Mobile device security is gaining increasing importance nowadays. There is a wide range of possible methods to secure mobile devices. For example one conventional method is to establish a static root of trust and/or dynamic root of trust in various computing environments. This serves either to attest that an untrusted environment can provide some security guarantees and/or to create a trusted sub-environment within an untrusted computing environment.
In this respect there are two general conventional methods. The first conventional method relies simply on embedding TPM chips—trusted platform module chips—within mobile devices and establishing a root of trust within the mobile device itself. Such a method is for example disclosed in the non-patent literature “Bootstrapping Trust in Commodity Computers.”, of B. Parno, J. M. McCune, A. Perrig IEEE S&P 2010, in “OSLO: Improving the security of Trusted Computing”, of Bernhard Kauer, in the non-patent literature of the Trusted Computing Group http://www.trustedcomputinggroup.org and in the non-patent literature of IBM 4758 Basic Services Manual: http://www-03.ibm.com/security/cryptocards/pdfs/IBM_4758_Basic_Services_Manual_Release_2_54.pdf.
However, while there are several architectures for standard personal computer platforms being able to support an establishment of a root of trust this conventional method is rather immature for mobile devices.
A second conventional method uses embedded secret keys within the mobile phone smart card as means to authenticate the mobile device to external entities and/or to bootstrap a trusted computing base in the mobile device itself, for example disclosed in the non-patent literature of Kalman, G., Noll, J., UniK, K.: SIM as secure key storage in communication networks, in: International Conference on Wireless and Mobile Communications (ICWMC) (2007), of Noll, J., Lopez Calvet, J. C., Myksvoll, K.: Admittance services through mobile phone short messages, in: International Multi-Conference on Computing in the Global Information Technology. pp. 77-82, IEEE Computer Society, Washington, D.C., USA (2006) or in the non-patent literature of Mantoro, T., Milisic, A.: Smart card authentication for Internet applications using NFC enabled phone in: International Conference on Information and Communication Technology for the Muslim World (ICT4M) (2010).
However, current mobile phone smart cards like SIM-cards cannot fully mimic the functionality of existing TPMs. Further they do not support restricted operations on platform configuration registers PCR and additionally they can be cloned. Therefore, SIM-cards cannot or are at least unlikely to provide alone for a solution to bootstrap trust in a device.
One possibility to strengthen mobile device security by relying on a minimal hardware assumption is to ensure a secure boot process and then rely on an integrity measurement architecture IMA, for example disclosed in the non-patent literature of IBM Integrity Measurement Architecture, http://researcher.watson.ibm.com/researcher/view_project.php?id=2851 in conjunction with additional functionality from the smart card to ensure that the executing code is always correct. Securing the boot process of a mobile device can be achieved by ensuring that in every boot the device re-initializes its entire memory with a new correct code. Since all the memory including the random access memory RAM of the mobile device will be purged any malware that has been installed on the device will be automatically deleted.
Conventional secure code update protocols, for example disclosed in the non-patent literature of Daniele Perito, Gene Tsudik: “Secure Code Update for Embedded Devices via Proofs of Secure Erasure”, in: Proceedings of ESORICS 2010 send the code to be updated encrypted using a secret key in M-E bits of data to the mobile device at the bootstrap time wherein M is the bit size of the total memory of the memory-constrained device and E is the minimum size for the essential code for the update. Once this code is received by the mobile device a verifier conducts a proof-of-retrievability POR protocol, for example disclosed in the non-patent literature of Shacham, H., and Waters, B, “Compact Proofs of Retrievability”, in: ASIACRYPT (2008), pp. 90-107, of Juels, A., and J R., B. S. K. PORs: Proofs Of Retrievability for Large Files, in: ACM Conference on Computer and Communications Security (2007), pp. 584-597, and in the non-patent literature of Ateniese, G., Burns, R. C., Curtmola, R., Herring, J., Kissner, L., Peterson, Z. N. J., and Song, D. X, “Provable data possession at untrusted stores”, in: ACM Conference on Computer and Communications Security (2007), pp. 598-609, to verify that the mobile device has indeed stored all the M-E bits of the encrypted data.
Although this ensures a secure code update, these proof-of-retrievability POR protocols are only probabilistic: An adversary has therefore a non-negligible probability of deleting some parts of the encrypted code to save space and store malware and still prove to the verifier that he has most of the encrypted code update. A second problem is that proof-of-retrievability POR protocols are typically interactive and require a verification of a large number of encrypted file blocks in order to ensure that the file is stored, for example with a 90% confidence.