TrustPAY:基于安全增强的ARM TrustZone平台的可信移动支付

2016 IEEE Symposium on Computers and Communication (ISCC) Pub Date : 2016-06-27 DOI:10.1109/ISCC.2016.7543781

Xianyi Zheng, Lulu Yang, Jiangang Ma, Gang Shi, Dan Meng

{"title":"TrustPAY:基于安全增强的ARM TrustZone平台的可信移动支付","authors":"Xianyi Zheng, Lulu Yang, Jiangang Ma, Gang Shi, Dan Meng","doi":"10.1109/ISCC.2016.7543781","DOIUrl":null,"url":null,"abstract":"Recent technological advances have accelerated the design and deployment of kinds of secure applications on smartphones. Although users can access and handle their data flexibly and stably with mobile devices, not only computing devices, it poses security challenges of a new dimension that users disclose lots of sensitive data and privacy information over open devices and networks as well. Thus, more and more malwares are emerging to compromise mobile OS and steal sensitive data from these applications. In this paper, we propose a mobile payment framework TrustPAY on TrustZone security enhanced platform, which can ensure payment transactions security and realize privacy friendly payment. We have implemented a prototype system on a simulation environment by using ARM FastModel and Open Virtualization software stack for ARM TrustZone, and presented our implementation on a real development board by using ARM CoreTile Express A9×4. Our experiment evaluation and security analysis prove that our scheme can effectively meet the security requirements of a practical m-payment with acceptable performance. Furthermore, TrustPAY is also flexible to support kinds of secure applications requiring to privacy protection.","PeriodicalId":148096,"journal":{"name":"2016 IEEE Symposium on Computers and Communication (ISCC)","volume":"136 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":"{\"title\":\"TrustPAY: Trusted mobile payment on security enhanced ARM TrustZone platforms\",\"authors\":\"Xianyi Zheng, Lulu Yang, Jiangang Ma, Gang Shi, Dan Meng\",\"doi\":\"10.1109/ISCC.2016.7543781\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recent technological advances have accelerated the design and deployment of kinds of secure applications on smartphones. Although users can access and handle their data flexibly and stably with mobile devices, not only computing devices, it poses security challenges of a new dimension that users disclose lots of sensitive data and privacy information over open devices and networks as well. Thus, more and more malwares are emerging to compromise mobile OS and steal sensitive data from these applications. In this paper, we propose a mobile payment framework TrustPAY on TrustZone security enhanced platform, which can ensure payment transactions security and realize privacy friendly payment. We have implemented a prototype system on a simulation environment by using ARM FastModel and Open Virtualization software stack for ARM TrustZone, and presented our implementation on a real development board by using ARM CoreTile Express A9×4. Our experiment evaluation and security analysis prove that our scheme can effectively meet the security requirements of a practical m-payment with acceptable performance. Furthermore, TrustPAY is also flexible to support kinds of secure applications requiring to privacy protection.\",\"PeriodicalId\":148096,\"journal\":{\"name\":\"2016 IEEE Symposium on Computers and Communication (ISCC)\",\"volume\":\"136 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-06-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"19\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE Symposium on Computers and Communication (ISCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISCC.2016.7543781\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Symposium on Computers and Communication (ISCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCC.2016.7543781","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 19

摘要

最近的技术进步加速了智能手机上各种安全应用程序的设计和部署。虽然用户可以通过移动设备(不仅仅是计算设备)灵活、稳定地访问和处理自己的数据，但在开放的设备和网络上，用户也会泄露大量敏感数据和隐私信息，这给安全带来了新的挑战。因此，越来越多的恶意软件开始入侵移动操作系统，并从这些应用程序中窃取敏感数据。本文提出了一种基于TrustZone安全增强平台的移动支付框架TrustPAY，可以保证支付交易的安全性，实现隐私友好型支付。我们利用ARM FastModel和ARM TrustZone的开放虚拟化软件栈在仿真环境中实现了一个原型系统，并利用ARM core Express A9×4在一个真实的开发板上展示了我们的实现。我们的实验评估和安全性分析证明，我们的方案可以有效地满足实际移动支付的安全要求，并且性能可以接受。此外，TrustPAY还灵活地支持各种需要隐私保护的安全应用程序。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

TrustPAY: Trusted mobile payment on security enhanced ARM TrustZone platforms

Recent technological advances have accelerated the design and deployment of kinds of secure applications on smartphones. Although users can access and handle their data flexibly and stably with mobile devices, not only computing devices, it poses security challenges of a new dimension that users disclose lots of sensitive data and privacy information over open devices and networks as well. Thus, more and more malwares are emerging to compromise mobile OS and steal sensitive data from these applications. In this paper, we propose a mobile payment framework TrustPAY on TrustZone security enhanced platform, which can ensure payment transactions security and realize privacy friendly payment. We have implemented a prototype system on a simulation environment by using ARM FastModel and Open Virtualization software stack for ARM TrustZone, and presented our implementation on a real development board by using ARM CoreTile Express A9×4. Our experiment evaluation and security analysis prove that our scheme can effectively meet the security requirements of a practical m-payment with acceptable performance. Furthermore, TrustPAY is also flexible to support kinds of secure applications requiring to privacy protection.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE Symposium on Computers and Communication (ISCC)

自引率

0.00%

发文量