Providing Verifiable Integrity on Mobile Platforms

Open Access
Author:
Sawani, Anuj
Graduate Program:
Electrical Engineering
Degree:
Master of Science
Document Type:
Master Thesis
Date of Defense:
July 07, 2008
Committee Members:
  • Trent Ray Jaeger, Thesis Advisor
  • George Kesidis, Thesis Advisor
Keywords:
  • openmoko
  • attacks
  • mobile phone
  • integrity
  • security
  • selinux
Abstract:
Mobile phone systems are becoming as advanced and powerful as desktop computers. They now provide services beyond telephony, such as browsing the internet, personal information management or even playing games. However, third-party applications, such as mobile games, could execute malware on the phone and threaten to affect the integrity of trusted software like mobile banking clients. The goal is to prevent trusted data or code from being affected by untrusted software with minimum overhead. The phone has limited processing power and we aim to show that an optimized security framework running on the phone does not affect the performance significantly. We use the Security Enhanced Linux (SELinux) framework combined with Policy Reduced Integirty Measurement Architecture (PRIMA) to provide integrity guarantees to remote parties. Each of these components have been ported to work with an ARM-based platform. Further, the SELinux policy loaded at boot time also ensures that the trusted software is not compromised at any time. On average, we found that the phone takes approximately 0.03 seconds to perform an integrity measurement on a 150KB file. This negligible overhead does not affect performance significantly while assuring integrity of the phone. Our work shows that the approach is practical and will provide a basis for the future development of a standard security framework for mobile phone systems.