A Private User Data Protection Mechanism in TrustZone Architecture Based on Identity Authentication  被引量：3

作　　者：Bo Zhao Yu Xiao Yuqing Huang Xiaoyu Cui 

机构地区：[1]School of Computer, Wuhan University,Wuhan 430072,China

出　　处：《Tsinghua Science and Technology》2017年第2期218-225,共8页清华大学学报（自然科学版（英文版）

基　　金：supported by the National HighTech Research and Development (863) Program (No. 2015AA016002);the National Key Basic Research Program of China (No. 2014CB340600);the National Natural Science Foundation of China (Nos. 61303024 and 61272452);the Natural Science Foundation of Jiangsu Province (Nos. BK20130372)

摘　　要：In Trust Zone architecture, the Trusted Application（TA） in the secure world does not certify the identity of Client Applications（CA） in the normal world that request data access, which represents a user data leakage risk. This paper proposes a private user data protection mechanism in Trust Zone to avoid such risks. We add corresponding modules to both the secure world and the normal world and authenticate the identity of CA to prevent illegal access to private user data. Then we analyze the system security, and perform validity and performance tests.The results show that this method can perform effective identity recognition and control of CA to protect the security of private user data. After adding authentication modules, the data operation time of system increases by about0.16 s, an acceptable price to pay for the improved security.In Trust Zone architecture, the Trusted Application（TA） in the secure world does not certify the identity of Client Applications（CA） in the normal world that request data access, which represents a user data leakage risk. This paper proposes a private user data protection mechanism in Trust Zone to avoid such risks. We add corresponding modules to both the secure world and the normal world and authenticate the identity of CA to prevent illegal access to private user data. Then we analyze the system security, and perform validity and performance tests.The results show that this method can perform effective identity recognition and control of CA to protect the security of private user data. After adding authentication modules, the data operation time of system increases by about0.16 s, an acceptable price to pay for the improved security.

关 键 词：embedded system TrustZone Trusted Application（TA） identity authentication private data protection 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]