The Journal of the Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회논문지)

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Security Technology using Mobile Virtualization TYPE-I

모바일 가상화 TYPE-I을 이용한 보안 기술 연구

  • Received : 2015.10.08
  • Accepted : 2015.12.11
  • Published : 2015.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, with smart device proliferation and providing the various services using this, they have interested in mobile and Smart TV security. Smartphone users are enjoying various service, such as cloud, game, banking. But today's mobile security solutions and Study of Smart TV Security simply stays at the level of malicious code detection, mobile device management, security system itself. Accordingly, there is a need for technology for preventing hacking and leakage of sensitive information, such as certificates, legal documents, individual credit card number. To solve this problem, a variety of security technologies(mobile virtualization, ARM TrustZone, GlobalPlatform, MDM) in mobile devices have been studied. In this paper, we propose an efficient method to implement security technology based on TYPE-I virtualization using ARM TrustZone technology.

최근 스마트 장치 확산과 이러한 장치들을 이용한 다양한 서비스들의 도입으로 모바일 보안 및 스마트 TV 보안에 대한 관심이 증가하고 있다. 스마트폰 사용자들은 클라우드 서비스, 게임, 뱅킹 서비스, 모바일 서비스 등의 다양한 서비스를 사용한다. 하지만 현재의 모바일 보안 솔루션과 스마트 TV 보안은 단순히 악성코드를 탐지하거나 모바일 단말 관리, 자체 보안 시스템을 이용하는 수준에 머무르고 있다. 이에 인증서, 법인 문서, 개인의 신용 카드 번호와 같은 보안에 민감한 정보에 대해 서비스 해킹 및 누설을 방지하는 기술이 필요하다. 이러한 문제를 해결하기 위해서 모바일 가상화, ARM TrustZone, GlobalPlatform, MDM과 같은 다양한 모바일 장치의 보안 기술이 연구되었다. 따라서 본 논문에서는 가상화 TYPE-I 기반의 ARM TrustZone 기술을 이용한 효율적 보안 기술 구현 방법을 제시한다.

Keywords

References

  1. Young-Ho Kim, Jeong-Nyeo Kim, "Building Secure Execution Environment for Mobile Platform Computers", 2011 First ACIS/JNU International Conference, IEEE, pp.119-122, 2011, DOI:10.1109/CNSI.2011.36
  2. Young-Ho Kim, Yun-Kyung Lee, and Jeong-Nye Kim. "TeeMo: A Generic Trusted Execution Framework for Mobile Devices", Computers, Networks, Systems, and Industrial Application International Conference, SERSC, Volume 8, 2012.
  3. J. Bickford, R. O'Hare, A. Baliga, V. Ganapathy, and L. Iftode, "Rootkits on Smart Phones: Attacks, Implications and Opportunities," HotMobile'10, Feb. 2010, DOI:10.1145/1734583.1734596
  4. Trusted Computing Group, TCG Specification Architecture Overview Specification, revision 1.4, http://www.trustedcomputinggroup.org/resources/tcg_architecture_overview_version_14, Aug., 2007.
  5. C. Linn and S. Debray, "Obfuscation of Executable Code to Improve Resistance to Static Disassembly," ACM CCS, Oct. 2003, DOI:10.1145/948109.948149.
  6. P. Barham et al., "Xen and the Art of Virtualization," ACM SOSP, Oct. 2003, DOI: 10.1145/1165389.945462
  7. A. Whitaker, M. Shaw, and S. D. Gribble, "Scale and Performance in the Denali Isolation Kernel," ACM OSDI, vol. 36, 2002, DOI:10.1145/844128.844147
  8. TCG, Mobile Trusted Module Specification, ver. 1.0, revision 6, http://www.trustedcomputinggroup.org/files/resource_files/87852F33-1D09-3519-AD0C0F141CC6B10D/Revision_6-tcg-mobile-trusted-module-1_0.pdf, June 2008.
  9. S. M. Lee, S. B. Suh, and B. Jeong, S. Mo, "A Multi-Layer Mandatory Access Control Mechanism for Mobile Devices Based on Virtualization", IEEE Consumer Communications and Networking Conference, Jan. 2008, DOI:10.1109/ccnc08.2007.63
  10. J. Y. Hwang and S. B. Suh, "Xen-On-ARM: System Virtualization using Xen Hypervisor for ARM-based Secure Mobile Phones," IEEE Consumer Communications and Networking Conference, Jan. 2008, DOI:10.1109/ccnc08.2007.64
  11. J. Azema and G, Fayad, "M-Shield Mobile Security Technology", http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf, White Paper, Texas Instruments, 2008.
  12. NFC mobile service standard consortium, "Dynamic management of multi-application secure elements", http://members.nfc-forum.org/resources/white_papers/Stolpan_White_Paper_08.pdf, White Paper, 2008.
  13. R. Sailer, X. Zhang, T. Jeager, and L. Doorn, "Design and Implementation of a TCG-based Integrity Measurement Architecture", https://www.usenix.org/legacy/events/sec04/tech/full_pa pers/sailer/sailer.pdf, 13th USENIX Security Symposium, Aug. 2004.
  14. T. Garfinkel and B. Pfaff, "Terra: A Virtual Machine-Based Platform for Trusted Computing,'' ACM SOSP, 2003, DOI:10.1145/945445.945464
  15. Jung-Oh Park and Byung-Wook Jin, "A Study on Authentication Method for Secure Payment in Fintech Environment", The Journal of The Institute of Internet, Broadcasting and Communication, Vol. 15, No. 4, pp.25-31, Aug. 2015. https://doi.org/10.7236/JIIBC.2015.15.4.25
  16. Hwi-Min Choi, Chang-Bok Jang, Joo-Man Kim, Efficient Security Method Using Mobile Virtualization Technology And Trustzone of ARM, DOI:10.14400/JDC.2014.12.10.299
  17. Young-Do Joo, "Security Improvements on Smart-Card Based Mutual Authentication Scheme", International Journal of Internet, Broadcasting and Communication, The Journal of The Institute of Webcasting, Internet and Telecommunication VOL. 12 No. 6, DOI:10.7236/JIWIT.2012.12.6.91