an efficient trust chain model for mobile terminals. Section 6 gives the design and implementation of trust transitive architecture. Experimental results are also illustrated in this section. Lastly, Section 7 concludes our work.

2 RELATED WORKS

  1. Top of page
  2. ABSTRACT
  3. 1 INTRODUCTION
  4. 2 RELATED WORKS
  5. 3 TURING MACHINE OF TRUSTED COMPUTING
  6. 4 USING TM TO ACCOMPLISH TRADITIONAL TRUST CHAIN
  7. 5 EFFICIENT TRUST CHAIN MODEL FOR MOBILE TERMINALS
  8. 6 EXPERIMENTS AND EVALUATION
  9. 6.3 DISCUSSION
  10. 7 CONCLUSION
  11. ACKNOWLEDGEMENT
  12. REFERENCES

Although there are a lot of researches about trust chain model, the proposed models lack of consideration about practicality. As a result, existing trust transitive mechanisms are not very efficient to describe the dynamic trust chain.

  1. Trust chain model: A trust chain consists of many system components and is constructed on the basis of the original computer hardware system. It is given in the cross state between each component and original system rather than as a united model. The discreteness of space and the parallelism of time make modeling trust chain difficult. On the other hand, interaction between the trust and the system forms a complex system structure—Mobile Trusted Module (MTM), Root of Trusted Measurement, and systems have their own I/O and security policies separately [10].

To describe the transitive process of trust chain, many researchers introduced non-interference theory to construct trust chain and formally describe it [11]. Zhang et al. [12] established a trust chain model from dynamic aspects based on non-interference theory.

Chen et al. [13] used the predicate logic to analyze the problem of the trust loss in a trusted booting process. They also proposed an improved booting model based on centralized measurements. However, this model has not taken into consideration of dynamic trust chain.

Li et al. [14] presented an associated input-based determination framework. With this framework, trustworthiness can be identified and determined by associated intermediate codes. However, this method needs to establish a restriction table about software. But, the efficiency of inserting the table has not been considered.

Xu et al. [10] abstracted trusted computing specifications into an interactive model among three entities of TPM, Root of Trusted Measurement, and system. This model uses process algebra as denotation semantics, and takes the labeled transition system as operation semantics for formalizing behavior characteristics of trust chain.

Zhang et al. [15] focused on the security problem of information flow in the trust chain defined by TCG. They established a model of trust chain through secure process algebra, and described mutual relationships among entities by non-deducibility on composition, and abstracted the behavior and characteristics of trust chain to multi-level inputs and outputs. They also analyzed the trust chain of system by extending associated relationships of I/O to the high level and the low level.

  • 2.
    Dynamic trust chain: A typical solution scheme aiming at dynamic trust measurement is shown in Figure 3, which adds a measurement module and a background process as a measurement agent in the user space [17].
image

Figure 3. Dynamic measurement framework based on data integrity.

Download figure to PowerPoint

In this scheme, measurement agent receives an integrity measurement request to the specific process or module. Then, the measurement agent triggers the measurement module in the kernel space to measure the related process or module.

The dynamic trust measurement scheme, which is based on the integrity checking, executes measurement operation at well-defined periodic intervals. This measurement is overly coarse-grained and cannot avoid malicious damage to the entities.

Peng et al. [18] proposed a measurement method based on trusted software behaviors, as shown in Figure 4. This method includes a Software Behavior Authentication Code (SBAC) based on the system's application programming interface orders, which adds software behavior monitor mechanism in software run time to extract software's actual SBAC. The actual SBAC is compared with the released one to decide if the software's behavior is trusted.

image

Figure 4. Software trusted measurement scheme based on behavior trustiness.

Download figure to PowerPoint

The dynamic trusted measurement based on the trusted behavior refines the measurement to specific behaviors and execution traces of the software. Therefore, it causes risks in the judgment of trusted behavior.

3 TURING MACHINE OF TRUSTED COMPUTING

  1. Top of page
  2. ABSTRACT
  3. 1 INTRODUCTION
  4. 2 RELATED WORKS
  5. 3 TURING MACHINE OF TRUSTED COMPUTING
  6. 4 USING TM TO ACCOMPLISH TRADITIONAL TRUST CHAIN
  7. 5 EFFICIENT TRUST CHAIN MODEL FOR MOBILE TERMINALS
  8. 6 EXPERIMENTS AND EVALUATION
  9. 6.3 DISCUSSION
  10. 7 CONCLUSION
  11. ACKNOWLEDGEMENT
  12. REFERENCES

In this section, we introduce the concept of TM to establish the trust chain model. The definition of TM is given in [8] and [9]. As prerequisite, we define a judgment machine, which is a kind of TM that can be stopped with any inputs. Because all computers use TM as their computation model and it is considered that actual programs will always be stopped, we assume that every program can be accomplished by the judgment machine. For the sake of convenience, the “program” hereinafter refers to a kind of general TM code in the judgment machine.

To define “security” clearly, we first introduce “security responsibility assumption.”

Assumption. There exists a trusted authentication center that can verify the credibility of software. The trusted authentication center also provides verifying algorithm for the software.

From this assumption, the judgment of credibility finally attributes to the legislation problem. The trusted software provider guarantees to users with the security property of software. The trusted TM model described later actually ensures that only the software, which is verified by trusted authentication center, can be executed honestly and in an untampered manner.

We define as follows the key notions of computing model of trusted turing machine.

Definition 1. There exists a TM-V, which is used to verify the credibility of normal software program. The denying final state of V is qr, which means that the verifying result is untrusted. The accepting final state is qt, which means that the program is trusted and will run honestly. The coding sequence of the TM-V is recorded as < V >. The set of the TM-V is defined as {V}.

Definition 2. There exists a TM-MV, which can verify the reliability of V issued by the software provider. MV can also verify other MVs. The denying final state is qr, which means that the verifying result is untrusted. The accepting final state is qv, which means that the verifying result is trusted. The coding sequence of the TM-MV is recorded as < MV >. The set of the TM-MV is {MV}.

In a practical application environment, V is provided by the trusted authentication center and is issued by the software provider. V proves that a normal software is trusted. MV is provided and issued by the trusted authentication center. Its function is to verify the reliability of V and other MVs. Intuitionally speaking, the function of V is to verify the reliability of normal software. The function of MV is to transfer trust to the verifying program of next level, and believes that the next verifying program can verify the trust of specific object correctly. A typical software verifying process is shown in Figure 5. The TM-MV has been verified previously. Then, MV verifies the credibility of V and transmits trust to V. Finally, the credibility of a specific software is verified by V.

Definition 3. The TM of trusted computing is a trusted TM if it satisfies following conditions:

  1. The TM owns at least two tapes: tape0 and tape1. Initially, tape0 stores < V > or < MV > with the number of m, which is separated by a symbol C and is recorded as Cv0Cv1Cv2Cvm-1CB. B is recorded at the end of the tape. tape1 stores n segments of a finite symbol sequence w, which is separated by the symbol C and recorded as Cw0Cw1Cw2Cwn-1CB.
  2. Set tape0 point to i0, which can be B (blank, means the end of the tape) or a program symbol string v. Set tape1 point to i1, which can be B or a program symbol string w. The other tape pointers are totally signed as i2 (tape2 stores execution data required by normal program). TM works with the following procedures:
    1. If i1 is B, TM stops.
    2. If i0 is B, then i0 points to v0 and i1 points to the next segment of the program. Turn to (a).
    3. If neither i0 nor i1 is B, then TM works as a normal general TM-U that executes U[i0, i1]:
      1. If the final state is qr, then i0 points to the next segment. Turn to (b).
      2. If the final state is qv, copies i1 to the end of tape0. Turn to (d).
      3. If the final state is qt, then executes U[i1, i2] until the TM represented by i1 stops. Turn to (d).
    4. Let i0 points to v0 and i1 points to the next segment. Turn to (a).
image

Figure 5. Verifying process of software.

Download figure to PowerPoint

4 USING TM TO ACCOMPLISH TRADITIONAL TRUST CHAIN

  1. Top of page
  2. ABSTRACT
  3. 1 INTRODUCTION
  4. 2 RELATED WORKS
  5. 3 TURING MACHINE OF TRUSTED COMPUTING
  6. 4 USING TM TO ACCOMPLISH TRADITIONAL TRUST CHAIN
  7. 5 EFFICIENT TRUST CHAIN MODEL FOR MOBILE TERMINALS
  8. 6 EXPERIMENTS AND EVALUATION
  9. 6.3 DISCUSSION
  10. 7 CONCLUSION
  11. ACKNOWLEDGEMENT
  12. REFERENCES

On the basis of the TM defined in Section 3, the trust chain can be formally constructed. Next, we introduce how to describe the traditional trust chain using TM.

Theorem 1. Turing machine can achieve the deduction rules of predict logic described in Section 1. Let us assume that there exist some MV type programs en(n ∈ N) in TM's tape0 or tape1, and

  1. Trusted (ei) [LEFT RIGHT DOUBLE ARROW] ei in TM's tape0;
  2. Measure (ei, ej, Integ) [LEFT RIGHT DOUBLE ARROW] U[ei, ej] = qv;
  3. Measure (ei, ej, Integ) [LEFT RIGHT DOUBLE ARROW] U[ei, ej] = qr.

When TM stops, each en in tape0 satisfies the trusted loading rule or trust chain extending rule of predict logic. It means that en is either in tape0 initially or measured by other ei (i < n) in tape0.

Proof. When TM stops, if ek is in tape0 initially, from the condition (1), we know that it satisfies Trusted (ek). If ek is not in tape0 initially, it is in tape1. From TM's working procedure, if and only if when ei is on tape0 and U[ei, ek] = qv, then ek can be copied from tape1 to tape0. Through the conditions that ei has already been in tape0 equals to Trusted (ei). In addition, U[ei, ek] = qv equals to Measure(ei, ek, Integ). Finally, ek is in tape0, which equals to Trusted (ek) ∧ Trusted (ei). It is the extending rule defined by the predict logic. It follows that the TM can achieve the deduction rules of the predict logic.

From Theorem 1, TM can strictly simulate the extending progress of trust chain only by using the MV type program. The extending of tape0 equals to the extending of the trust chain. However, it is not enough to complete the normal work of trusted computing system. According to the workflow of TM, the programs in tape0 can only take the strings to be verified in tape1 as their inputs, and take the strings that have been verified in tape1 as their outputs in tape0. For this limitation, the programs in tape0 are not able to execute the computing as normal program. So, TM defines V type program that can verify normal TM program. Actually, at the TM model, the TCB in Figure 2 consists of a set of V type programs. Other modules, which are normal TM programs, can be verified by these V type programs. And, each module in Figure 1 is composed of normal TM coding program, V type program, and MV type program.

When the TM simulates the grant execute process of Figure 2, the initial configurations of TM are set as follows:

  • display math

where pb, pbl, pos, pm0 …, pa0 … separately represent the functional BIOS, bootloader, OS kernel, system services and applications, and vb, vbl, vos, vm0 …, va0 … separately represent related V type program in TCB. This TM simply verifies and executes normal programs in tape1. All verifying programs of different level modules are concentrated in tape0. Actually, as the centralized trusted boot method avoids the construction of trust chain, it does not need MV type program. Here, the trust transitive path is described in Figure 6. All V type programs are located in TCB. When the system starts up, these V type programs are directly granted trust from TCB. Then, each V type program verifies related progress. Through this path, all of the applications are verified and loaded directly by TCB.

image

Figure 6. The trust transition of centralized trusted boot.

Download figure to PowerPoint

If the initial configurations of TM are set as follows,

  • display math

Then, this TM simulates the grant execute process of Figure 1, where pb, pbl, pos, pm0 …, pa0 … separately represent the functional BIOS, bootloader, OS kernel, some kernel services and applications, and vb, vbl, vos, vm0…, va0…. represent the related V type verifying program. Besides, mbl, mos, mm, and ma are MV type verifying programs, in which mbl is for vbl and mos, mos is for vos, mm and ma, mm is for vm0…, ma is for va0… . Intuitively, the action of the V type program is to grant “loading, executing permission” to a verified normal program, and the MV type program is to grant “trust measuring permission” to the verified program. The trust transitive path is shown in Figure 7. In this case, TCB gives the executing permission to a functional program pb in BIOS through vb, and gives executing permission to a measurement program (i.e., vbl and mos) that will verify the next level (i.e., bootloader) through mbl; BIOS gives executing permission to the functional program pbl through vbl in bootloader, and gives executing permission to the measurement program (i.e., vos, mm, and ma) that will verify the next level (i.e., OS kernel) through mos, and so on.

image

Figure 7. The trust transition in multi-level trusted boot.

Download figure to PowerPoint

5 EFFICIENT TRUST CHAIN MODEL FOR MOBILE TERMINALS

  1. Top of page
  2. ABSTRACT
  3. 1 INTRODUCTION
  4. 2 RELATED WORKS
  5. 3 TURING MACHINE OF TRUSTED COMPUTING
  6. 4 USING TM TO ACCOMPLISH TRADITIONAL TRUST CHAIN
  7. 5 EFFICIENT TRUST CHAIN MODEL FOR MOBILE TERMINALS
  8. 6 EXPERIMENTS AND EVALUATION
  9. 6.3 DISCUSSION
  10. 7 CONCLUSION
  11. ACKNOWLEDGEMENT
  12. REFERENCES

The trust chain transitive process of a mobile terminal includes static trust chain transitive process during system boot time and dynamic trust chain transitive process during system run time. Both of them need efficient transitive mechanisms. In this section, we design a transitive mechanism based on characteristics of the mobile terminal and establish a trust chain model using the trusted TM.

5.1 Static trust chain during system boot time

Besides the problem induced by the dynamic trust property, another problem is that TCG's static trust chain is too long [19]. The long chain brings the loss of trust, which increases with the length of chain. Zhao et al. [20] proposed a “star-style” chain of trusted structure. This structure shortens the length of trust chain, but the mechanism of measuring application is too complex and consumes too many resources.

Generally, unlike applications, an OS in mobile terminal is relatively stable and is not updated frequently. The OS code is in the fixed physical place of RAM. On the other hand, application program is opposite. Applications are updated relatively frequently and are not in the fixed place of RAM. For these reasons, while achieving an integrity measurement mechanism, hardware method is suitable for the measurement of OS kernel code and software method is suitable for the measurement of application programs. Thus, we place the boot program and the OS image in the RTS to obtain the protection by MTM, which is shown in Figure 8. The OS can be updated through the security communication channel between MTM and a remote security server. This method omits integrity checking for the boot program and the OS image, thus shorten the length of the trust chain and accelerate booting speed.

image

Figure 8. The security structure during system booting time.

Download figure to PowerPoint

The TM is set as follows to implement static trust chain model.

  • display math

In the boot process of our system, after it is powered on, two entities (i.e., the OS kernel and the MV type program ma) in TCB are directly granted trust by TCB. So, the kernel process pos is loaded directly. ma is used to measure the V type programs (i.e., va0, va1 …) that will grant the trust to applications (i.e., pa0, pa1, …). The trust transitive path is shown in Figure 9.

image

Figure 9. Static trust chain.

Download figure to PowerPoint

In the static trust chain model, pos and ma are in trust chain initially, which means that OS kernel and ma program are trusted. So, the pos and ma are in tape0 in the initial state. The goal of trust transitive process is that all of the applications are credibly loaded after boot.

On the basis of the execution procedure of TM, the trust transitive progress is deduced as follows.

  1. tape0: CposCma;
  2. [tape0:CposCma, U[ma,va0] = qv] [RIGHTWARDS ARROW] [tape0:CposCmaCva0];
  3. [tape0:CposCmaCva0, U[va0,pa0] = qt] [RIGHTWARDS ARROW] [tape0:CposCmaCva0, U[pa0]];
  4. [tape0:CposCmaCva0, U[ma,va1] = qv] [RIGHTWARDS ARROW] [tape0:CposCmaCva0Cva1];
  5. [tape0:CposCmaCva0Cva1, U[va1,pa1] = qt] [RIGHTWARDS ARROW] [tape0:CposCmaCva0Cva1, U[pa1]];

Now, all the programs are either in tape0 or verified to be loaded and executed. So, the static trust chain model is trusted.

5.2 Dynamic trust chain during system run time

A typical mobile terminal system consists of a resource layer, a management and execution layer, and an application layer. The system is depicted in Figure 10.

image

Figure 10. Software and hardware architecture of mobile terminal.

Download figure to PowerPoint

Basically, all of the security problems arise because of improper usage of resources [21]. The actual resources of system are essentially the hardware at the bottom layer (including a memory, a processor and a bus, etc.). Thus, controlling the access to system resources is an effective method to ensure that all entities accessing resources are trusted.

We add resource management to the management and execution layer for executing trusted verifying, as shown in Figure 11. The applications must go through trusted verifying, which contains identity, integrity, and authority authentication to invoke processes for accessing resources. Communications among processes also need to be verified. It follows that these communication interfaces are abstracted to some kind of resources.

image

Figure 11. The resource-oriented protecting architecture of mobile terminal.

Download figure to PowerPoint

In the scheme proposed in this paper, the loaded trusted processes can only atomically add and modify specific resources. By adding trusted loading measurement in accessing procedures, dynamic protection of trusted integrity is effectively accomplished. This scheme can be easily constructed through the TM and logically maintains the trusted property of the trust chain. The resource management layer is composed mainly of MV type programs provided by the trusted authentication center. These MV programs transfer trust to the next V type programs that can verify normal processes. The TM is configured as follows.

  • display math

In this TM, pos, ma, va0, pa0 … are represented as the trusted loading process of static trust chain described in the previous section. Furthermore, ma0’ and ma1’, whose trusts are granted by ma, are trusted agents in resource management that protect related resource region separately. The dynamic loading verifying programs va0’ and va1’, whose trusts are granted by the trusted agents,verify related processes and grant trust to them during system run time. On the basis of this mechanism, the trust chain is constructed as shown in Figure 12.

image

Figure 12. Dynamic trust chain.

Download figure to PowerPoint

The trust transitive progress about normal program loading is similar to static trust chain analyzed in Section 5.1. Once a program requires to access resources, the dynamic trust transitive progress is triggered. Take program pa0, which requires to access resources in region 0 for example, we will show that pa0'0 is credibly loaded and executed after dynamic transitive progress. For convenience, we only show the elements on the transitive path of pa0.

  1. tape0: CposCma;
  2. [tape0:CposCma, U[ma,ma0’] = qv] [RIGHTWARDS ARROW] [tape0:CposCmaCma0’];
  3. [tape0:CposCmaCma0’, U[ma0’, va0'0] = qv] [RIGHTWARDS ARROW] [tape0:CposCmaCma0’Cva0'0];
  4. [tape0:CposCmaCma0’Cva0'0, U[va0'0, pa0'0] = qt] [RIGHTWARDS ARROW] [tape0:CposCmaCma0’Cva0'0, U[pa0'0]];

Now, pa0'0 is verified by va0'0 in tape0, which means pa0'0 is trusted to access specific resources.

By the TM's execution rules, any interpolations to the symbols in tape1 lead to a result that the applications and related programs cannot be loaded and executed. Suppose that MV type and V type programs are working regularly. When one normal TM program symbol is tampered, then final state of TM-U is qr. So, the tampered program will not pass the verifying of V type program. When one V type or MV type program is tampered, it will not pass the related verifying of MV program already in TCB. In addition, the MV in TCB is protected by hardware and cannot be modified.

Our grant trust approach is similar to the combination of discretionary access control (DAC) and mandatory access control (MAC). In the DAC mechanism, protection policies are established by the owner of the object [22]. The DAC only accomplishes coarse-grained access control policies [23]. More fine-grained access control is required in a security system, which can be accomplished by the combination of the MAC mechanism. In the MAC model, the system designs access policies for different specific objects. Users must obtain designed policies and cannot modify them [24].

6 EXPERIMENTS AND EVALUATION

  1. Top of page
  2. ABSTRACT
  3. 1 INTRODUCTION
  4. 2 RELATED WORKS
  5. 3 TURING MACHINE OF TRUSTED COMPUTING
  6. 4 USING TM TO ACCOMPLISH TRADITIONAL TRUST CHAIN
  7. 5 EFFICIENT TRUST CHAIN MODEL FOR MOBILE TERMINALS
  8. 6 EXPERIMENTS AND EVALUATION
  9. 6.3 DISCUSSION
  10. 7 CONCLUSION
  11. ACKNOWLEDGEMENT
  12. REFERENCES

6.1 Implementation of trust chain model

The trust chain model defines requirements for enforcing a transition of trust correctly. First, there exists a root of trust in hardware such as the TCG's MTM [25]. This co-processor embedded in mobile terminal has facilities storing booting and OS code in a tamperproof flash. It can also verify all of the application's credibility. Second, access control enforcement must provide complete mediation. In our case, all user space services and OS operations that enable access to system resources must be mediated. For a mobile terminal system, we leverage SELinux as the resource management. SELinux employs Linux Security Modules (LSM) inside the kernel to implement MAC policies, which assign different permissions to different processes based upon the least privilege principle [26]. The LSM framework has a set of hooks placed inside the kernel to mediate access to objects. When a hook is invoked, the LSM is invoked to authorize the operation for the caller. In our model, there is a security service in MTM, which is responsible for making access decision using the encapsulated security policy.

Recall that our dynamic trust chain model is to authenticate and authorize access to system resources such as wireless module, user address book, and voice device on a mobile terminal. Therefore, we focus on the system calls that are invoked toward system resources, such as open(file, how, …), read(fd, buffer, nbytes), write(fd, buffer, nbytes). Fortunately, in these places, we want to control resource accesses; hooks have been defined by LSM. Therefore, we only need to define SELinux policy rules to object types and permissions to access system resources.

The basic goal of our dynamic trust chain model is to allow trusted access to resources while denying others. Each trusted program owns a certificate to identify what kinds of privileges are required for it. Thus, the program can only access predefined resources through restrictive operations.

The initial design and development of mobile terminals are typically carried out on prototype systems, which have hardware similar to real mobile terminal hardware. Our implementation was performed on a developed evaluation board with the following features:

  • Samsung's ARM9 chip S3C2416 operating at 400 Mhz
  • 128 MB LPDDR RAM
  • 1 GB Nand Flash ROM

We run the Linux kernel 2.6.21 on the board with the SELinux security module enabled.

We chose Altera's EP3C40C8 FPGA chip as the core of MTM subsystem. The MTM's operating and controlling unit was realized in the FPGA. The TCB was realized with the combination of a NAND Flash chip with a switch chip.

The U-boot and OS code are stored in TCB. The kernel is booted directly from TCB in MTM and uploaded to the flash memory on terminal board. MTM is connected with terminal board through bus interface. During system run time, we combined the MTM with an LSM security framework to achieve the accessing verifying mechanism. When the application starts, it first invokes SHA-1 service in MTM to measure its hash value and write the value into a process descriptor. Then, the process runs normally until accessing system resource. At this time, the process invokes the trusted verifying service to verify its integrity and check if it has the right to access this resource. The process can be granted trust and given access rights if and only if it has passed the trusted verifying.

The configuration of our mobile terminal experiments is shown in Figure 13. A monitor can control the terminal board and log its events through a serial port. The terminal board connects to the 3G networks through which it communicates with other servers within Internet. A trusted authentication server is deployed to validate the security of software and provide security evidence to MTM. We also implemented a malicious server, which receives private user contact information gathered by onboard malware. The malicious sever can also exploit disclosed user information and launch attacks to vulnerable terminals by its message service.

image

Figure 13. Configuration of terminal experiments.

Download figure to PowerPoint

6.2 Evaluation

On the basis of the experiments constructed before, we tested security function and performance of terminal system.

Security evaluation: We studied two basic forms of cellphone malware attacks. The difference between them is whether a malware creates a new process to launch its attack [27].

To test the functionality of detecting malware process, we created two different processes, one trusted process with issued certificate that can only access phone books, and an untrusted process without certificate. The two processes requested to access phone books. The trusted process could perform access commands, whereas when the untrusted process attempted access command, it was denied (a denial massage was logged by SELinux). We then allowed trusted process to execute SMS messaging to test our function to prevent misuse of resources. The operation requested by the process was blocked, so, we saw SELinux denial messages.

For attacks, as the legitimate process is modified, we used attacking method based on self-modifying code [28]. We cross-complied a program such as “hello world” that had not printed “hello world” until the program executed the operation of reading address books. While the program is waiting, we used self-modifying code-based method to modify code segment, which covered certain length with “0”. When the modified program requested to access phone book, SELinux immediately found out that integrity of the program was corrupted and denied this access. Thus, our mechanism efficiently detected this invasion.

Performance evaluation: We evaluated the booting time and running performance overhead. When the system is started up, because we have eliminated the integrity checking about U-boot and the Linux kernel, the trust chain is shortened and the boot speed is increased. As shown in Table 1, the time saved is 5.2 s.

Table 1. System's booting time.
Normal systemTrusted boot of this paperAdding integrity check of U-boot/LinuxSaving time
24.9 s59.7 s64.9 s5.2 s

During system run time, experimental results include benchmark of OS services and performance data of user space application. All of security certificates of these progresses are pre-located in MTM.

The benchmark tests were executed with LMbench 3 suits [29]. Table 2 shows the measurement results. The results show that the security checks in the operations without file operation is quite small, that is, <10 ms. Typical file related operations such as open/close, create, read, and write also have very small overhead. The average is around 3%.

Table 2. Benchmark result during system running time.
BenchmarkBaseline (ms)Our system (ms)Overhead (%)
Null I/O1518.926
Stat32.341.428.1
Open/close7427632.8
0KB create19902062.23.6
1MB read440045302.9
1MB write890091202.4

User space program implementation overhead was tested by executing local GSM functions with and without hooks inside GSMD. We used the GSM Daemon command “pr” to read the local phone book. The GSMD hooks involve a request to the MTM to determine the authorization result for the requested operation. Only one authorization was necessary for each request. Subsequent accesses use the cached result. The test result in Table 3 shows that the performance loss mainly occurs during the software's start-up time. The trusted verifying in accessing resources has little or no impact on the system performance.

Table 3. Trust transition performance testing during application running time.
Testing objectWithout trusted verifying (ms)With trusted verifying (ms)Time consuming (ms)Performance loss (%)
GSMD first run2000225025012.5
GSMD second run38003880802

Worst case performance impact occurs at first invocation of any applications, as hashing of file data is carried out at first open or execution. Subsequent accesses use the cached results, with negligible impact.

6.3 DISCUSSION

  1. Top of page
  2. ABSTRACT
  3. 1 INTRODUCTION
  4. 2 RELATED WORKS
  5. 3 TURING MACHINE OF TRUSTED COMPUTING
  6. 4 USING TM TO ACCOMPLISH TRADITIONAL TRUST CHAIN
  7. 5 EFFICIENT TRUST CHAIN MODEL FOR MOBILE TERMINALS
  8. 6 EXPERIMENTS AND EVALUATION
  9. 6.3 DISCUSSION
  10. 7 CONCLUSION
  11. ACKNOWLEDGEMENT
  12. REFERENCES

In this part, we discuss the security and effective characteristics of our trust chain model based on terminal board experiments.

Boot time: According to trust theory, trust value will lose in transitive process. The loss increases with the increased length of transition [30]. As the multi-level trust boot structure proposed by TCG has long transitive way, trust loss is easily generated. Our trust chain model introduces hardware protection for OS kernel. Thus, the baseline of trust is promoted to OS kernel, which reduces trust transitive length, and it owns more safety, efficiency than TCG trust structure.

Run time: Several architectures exist to gather integrity measurements to keep trust during system run time. It obtains run time integrity measurements of all code that is memory-mapped as executable. These methods are very time-consuming, such as that IMA takes a total of 13 s [31]. So, they are normally checked only periodically, not every time the resources access is run. Thus, malicious executables may be run, if they are introduced between scheduled checks.

Our trust chain model set verifying points on program loading and requesting access time. Once a program is loaded or requires to access specific resources, trusted authentication is triggered. First, our model prevents unauthorized resources access, as malicious application has not been issued by the authentication server, which is properly untrusted, and all attempts to access resources are denied. Second, the integrity measurement ensures legitimate program's trust, which prevents run time tampering.

7 CONCLUSION

  1. Top of page
  2. ABSTRACT
  3. 1 INTRODUCTION
  4. 2 RELATED WORKS
  5. 3 TURING MACHINE OF TRUSTED COMPUTING
  6. 4 USING TM TO ACCOMPLISH TRADITIONAL TRUST CHAIN
  7. 5 EFFICIENT TRUST CHAIN MODEL FOR MOBILE TERMINALS
  8. 6 EXPERIMENTS AND EVALUATION
  9. 6.3 DISCUSSION
  10. 7 CONCLUSION
  11. ACKNOWLEDGEMENT
  12. REFERENCES

In this paper, we introduced the TM to establish the trust chain. The trusted TM has been presented to describe the trust transitive process. On the basis of the trust TM, efficient trust transitive model is established. The transitive trust model is divided into two parts: the static trust chain during system boot time and the dynamic trust chain during system run time. We located the boot code and the OS image into the RTS to shorten the static trust chain. Fine-grained access control is used to establish the dynamic trust chain. In our scheme, system resources are divided into many regions according to their functions. This division is fine-grained and provides basis for access control. Only the process granted trust by the related trusted agent can access specific resources. On the basis of our model, a prototype system was developed, and the system performance was tested. The testing result shows that our model meets the requirements of constructing an efficient trusted mobile terminal.

ACKNOWLEDGEMENT

  1. Top of page
  2. ABSTRACT
  3. 1 INTRODUCTION
  4. 2 RELATED WORKS
  5. 3 TURING MACHINE OF TRUSTED COMPUTING
  6. 4 USING TM TO ACCOMPLISH TRADITIONAL TRUST CHAIN
  7. 5 EFFICIENT TRUST CHAIN MODEL FOR MOBILE TERMINALS
  8. 6 EXPERIMENTS AND EVALUATION
  9. 6.3 DISCUSSION
  10. 7 CONCLUSION
  11. ACKNOWLEDGEMENT
  12. REFERENCES

This work was supported by the National High Technology Research and Development Program of China (863 Program) under agreement number 2009AA01Z427, and the 2011 information security special project of National Development and Reform Commission.

REFERENCES

  1. Top of page
  2. ABSTRACT
  3. 1 INTRODUCTION
  4. 2 RELATED WORKS
  5. 3 TURING MACHINE OF TRUSTED COMPUTING
  6. 4 USING TM TO ACCOMPLISH TRADITIONAL TRUST CHAIN
  7. 5 EFFICIENT TRUST CHAIN MODEL FOR MOBILE TERMINALS
  8. 6 EXPERIMENTS AND EVALUATION
  9. 6.3 DISCUSSION
  10. 7 CONCLUSION
  11. ACKNOWLEDGEMENT
  12. REFERENCES
  • 1
    Sailer R, Zhang X, Jaeger T, Doorn LV. Design and Implementation of a TCG-based integrity measurement architecture. In Proceedings of the 13th conference on USENIX Security Symposium -Volume 13, Berkeley (USA) 2004; 16–26.
  • 2
    Trusted Computing Group: TCG specification architecture overview revision 1.2.2007. Online available at http://www.trustedcomputinggroup.org/developers/.
  • 3
    Shuyi C, Yingyou W, Hong Z. Modeling trusted computing. Wuhan University Journal of Natural Sciences 2006; 11(6):15071510.
  • 4
    Arbaugh WA, Farber DJ, Smith JM. A secure and reliable bootstrap architecture. In Proceedings of 1997 IEEE Symposium on Security and Privacy, Oakland (USA) 1997; 65–71.
  • 5
    Garfinkel T, Pfaff B, Chow J, Rosenblum M, Boneh D. Terra: a virtual machine-based platform for trusted computing. ACM SIGOPS Operating Systems Review 2003; 37:193206.
  • 6
    Sadeghi AR, Stüble C. Property-based attestation for computing platforms: caring about properties, not mechanisms. In Proceedings of the 2004 workshop on New security paradigms, 2004; 67–77.
  • 7
    V Haldar, Chandra D, Franz M. Semantic remote attestation: a virtual machine directed approach to trusted computing. In Proceedings of the 3rd conference on Virtual Machine Research and Technology Symposium-volume 3, 2006; 3–13.
  • 8
    Turing AM. On computable numbers, with an application to the Entscheidungsproblem. In Proceedings of London Mathematical Society, 1937; 544–546.
  • 9
    Hopcrof JE, Ullman JD. Formal Languages and Their Relation to Automata. Addison-Wesley Longman Publishing: Boston, 1969.
  • 10
    Mingdi X, Huanguo Z, Yanfei G. Testing on trust chain of trusted computing platform based on labeled transition system. Chinese Journal of Computers 2009; 32(4):635645.
  • 11
    Hongjiao L, Xiuxia T. Research of trust chain of operating system. Lecture Notes in Computer Science 2009; 5855(2009):96102.
  • 12
    Xing Z, Qiang H, Changxiang S. A formal method based on noninterference for analyzing trust chain of trusted computing platform. Chinese Journal of Computers 2010; 33(1):7481.
  • 13
    Chen S, Wen Y, Zhao H. Formal analysis of secure bootstrap in trusted computing. In Proceedings of the 4th International Conference on Autonomic and Trusted Computing, HongKong (China) 2007; 352–360.
  • 14
    Xiaoyong L, Zhen H, Changxiang S. Transitive trust to executables generated during runtime. In proceedings of Second International Conference on Innovative Computing, Information and Control (ICICIC ‘07), 2007; 518–523.
  • 15
    Huanguo Z, Jie L, Gang J. Development of trusted computing research. Wuhan University Journal of Natural Sciences 2006; 11(6):14071413.
  • 16
    Mingdi X, Huanguo Z, Heng Z. Security analysis on trust chain of trusted computing platform. Chinese Journal of Computers 2010; 33(7):11651175.
  • 17
    Changxiang S, Huanguo Z, Dengguo F. Survey of information security. Science in China Series F: Information Sciences 2007; 50(3):173298.
  • 18
    Peng GJ, Pan XC, Zhang HG, Jianming F. Dynamic trustiness authentication framework based on software's behavior integrity. In Proceedings of the 9th International Conference for Young Computer Scientists (ICYCS 2008), Hunan (China) 2008; 2283–2288.
  • 19
    Pisko E, Rannenberg K, Robnagel HH. Trusted computing in mobile platforms. Datenschutz und Datensicherheit 2005; 29(9):526530.
  • 20
    Bo Z, Huanguo Z, Jing L, Lu C, Song W. The system architecture and security structure of trusted PDA. Chinese Journal of Computers 2010; 33(1):8292.
  • 21
    Liu C, Ozols MA. Trust in secure communication systems — the concept, representations, and reasoning techniques. In Proceedings of the Adv. AI, vol. 2557, Lecture Notes in Artificial Intelligence, Berlin (Germany) 2002; 60–70.
  • 22
    Bellovin SM, Merritt M. Limitations of the Kerberos authentication system. ACM Computer Communication Review 1990; 20(5):119132.
  • 23
    Kagal L, Finin T, Joshi A. Trust-based security in pervasive computing environments. Computer 2001; 34(12):154157.
  • 24
    Hwang J, Wu K, Liu D. Access control with role attribute certificates. Computer Standards and Interfaces 2002; 22(1):4353.
  • 25
    Trusted Computing Group: TCG TPM specificationversion 1.2 revision 85. Online available at https://www.trustedcomputinggroup.org/groups/tpm/.
  • 26
    Loscocco P, Smalley S. Integrating flexible support for security policies into the Linux operating system. In Proceedings of USENIX Annual Technical Conference, 2001; 29–42.
  • 27
    Liang X, Xinwen Z, Ashwin C, Trent J. Sencun Z Designing system-level defenses against cellphone malware. In Proceedings of the 28th IEEE International Symposium on Reliable Distributed Systems, New York, 2009; 83–90.
  • 28
    Yong-dong W, Zhi-gang Z, Tian-wei C. An attack on SMC-based software protection. Springer Berlin/ Heidelberg. 2007: 232–248.
  • 29
    LMBench: LMbench – Tools for Performance Analysis. Online available at http://www.bitmover.com/lmbench/.
  • 30
    Chang-Xiang S, Huan-Guo Z, Deng-Guo F, Zhen-Fu C, Ji-Wu J. Survey of information security. Science in China Series F, 2007, 50(3) : 273298.
  • 31
    Muthukumaran D, Schiffman J, Hassan M, Sawani A, Rao V, Jaeger T. Protecting the Integrity of Trusted Applications in Mobile Phone Systems. Security and Communication: Networks, 2011; 633650.