In Trust Zone architecture, the Trusted Application(TA) in the secure world does not certify the identity of Client Applications(CA) in the normal world that request data access, which represents a user data leaka...In Trust Zone architecture, the Trusted Application(TA) in the secure world does not certify the identity of Client Applications(CA) in the normal world that request data access, which represents a user data leakage risk. This paper proposes a private user data protection mechanism in Trust Zone to avoid such risks. We add corresponding modules to both the secure world and the normal world and authenticate the identity of CA to prevent illegal access to private user data. Then we analyze the system security, and perform validity and performance tests.The results show that this method can perform effective identity recognition and control of CA to protect the security of private user data. After adding authentication modules, the data operation time of system increases by about0.16 s, an acceptable price to pay for the improved security.展开更多
基金supported by the National HighTech Research and Development (863) Program (No. 2015AA016002)the National Key Basic Research Program of China (No. 2014CB340600)+1 种基金the National Natural Science Foundation of China (Nos. 61303024 and 61272452)the Natural Science Foundation of Jiangsu Province (Nos. BK20130372)
文摘In Trust Zone architecture, the Trusted Application(TA) in the secure world does not certify the identity of Client Applications(CA) in the normal world that request data access, which represents a user data leakage risk. This paper proposes a private user data protection mechanism in Trust Zone to avoid such risks. We add corresponding modules to both the secure world and the normal world and authenticate the identity of CA to prevent illegal access to private user data. Then we analyze the system security, and perform validity and performance tests.The results show that this method can perform effective identity recognition and control of CA to protect the security of private user data. After adding authentication modules, the data operation time of system increases by about0.16 s, an acceptable price to pay for the improved security.
