IEMEK Journal of Embedded Systems and Applications (대한임베디드공학회논문지)

Institute of Embedded Engineering of Korea (대한임베디드공학회)
권호 표지
DOI QR코드

DOI QR Code

SeBo: Secure Boot System for Preventing Compromised Android Linux

  • Received : 2015.01.31
  • Accepted : 2015.05.27
  • Published : 2015.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

As the usage of mobile devices becomes diverse, a number of attacks on Android also have increased. Among the attacks, Android can be compromised by flashing a new image of compromised Android Linux. In order to solve this problem, we propose SeBo (Secure Boot System) which prevents compromised Android Linux by guaranteeing secure boot environment for mobile devices based on ARM TrustZone architecture. SeBo checks the hash value of the Android Linux image before the Android Linux executes. SeBo detects all the attacks within 5 seconds. Moreover, since SeBo only trusts the Secure Bootloader from Secure World, SeBo can reduce the additional overhead of checking the Normal Bootloader from Normal World.

Keywords

References

  1. S. Yuru, X. Luo, C. Qian. "Rootguard: Protecting rooted android phones," IEEE Computer Vol. 47, No. 6, pp. 32-40, 2014.
  2. S. Smalley, "The case for SE Android," In Linux Security Summit 2011. http://selinuxproject.org/-jmorris/lss2011_slides/caseforseandroid.pdf.
  3. S. Smalley, R. Craig. "Security Enhanced (SE) Android: Bringing Flexible MAC to Android," NDSS (Vol. 310, pp. 20-38), 2013.
  4. T.M. Kim, S.W. Kim, C. Yoo, "Tiny Monitoring Platform for Protecting Data against Compromised Mobile Operating Systems," Proceeding of Autumn Conference on IEMEK (in Korean).
  5. Technologies, A.R.M "ARM Architecture Reference Manual ARMv7-A and ARMv7-R edition, " URL: ARM Architecture Reference Manual ARMv7-A and ARMv7-R edition
  6. Technologies, A.R.M "ARM Security Technology Building a Secure System using TrustZone(R) Technology," http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.prd29-genc-009492c/index.html
  7. Aghera, P., Bok, A., Chintada, S., Rao, S., & Rinaldi, A. (2003). U.S. Patent Application 10/652,352.
  8. Technologies, A.R.M "Chapter 4. Global timer, private timers, and watchdog registers," http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0407i/BEJHAGEE.html
  9. LWN.net, "ARM:global_timer: Add ARM global timer support," https://lwn.net/Articles/549648/
  10. D. Menasce, "Security performance." IEEE Internet Computing, Vol. 7, No. 3, pp. 84-87, 2003. https://doi.org/10.1109/MIC.2003.1200305
  11. R. Rivest, "The MD5 message-digest algorithm," http://tools.ietf.org/html/rfc1321?ref=driverlayer.com, 1992.
  12. Technologies, Samsung "Samsung KNOX Workspace" https://www.samsungknox.com/en/products/knox-workspace/technical
  13. J. Shin, Y. Kim, W. Park, C. Park, "A Secure Data Management Framwork based on ARM TrustZone for Cloud Storage Services," Proceeding of Autumn Conference on IEMEK (in Korean).
  14. J. Shin, Y. Kim, W. Park, C. Park, "A Method for Data Access Control and Key Management in Mobile Cloud Storage Services," J. IEMEK Embed. Syst. Appl., Vol. 8, No. 6, pp. 303-309, 2013 (in Korean). https://doi.org/10.14372/IEMEK.2013.8.6.303