The present disclosure herein relates to a mobile system, and more particularly, to a user device and an integrity verification method of the same.
Mobile terminals such as a smartphone and table PC are used by many users due to their extendibility and portability. In these mobile terminals, various applications may be installed according to user selection. The mobile terminals may perform various data processing operations such as move, edit, copy, delete, or the like on the basis of the installed applications. However, a degree of freedom for data processing of the above-described mobile terminal may provide various attack chances to hackers. In particular, in a case of mobile terminal operated based on an open source such as Android, the above-described issues may seriously occur.
In detail, a typical mobile platform is difficult to determine whether each application is reliable and accordingly, treats all applications as an identical target. In particular, an open source-based operating system such as Android may structurally change the platform in an arbitrary way. Due to this, a security device and security means included in a user terminal may be arbitrarily changed. As an example, in an Android-based user terminal, all applications may be executed by a Dalvik Virtual machine. However, a typical integrity verification program considers a virtual machine as an execution file and does not perform verification on a state of a system resource, which is internally executed by the virtual machine.
In addition, a mobile terminal, in which some of important system components thereof are damaged, may be used as a main tool for financial accident and social threat according to illegal acquisition of personal information. Accordingly, a user or service provider requires a means for reliably verifying a mobile terminal.
Furthermore, the mobile terminal has a resource-limited characteristic unlike a typical desktop PC. Recently, with the development of electronic techniques such as a multi-core and large-scale flash memory, limitations on use of resources are somewhat resolved. However, in order to support more rapid calculation ability and input/output speed, high clock frequency-based processors and memories operate and recently developed applications require rapid computational cycles and large-scale storage spaces. Due to these requirements, an issue of increase in power consumption occurs in the mobile terminal.
Typical integrity verification methods provide all-time security monitoring but operate based on a short period in order to improve security reliability. Since the short period-based verification operation acts as a main cause of performance degradation and acceleration in power consumption of the mobile terminal, it is improper to verify a reliable state of a mobile terminal platform. In addition, an existing Trusted Platform Module (TPM) or Mobile Trusted Module (MTM) specification has very high complexity in realization with software to cause relatively lots of power consumption in the mobile terminal.