Problem Statement: Trusted computing for Mobile Cloud Computing
Mobile cloud computing (MCC) is increasingly outsourcing data and computational tasks to the cloud, allowing resource-constrained devices to extend their capabilities and leverage virtually unlimited storage However, ensuring data protection and security in untrusted environments remains a critical challenge as the use of MCC grows Our research focuses on exploring existing trusted platforms to address these security concerns effectively.
- Is a pure security solution sufficient to build a trust environment? and
- How can mobile devices cooperate with the Cloud to build a trust environment?
Trusted computing, a well-established concept in research, enhances security by utilizing hardware to provide independent security primitives A key example of this technology is Remote Attestation, which allows a computing system to assess the properties of a remote system, detecting any compromises By defining the security requirements based on the properties of a platform or application, trusted computing helps ensure the fundamental principles of system security: Confidentiality, Integrity, and Authentication (C.I.A).
In cloud environments, managing encryption keys poses significant challenges, especially as different cloud customers may utilize various encryption methods To address the security of these keys and encrypted data, we propose leveraging the Trusted Platform Module (TPM), endorsed by the Trusted Computing Group The TPM serves as a foundational element for trusted computing, widely used in both industry and government applications, such as Microsoft’s BitLocker for device encryption and security solutions for the U.S Department of Defense Its capabilities enhance system protection against both intentional and accidental threats Based on the functionalities of the TPM, we suggest a novel schema for property-based attestation that is compatible with token-based authentication.
Security and trust are essential elements for developing a comprehensive and adaptable solution in mobile cloud environments This article explores the integration of trust and reputation systems, utilizing intelligent methods like fuzzy logic and ant colony optimization, to enhance security and reliability in these settings.
Thesis contribution
Contribution 1
This PhD dissertation explores a real case study of mobile cloud computing (MCC), beginning with an examination of various architecture models It highlights the energy efficiency of these MCC architectures through detailed experimental analysis.
This article discusses a tailored approach that evaluates the performance of various methodologies, specifically through the lens of the MCC model applied to a real-world scenario We introduce the Droplock system, which aims to enhance the security of service delivery from suppliers to clients This foundational work has motivated us to create an innovative security solution as part of our second contribution.
Contribution 2
Leveraging a blend of innovative technologies and trends, including trusted platforms, cloud computing, and bring-your-own-device (BYOD) policies, we present Property-Based Token Attestation to enhance mobile user security within enterprise cloud environments.
MCC’s architecture can be classified into many categories [15], to simplify, we have selected the Client-Server model ofMCC to simulate the proposed security solution.
Contribution 3
Given the inadequacy of traditional security protocols like public key infrastructure (PKI) in robustly securing the Mobile Cloud Computing (MCC) ecosystem, we propose a bio-inspired intelligence schema for evaluating trust and reputation This innovative approach, which incorporates fuzzy logic and ant colony systems, is designed to accommodate both one-to-one (Client-Server) and one-to-many (Client-Cloudlets) relationships, allowing clients to dynamically select the most suitable service providers to meet their specific needs.
Thesis outline
The rest of this manuscript is organized as follows:
♦ Chapter 2 recalls several virtualization techniques and compares the virtualization based on containers with virtual machines.
♦ Chapter 3 introduces various definitions of mobile cloud computing, including its structures and related models.
♦ Chapter 4 provides a survey of existing trusted platforms and figures out how they are suitable for secure mobile-users in the context of mobile cloud computing.
♦ Chapter 5 addresses the security issues related to mobile cloud computing.
♦ Chapter 6 describes a scenario for measuring trust and reputation which also consist of the state of the art of the corresponding literature related to computational intelligence.
♦ Chapter 7 presents the first contribution by addressing the recent challenges ofMCC in terms of energy and security under real case study and experimental work.
Chapter 8 presents a new framework for attestation called Property-based Token Attestation in Mobile Cloud Computing (MCC) This section also analyzes performance metrics, including energy consumption and security, to compare the proposed model with existing ones.
♦ Chapter 9 delivers the last contribution of the PhD work for the trust and reputation management in the context of multi-cloudlets.
♦ Chapter 10 analyses the performance between the proposed models and the other contemporary models
♦ Chapter 11 concludes and draws a summary of whole work and also presents the prime perspective of this work.
Context and State of the Art
The phrase "No Cloud without Virtualization" highlights the essential role of virtualization technology in optimizing the capabilities of physical computers by distributing resources among multiple operating systems The concept of virtual machines (VMs) dates back to 1964 with IBM's CP/CMS system, which utilized a Control Program (CP) to create several virtual copies of a physical machine, each running its own CMS operating system In 1974, researchers Goldberg and Popek published a pivotal paper outlining the necessary conditions for computer architecture to effectively support system virtualization The landscape evolved in 1999 when VMware launched its VMware Virtual Platform for the x86-32 architecture, followed by Intel and AMD's introduction of virtualization support extensions in 2006 This chapter will explore the fundamental principles of virtualization.
Virtualization techniques
Full virtualization
Full virtualization allows a guest operating system to run without any modifications to its source code, making it unaware of the virtualization process It employs binary translation (BT) to emulate privileged instructions while directly executing other instructions on the host CPU There are two types of hypervisors for full virtualization: Type 1, which operates directly on the hardware, and Type 2, which runs atop a host operating system like a standard application However, full virtualization comes with a drawback, as the virtual machine monitor (VMM) must implement specific techniques to virtualize hardware for each virtual machine, leading to increased overhead during hardware access.
Para virtualization
The collaboration between the guest operating system (OS) and the hypervisor enhances performance by allowing the guest OS to directly invoke hypercalls This process involves modifying the guest OS's source code to enable it to execute privileged instructions efficiently through the hypervisor.
OS is aware to be virtualized The drawback of this technique is the poor compatibility and portability of OSs.
Hardware-assisted virtualization
To enhance virtualization techniques, hardware manufacturers like Intel and AMD have developed new extensions that support this technology As a result, Intel Virtualization Technology (VT-x) and AMD's virtualization solutions have introduced dual-mode features for CPU execution.
In hardware-assisted virtualization, the Virtual Machine Monitor (VMM) operates in a root mode below ring 0 (ring -1), while the guest operating system functions in non-root mode (ring 0) The state of the guest OS is maintained in Virtual Machine Control Structures for Intel VT-x or Virtual Machine Control Blocks for AMD This approach significantly reduces the overhead associated with the traditional trap-and-emulate model.
2 https://www.vmware.com/techpapers/2007/understanding-full-virtualization-paravirtualizat-1008.html
Virtualization of hardware
Processor virtualization
The operating system (OS) is designed to operate directly on physical hardware, utilizing the computer's resources fully In the traditional x86 architecture, there are four privilege levels, known as rings 0 to 3, which manage hardware access for the OS and applications User applications operate in Ring 3 (user mode), while the OS functions in Ring 0 (kernel mode) to maintain complete control Modern CPU generations have introduced the Virtual Machine Extension (VMX) for virtualization, featuring two execution levels: VMX root mode for executing Virtual Machine Monitor (VMM) functions and VMX non-root mode for running guest operating systems with reduced privileges.
Memory
In traditional operating systems, each process is allocated a distinct physical memory with its own virtual address space When a process needs to access memory, its virtual address is translated by the memory management unit (MMU) using the process's page table However, when a guest operating system operates on a hypervisor, an extra layer of address translation is introduced.
The guest operating system (OS) translates guest virtual addresses (GVA) to guest physical addresses (GPA), while the hypervisor is responsible for converting GPA to machine physical addresses (MPA).
Devices
The Virtual Machine Monitor (VMM) must provide essential devices to the guest operating system, including disk drives, network interfaces, USB ports, and timers Since the guest OS drivers are typically unaware of virtualization, their instructions must be intercepted and emulated, leading to performance overhead However, if the drivers are designed to be virtualization-aware, they can establish a more efficient connection to the virtual devices by utilizing specialized drivers that communicate directly with para-virtualized devices, such as the virtual interface in Linux.
Isolation by containers
Containers
Container-based virtualization operates with a single-level scheduling system, where containers house processes while sharing the kernel and libraries The scheduler functions solely at the process level, akin to traditional operating systems The key distinction lies in the allocation of processes to containers, with the operating system ensuring isolation between each container.
A container is defined as a confined environment within the global environment, and the Linux operating system offers mechanisms to create these containers while enforcing predefined policies Isolation within containers occurs at two levels: between processes and between processes and hardware.
Virtualization based on containers versus virtual machines
Containers operate as applications within the host operating system, unlike virtual machines that depend on a hypervisor This fundamental difference leads to superior performance for containers compared to virtual machines, as they introduce minimal overhead.
(a) Virtual machines based hypervisor (b) Virtualization based on containers
Figure 2.1: Virtual Machine versus Docker Container architectures in table 2.1 present the comparison between the containers 3 and virtual machines in terms of size of images, platform dependency and migration.
3 https://docs.docker.com/installation/windows/
Require A host OS A hypervisor of type 1 or type 2
Images are lightweight (for ex- ample, basic Ubuntu image for Docker containers has 180MB)
A VM hosts a guest OS that is a very big file (for example Ubuntu 14.04.1 has more than 1GB).
Dependent-platform: the con- tainer is viewed as a bunch of processes vis-à-vis the host OS.
An operating system (OS) is hosted on a virtual machine (VM) managed by a hypervisor, which allows it to function independently The guest OS operates as if it has complete access to the physical resources, unaware of the underlying virtualization layer.
Migration between platforms is feasible only when both the source and destination are Linux-based Although Docker offers a container engine for Windows, it relies on Linux-specific kernel features and necessitates a virtual machine (VM) to function properly.
Migration is suitable for VMs viewed as files easily migratable and manageable by a hypervisor.
Table 2.1: Difference between Containers and VMs
Introduction
Software as a Service (SaaS)
SaaS, or on-demand software, is a distribution model that allows customers to access applications like Google Apps and Office 360 via the Internet In this model, the SaaS Provider hosts the software in its data center, and users interact with it through a standard web browser SaaS offers benefits for both personal and enterprise use, enabling users to access the same functionalities as traditional software without the need to purchase a license By managing the application remotely, SaaS providers simplify software installation, maintenance, and upgrades, reducing the need for user intervention.
Platform as a Service (PaaS)
PaaS (Platform as a Service) provides developers with application programming interfaces (APIs) and a programming environment to build and host their applications on the provider’s infrastructure It allows users to run existing applications or design, develop, test, deploy, debug, and host new applications within a robust software platform The PaaS model ensures the elasticity and scalability of the underlying hardware and software, while the provider manages application delivery Notable examples of PaaS include Google Application Engine (GAE), Amazon Web Services, and Microsoft Azure Pricing models for PaaS typically include per-application developer licenses and hosted-seats options Compared to SaaS, PaaS offers users greater control over their applications.
Infrastructure as a Service (IaaS)
IaaS, or Infrastructure as a Service, offers virtualized computing resources such as hardware, storage, servers, and networking components, allowing customers to install their own operating systems and applications on provisioned virtual machines This model enables businesses to avoid the upfront costs of purchasing physical hardware, opting instead for a pay-as-you-go approach based on usage metrics like CPU time, storage capacity, and network bandwidth Notable examples of IaaS providers include Amazon EC2, Cisco Metapod, and Google Compute Engine.
Figure 3.1: Service models of cloud computing
Mobile Cloud Computing
The evolution of mobile computing has led to a diverse range of networked devices, including smartphones, laptops, and wearables, with projections indicating over 50 billion connected objects by 2020 This diversity stems from differences in software, hardware, and architecture Today, mobile computing plays a crucial role in enhancing daily life, offering convenience and efficiency regardless of time or location Mobile applications leveraging cloud computing provide on-demand services that can be quickly deployed and managed with minimal effort from service providers However, mobile cloud computing is not merely a blend of mobile and cloud technologies; it encompasses various definitions that must be explored, particularly concerning its models and associated security challenges.
Mobile cloud computing is an innovative platform that merges mobile devices with cloud technology, allowing the cloud to handle intensive computing tasks and store vast amounts of data In this framework, both data processing and storage occur outside of mobile devices According to Cisco's Internet Business Solutions Group, mobile cloud services and applications are delivered from a centralized, potentially virtualized data center directly to mobile devices like smartphones Users can access these services on-demand through a browser or thin client, which differs from traditional "thicker" clients that are downloaded from app stores and operate directly on the device Importantly, mobile cloud services are designed to be compatible with various devices and operating systems.
Mobile cloud computing is a model that allows developers to create mobile applications utilizing cloud technology, enabling them to design apps tailored for mobile users without limitations imposed by mobile operating systems or smartphone memory Typically accessed through a mobile browser from a remote web server, this approach eliminates the need for client application installation on the user's device The architecture of mobile cloud computing and its key stakeholders are illustrated in figures 3.2a and 3.2b.
MCC models
Cloud Server – Client model
Mobile cloud computing enhances the capabilities of devices with limited storage and processing power by enabling seamless access to data and applications hosted on remote servers These cloud servers serve as providers for mobile devices, necessitating optimized network connectivity to ensure high-quality service and smooth transitions The concept of "No Cloud without Virtualization" highlights the importance of virtualization techniques, such as Virtual Machines and Container-based virtualization, in reducing processing time and improving energy efficiency within this architecture.
Virtual Cloud
An innovative approach involves creating a cloud infrastructure using peer-to-peer connected mobile devices for data storage and processing, effectively transforming these devices into resource providers for a virtual cloud In this architecture, mobile devices function as both service providers and consumers, enabling them to collaborate with nearby devices to gather and share information for various applications, such as traffic monitoring and healthcare management.
Cloudlet model
Cloudlets represent an innovative architecture in Mobile Cloud Computing (MCC), functioning as intermediate offload elements in a three-tier structure: Mobile device - Cloudlet - Cloud These resource-rich, well-connected computers are installed in public infrastructure and linked to cloud servers, often utilizing Wi-Fi hotspot servers that support hypervisors for virtual machine management This setup allows nearby mobile devices to offload workloads efficiently, minimizing delay and maximizing bandwidth For instance, when a foreign tourist visits a local museum and encounters language barriers, the availability of a nearby cloudlet enables him to access services for language translation, image processing, or video streaming with low latency and high processing power, avoiding the costly and often unreliable connection to distant clouds via 3G/4G networks.
Simanta et al proposed a cloudlet implementation aimed at improving processing capabilities and conserving battery life in mobile devices, particularly in unreliable network environments A key aspect of their architecture is the stateless nature of offloaded elements, allowing the cloudlet to operate independently after initial setup and provisioning with the central cloud Once connected, mobile devices can offload application overlays—essentially the differences between a base virtual machine and one with the application installed—to the cloudlet, which can support multiple virtual machines This cloudlet concept is being explored for applications in various fields, including vehicle-to-vehicle communication and military operations.
The authors in [38] propose a cloudlet implementation approach that utilizes an application overlay without requiring a pre-existing environment This method involves a VM overlay, which represents the compressed binary difference between a base VM image and a complete VM image that includes the overlay application Mobile users only need to carry these overlays, which can be calculated offline or retrieved from the cloud via the cloudlet As illustrated in figure 3.6, when connected to a cloudlet, a mobile device offloads applications like augmented reality or object recognition to the cloudlet instead of transferring a heavy VM On the cloudlet side, a VM instance is created using the received overlay and the base VM available to the cloudlet, a process known as VM synthesis, enabling the mobile device to perform offload operations efficiently.
Figure 3.6: VM Overlay in the Cloudlet architecture
We simulated a cloudlet model to generate and transfer an overlay between two computer systems, with performance analysis detailed in Chapter 7 This simulation features a VM overlay containing the Geany program on the client side, which is then transferred and reconstructed on the server side Figure 3.7 illustrates this process, with 3.7a showing the imported VM running on the cloudlet server and 3.7b demonstrating the successful transfer of the overlay from the client side.
Summary
In this chapter, we introduced the well-known services of cloud computing and also discussed the existing models of MCC that related to the PhD’s contributions In the next
3 https://github.com/cmusatyalab/elijah-cloudlet
Figure 3.7: Elijah-cloudlet simulation chapter, Trusted Platforms and their features are presented.
Trusted Platforms: Computing with Trust
Introduction
Secure Element (SE)
A smartcard is a tamper-resistant microcontroller that utilizes various software and hardware security measures Embedded in NFC devices like smartphones, a secure element (SE) can securely store sensitive information, including PIN codes and security keys, while also executing cryptographic processing as required by the terminal The physical features of a secure element enhance its security and functionality.
A typical system features a CPU with 8, 16, or 32 bits, accompanied by 32 to 64 kB of PROM for the operating system and 1 to 4 kB of RAM for program execution It also includes 1 kB to 128 kB of EEPROM or Flash memory for data and application storage, while a dedicated crypto-processor handles cryptographic computations Interaction with a secure element (SE) occurs through application protocol data unit (APDU) commands sent from the terminal, to which the SE replies with APDU responses.
The Secure Element (SE) typically operates on a Java Card platform, which includes a Java Card Virtual Machine (JCVM), a Java Card API, and a Java Card Runtime Environment (JCRE) The JCRE is responsible for implementing essential Java Card mechanisms, including transaction management, particularly in smart cards When the SE functions as a SIM card, it is enhanced with Java Card packages that facilitate interactions with the Mobile Network Operator (MNO), enabling functionalities such as sending SMS and making phone calls.
In addition, Java Card platforms are designed in respect to Global Platform specifications 2
In other terms, each Java Card platform is composed of isolated EEPROM areas called
A Security Domain (SD) is designated for a specific service provider (SP) and can host multiple applications associated with that SP Each Java Card application consists of one or more Java Card applets, commonly referred to as Cardlets.
Figure 4.3: Security Domain as defined in GlobalPlatform [4]
As in figure 4.4, each NFC device has a NFC controller that allows a contactless communi- cation with respect to three modes:
The mobile application can read and write data on RFID tags using the NFC Data Exchange Format established by the NFC Forum Since 2010, Google has introduced an API to facilitate this functionality.
- Peer to peer mode: called Android Beam in Android platforms, this mode allows a tap of NFC devices together to exchange data between them.
- Emulation card: unlike the other modes, the emulation card mode involves the use of a SE and allows communication between the mobile and a contactless reader In case
SE is a SIM card (refer figure 4.4), a Single Wire Protocol (SWP) connects the SIM
3 https://nfcforum.org/ card with the NFC controller to perform the communication with the contactless smartcard reader infrastructure.
Host Card Emulation (HCE)
Card Emulation, defined by the NFC Forum and included in the core NFC specifications, enables software emulation of smart card applications through Host Card Emulation (HCE) Initially deployed in Blackberry OS before December 2013, HCE gained support in Android OS with the release of version 4.4, known as "KitKat." This feature provides developers with an API set to manage the NFC interface and communicate with NFC-enabled devices, allowing data to be routed directly to the host CPU running Android applications rather than through a secure element.
Applications can be created to replicate various classic contactless smartcard functionalities, including loyalty programs, access control, ticketing, and payment systems, by utilizing the ISO 14443-4 standard Furthermore, Host Card Emulation (HCE) operates as a standard Android application, lacking any specialized hardware or software security features, which raises potential security concerns.
4 https://developer.android.com/guide/topics/connectivity/nfc/hce.html
Figure 4.5: NFC card emulation without a secure element HCE supports APDU stack protocol
HCE are further compounded by industry reports indicating that Android is, by some distance, the most attacked of all mobile environments.
HCE (Host Card Emulation) is beneficial for the NFC ecosystem, enhancing accessibility for developers and familiarity for users, which could drive mass market adoption It is particularly suitable for low-value transactions where security isn't critical and does not rely on existing card applications However, service providers should approach HCE cautiously for high-value NFC services, as it introduces new challenges that may compromise transaction security and user experience Currently, HCE is still developing, and until more operating system providers adopt this model, deployments will face vulnerabilities linked to widespread Android OS usage.
HCE, as a software solution, is deemed less secure than a physical secure element (SE) due to its inability to implement counter-measures against physical attacks Unlike secure devices designed for high-level security applications, HCE depends on the host operating system, requiring more memory and processing power Additionally, HCE operates independently of secure element providers.
Trusted Execution Environment (TEE)
The GlobalPlatform Trusted Execution Environment (TEE) establishes a standardized isolation environment for mobile devices, ensuring that sensitive code, data, and resources are processed separately from the main operating environment This isolation is reinforced by hardware architecture and a hardware root of trust during the boot sequence, making it resilient against software and probing attacks Code executed within the TEE, known as "Trusted Applications," is cryptographically verified before execution, ensuring high integrity The TEE supports advanced security use cases, such as securing user interfaces and managing access to NFC chips, functioning as a security coprocessor or a trusted bridge between users and various security technologies Meanwhile, the main operating system and applications operate normally, accessing Trusted Applications through a standardized "Client API."
The "Internal API" provides reliable access to secure resources, cryptographic operations, and secure storage, independent of the underlying System on Chip (SoC) hardware The Trusted Execution Environment (TEE) architecture, as illustrated in Figure 4.6, manages and executes both built-in and user-installed trusted applications These applications benefit from the full capabilities of the device's main processor and memory, while hardware isolation safeguards them from user-installed applications in the main operating system Additionally, software and cryptographic isolation within the TEE ensure the protection of trusted applications, similar to the ARM TrustZone platform.
Device and chip manufacturers, like ARM, leverage Trusted Execution Environments (TEEs) to create inherently secure platforms, while service and content providers depend on this foundational trust to introduce innovative services and explore new business opportunities Essentially, a Trusted Execution Environment is a secure zone within the application processor that ensures data integrity and security from the outset.
6 https://www.globalplatform.org/mediaguidetee.asp
The architecture of GlobalPlatform TEE enhances the security and user experience of electronic devices, allowing consumers to interact with their digital environments more efficiently By enabling secure access to a variety of applications and services—such as mobile payments, enterprise productivity tools, mobile banking, online commerce, and premium content—devices equipped with TEE promote increased usage of smart, connected technology Platforms like SierraVisor, SierraTEE (ARM), ARM TrustZone, and Trustonic TEE exemplify the implementation of the TEE concept TEE aims to merge the performance of mobile device operating systems (rich OS) with the security of secure elements (SE), balancing the resilience of SE against attacks with the capabilities of rich OS, which are more vulnerable The comparison of security and usability characteristics among rich OS, TEE, and SE illustrates that while SE offers the highest attack resistance, TEE provides a solid balance, and rich OS ranks lower in security.
A Trusted Execution Environment (TEE) can utilize larger resources than a Secure Element (SE), allowing its RAM size to reach up to 1MB while sharing Flash memory with a Rich Operating System Additionally, the TEE can collaborate with the SE to ensure enhanced security measures.
8 https://www.globalplatform.org/mediaguidetee.asp
Figure 4.7: Rich OS, TEE and SE positioning
Trusted Platform Module (TPM)
TPM, or Trusted Platform Module, is a hardware platform that includes an encryption computing unit and a secure storage component, designed to enhance security for PCs, servers, printers, and mobile devices by transforming them into trusted environments For mobile devices, this secure hardware chip is known as the Mobile Trusted Module (MTM) TPM is a fundamental element of the Trusted Computing Group (TCG), a consortium that includes major companies such as Compaq, HP, IBM, Intel, Microsoft, and AMD TCG mandates three essential Roots of Trust for a trusted platform: Root of Trust for Measurement (RTM), Root of Trust for Storage (RTS), and Root of Trust for Reporting (RTR) The organization has recently introduced the TPM 2.0 library specification, which supports additional cryptographic algorithms and enhances the availability of TPM for applications, along with improved authorization and management mechanisms.
The specifications outline the implementation of the Trusted Platform Module (TPM) across different platforms, guided by TCG's platform-specific standards Upcoming specifications will include the TPM Software Stack (TSS) and distinct guidelines for PCs, mobile devices, embedded systems, and virtualized environments Additionally, these specifications will enhance the protection of cryptographic keys, facilitate random number generation, and enable cryptographic binding of data to specific systems.
The Trusted Platform Module (TPM) enhances security by implementing mechanisms and protocols that verify the proper loading of software on a platform By providing hardware-level protection, TPM facilitates cost-effective authentication, encryption, and network access across various computing platforms Additionally, it securely stores secret keys used for encrypting data files and messages, as well as for signing data, ensuring robust data integrity and confidentiality.
Figure 4.8: Architecture of Trusted Platform Module
TPM (Trusted Platform Module) features special registers known as Platform Configuration Registers (PCR) that store integrity metrics, which are essential for assessing the integrity of code from BIOS to applications The PCRs, ranging from PCR 0 to PCR n (with n being 23 in TPM 2.0), provide critical evidence of the system's state Whenever a system event occurs, the TPM calculates the hash of the metric value and extends it to the corresponding PCR, ensuring a secure and verifiable record of system integrity.
P CR newvalue =Digest of(P CR oldvalue ||Data to extend) (4.1)
Remote attestation relies on the user interacting with a legitimate Trusted Platform Module (TPM) The computing platform utilizes the TPM's Attestation Identity Key (AIK) to authenticate its identity and present valid evidence to other parties Additionally, the private component of the AIK is employed to sign messages and data.
Remote Attestation
Remote Attestation (RA) is a crucial mechanism for authenticating to remote entities and validating the integrity of applications and platforms It encompasses two primary categories: Binary Attestation (BA) and Property-based Attestation (PBA), which utilize three techniques—Hardware-based, Software-based, and Hybrid—to achieve the goal of ensuring trustworthiness RA is a key functionality of the Trusted Platform Module (TPM), enabling software or hardware to demonstrate its identity and trusted state to third parties Each TPM is embedded with endorsement keys (EKs) and certificates from vendors, asserting the authenticity of the TPM and its platform This allows a platform or TPM to prove its trusted state remotely The Remote Attestation protocol initiates with a trusted entity, known as the Challenger (Chal), which requests attestation from the Attestator (Att) The unique EK of the TPM remains confidential, prompting Att to generate an Attestation Identity Key (AIK) for secure communication.
EK.Att is unable to link multiple AIKs from the same TPM The public portion of the AIK, signed by EK, is transmitted alongside other identity proofs, including the platform certificate and EK certificate, to a trusted third party known as the Privacy Certificate Authorization (PCA) This process facilitates the association of AIK and EK Upon validating the received information, the PCA generates and signs an AIK certificate, which is then sent back to Att.
AT&T can now transmit the certificate, signed PCR values from AIK, and the Stored Measurement List (SML), which details the measured platform state values, to the challenger The challenger then verifies the AIK certificate and utilizes AIK to authenticate the signature of the PCR values for recalculating the values listed in the SML Finally, the challenger compares the recalculated value with the original to ensure accuracy.
The PCRs value must align with the SML; if they do not match, it signals potential tampering of the platform, leading Chal to classify Att as an untrusted system Conversely, if the values match, Chal determines that Att is trustworthy Additionally, the configuration of Att can be recorded in a whitelist or blacklist based on its trust status.
Property-Based Attestation (PBA) is an advanced approach that builds upon Binary Attestation (BA) by utilizing Trusted Platform Module (TPM) functionalities to verify platform evidence while also necessitating a trusted third party to issue a Certificate of Property Unlike BA, which focuses on attesting binary values, PBA attests to the properties, functions, and behaviors of platforms and applications, thereby preventing the leakage of binary information The key principle of PBA is that different platforms can exhibit the same properties to meet identical requirements, regardless of their underlying components According to Aarthi et al., PBA offers significant advantages over BA, including the ability to conceal implementation details and thereby protect system vulnerabilities.
2) Properties may not identify components and may provide a certain level of privacy.
3) Properties of components may not change as often as hash values particularly during updates; 4) Properties are easier to understand and can be useful to write meaningful access control policies rather than using an excess of binary values Taking the login function of the computing system (e.g application or web page) for example, despite existing the difference in configuration, implementation, types of application/website or using-purpose,these systems have two common basic factors, such as identity of user and password These factors can be considered as properties [48] Thus, if these systems have been updated or changed, these properties still remain for their own purposes.
Comparison of Trusted Platforms features
In this section, we compare the various features of existing Trusted Platforms based on key criteria, specifically focusing on their form and dependency, as summarized in Table 4.1.
Unlike Secure Elements (SE) and Trusted Execution Environments (TEE), Host Card Emulation (HCE) exists solely as software, while Trusted Platform Module (TPM) is exclusively hardware HCE operates as an Android application that manages user credentials, which are typically of low value In contrast, TPM is a computer chip recognized as a cost-effective solution for bolstering security on standard, non-secure computing platforms.
In term of dependency, TEE works as the framework for mobile-device security It is also known as a layer between mobile OS and typical SE. b Hardware
SE, TPM and some implementations of TEE have their own limited hardware resource.
HCE and TEE leverage extensive host resources, offering superior processing speed and memory capacity compared to SE While TEE enhances performance with its robust capabilities, HCE benefits from the full memory resources of the Android platform, despite not being a hardware component.
Currently, Host Card Emulation (HCE) operates within the Android OS, specifically starting from version 4.4 However, it is perceived as less secure compared to other methods due to its software-based nature.
The Security Environment (SE) offers the highest level of security for mobile computing, but its implementation comes at a higher cost For many applications, the Trusted Execution Environment (TEE) provides adequate security and can collaborate with other trusted platforms to enhance protection However, TEE standardization is still in progress In contrast, Host Card Emulation (HCE) is not designed for high-security applications, and its security challenges are amplified by industry reports indicating that Android is significantly more vulnerable to attacks compared to other mobile environments.
The role of Host Card Emulation (HCE) is less defined compared to other trusted platforms, facing challenges such as limited power modes, issues with roaming, lack of data connectivity, and slower transaction speeds According to recent studies, HCE is still in its early development phase and requires significant advancements to create a comprehensive certification schema that can instill confidence in both service providers and end-users Additionally, HCE is vulnerable to physical and software attacks, further complicating its adoption and security.
The physical protection of Secure Elements (SE) varies by chip type, with most offering robust security measures Trusted Execution Environments (TEE), Secure Elements (SE), and Trusted Platform Modules (TPM) are specifically engineered to thwart unauthorized software attacks These technologies are highly effective across various applications, including e-commerce, government services, online banking, and other sectors that demand elevated security levels.
To combat rising security threats, Trusted Platform Module (TPM) technology emphasizes privacy protection and interoperability across multiple platforms, including PCs and mobile devices Hardware manufacturers have the flexibility to implement TPM chip architectures tailored to specific security solutions In the realm of software, Host Card Emulation (HCE), backed by Google, has gained traction in NFC technology Despite its advantages, such as reduced development costs and faster time to market, HCE presents significant security risks compared to Secure Elements (SE) and necessitates increased developer attention and collaboration with other stakeholders.
Virtual Trusted Platforms
TPM virtualization via Virtual Machine Monitors
Various authors have proposed implementations for migrating virtual Trusted Platform Modules (vTPMs) along with their associated virtual machines (VMs) to ensure secure storage and cryptographic operations Berger et al introduced an architecture that makes the TPM specifications accessible within a virtual environment Building on Berger's work, Sadeghi et al developed a vTPM architecture aimed at enhancing the maintainability and applicability of Virtual Machine Monitors (VMM) Additionally, England and Loeser proposed a para-virtualized TPM that allows a physical TPM to be shared among multiple virtualized hosts, further advancing security measures in this domain.
Criteria SE TEE TPM HCE
Comprised of soft- ware and tamper re- sistant hardware.
Made up of soft- ware and hard- ware.
Hardware- Embedded in a host platform
A secure area that resides in the main pro- cessor mobile devices.
Bounded with the host platform
Processor, crypto- processor, EEPROM, RAM.
Processor, crypto- processor, EEP- ROM, RAM The memories may be shared with the host device.
Crypto- processor, EEP- ROM,RAM
Separate and run in parallel with the host OS
Bootstrap in the TPM, OS in the host platform.
Operate in the host OS.
API sup- port Limited Limited Limited Rich API sup- port
Stores sensitive data (PIN code, IMSI), se- cret keys, generate session keys.
Provides a frame- work for security within the device.
Trust root, gener- ates asymmetric key pair, binding, identity attesta- tion, protected objects.
Security is de- pendent on de- vice OS.
Used for identifica- tion/authentication, for data encryption during communica- tion
Used for ro- bust, hardware- backed, scalable- consistent, OS-independent security.
Used to secure the host platform, to remote commu- nication.
Used for the software emula- tion of a smart card-based ap- plication.
Many studies (the chip is endowed with counter-measures).
Depending on hardware fea- tures of hosting platform.
No counter- measures for physical attacks.
Many studies (the chip is endowed with counter-measures)
Resistant to soft- ware attacks.
Resistant to soft- ware attacks.
Low resistance to software at- tacks.
Privacy Controlled by the user.
No control by the user.
User -controlled features are essential in the context of Trusted Platforms A recent study by al [57] presents an innovative vTPM key hierarchy that introduces an intermediate layer of keys situated between the physical TPM (pTPM) and the virtual TPM (vTPM) This article will provide a concise overview of TPM virtualization, focusing on its architectural framework and migration processes.
Critera Physical TPM (pTPM) Virtual TPM
Endorsement Key (EK), Storage Root Key (SRK), Attestation Identity Key (AIK) and Platform Configuration Reg- isters (PCRs) vEK, vSRK,vAIK and vPCRs
Specifications Standardized by Trusted Computing
Imitate the func- tionality of the pTPM
Security Trust anchor, high security level
Low security level in comparison with pTPM Operation platform One to one Multi to one
The vTPM architecture, designed by Berger et al [52], facilitates the operation of a physical TPM across systems with multiple parallel operating systems In this setup, the vTPM manager handles request multiplexing and creates guest vTPM instances tailored to each guest VM with the necessary TPM support, effectively mimicking the interface and functionality of a hardware TPM Additionally, vTPM migration is a critical feature of TPM virtualization within Virtual Machine Monitors (VMM), ensuring that the vTPM is seamlessly transferred to the appropriate VM to maintain the proper functioning of guest applications This secure migration process leverages TPM key migration capabilities as outlined in the existing TPM standard.
Migrating virtual Trusted Platform Modules (vTPMs) necessitates the synchronization of their state throughout the process The authors in [52] outline a vTPM migration procedure that employs both asymmetric and symmetric key encryption In this protocol, the vTPM state is encrypted and packaged on the source platform, then decrypted upon arrival at the destination platform.
Figure 4.10: Architecture of virtual TPM
The authors in [56] suggest utilizing a migration procedure within a trusted channel to generate a secret encryption key linked to the TPM at the destination, as well as to the configuration of the trusted computing base.
TPM based Software Emulator
The physical Trusted Platform Module (TPM) is limited to one instance per platform, prompting the development of virtual TPM (vTPM) architectures, such as the one introduced by Berger et al [52], which serves as a foundational solution for subsequent research Another approach to address TPM limitations is the use of software emulators in virtualization environments, where each vTPM operates as a software-based emulator with distinct specifications However, this software solution offers lower security guarantees than its hardware counterpart, lacking a hardware-based root of trust and the ability to support vTPM migration Despite its drawbacks, the software emulator remains a viable option for research purposes, with two examples of emulators presented herein.
1 TPM emulator: Strasser and Stamer [55] presented an open source TPM emulator.
The software TPM solution sets a new benchmark by enabling multiple TPM emulator instances to operate on a single platform, facilitating the execution of TPM-based software within a secure virtualization environment.
2 XEN- embedded TPM emulator: XEN is an open source hypervisor that enables for multiple VMs to run on a single system It provides a service to support TPM functionality to VMs by embedding a TPM emulator in it This allows guest application to interact with a vTPM in a same way they interact with a hardware TPM [22] The figure 4.11 presents the pTPM in host system and vTPM in virtual machine Each VM has its own software TPM, which is simulated by TPM simulator vTPM manager domain manages TPM specifications and is responsible for interacting between vTPM and pTPM The implementation model of vTPM in XEN has the following features 10 : non transparent vTPM, vTPM’s secret bound to pTPM, configurable TPM ownership and Storage Root Key authentication, pass through of certain Platform Configuration Register (PCR), extension of Chain of Trust from the host machine to the virtual However migration of vTPM is not supported In figure 4.12, we simulate the vTPM based on virtual machines in XEN 11 This simulator enables each VM to interact with its own vTPM as the same way the host machine works with its unique TPM There is a special VM, called vTPM manager, that manages a particular vTPM for each VM As presented in figure 4.12a, the vtpmmgr manages two vTPM, namely domu-vtpm and domu-vtpm02 Finally, within each
VM, we can interact with its corresponding vTPM Figure 4.12b demonstrates the content of PCRs of vTPM in a specific VM.
Virtual Trusted Execution Environment (vTEE)
The TEE 12 technology offers significant advantages and has been extensively implemented in high-capacity mobile devices However, the restricted access imposed by mobile manufacturers and the associated costs present challenges for programming developers seeking to utilize hardware-based TEE effectively.
10 Virtual Trusted Platform-XEN http://wiki.xenproject.org/wiki
11 https://xenbits.xen.org/docs/unstable/man/xen-vtpm.7.html
12 https://www.globalplatform.org/mediaguidetee.asp
Figure 4.11: Example of vTPM for virtual machine relies on physical TPM’s specification
The authors of [58] developed Open-TEE, a software-based virtual Trusted Execution Environment (vTEE), to address access issues to Trusted Execution Environments (TEEs) An example of a vTEE and its trusted application is illustrated in Figure 4.13, showcasing the execution of a simple trusted application, "hello_world," in a secure environment, with its results displayed in a Rich Operating System such as Android.
The use of TPM based attestation in mobile devices and cloud computing 67
The rise of mobile devices has transformed the computing landscape, with users preferring their personal smartphones and tablets over traditional PCs for both work and entertainment Despite their popularity, mobile devices are often limited by constraints in energy, storage, processing power, and security To address these security challenges, various tools, antivirus applications, and cryptographic techniques are employed, all of which necessitate a trusted computing platform to function effectively.
The Trusted Computing Group (TCG) establishes a standard through its Trusted Platform Module (TPM) that facilitates authentication, authorization, encryption, and integrity across diverse computing platforms Remote attestation, as previously mentioned in subsection 4.1.5, is a key feature of this standard.
Binary Attestation (BA) is a key functionality provided by TPM, utilized by many authors to demonstrate the trustworthiness of various research objects, including platforms and applications However, some researchers highlight the limitations of BA, such as issues related to privacy, flexibility, and scalability To address these shortcomings, Property-Based Attestation (PBA) has been proposed, which extends BA by attesting not only binary values but also security properties and behaviors of systems A notable application of PBA in cloud computing allows users to verify the security properties of a cloud service platform prior to data exchange Additionally, combining the Attestation Identity Key certificate with Privacy Certificate Authorization and Secure Socket Layer certificates can create a Platform Property Certificate To enhance trust in cloud monitoring systems, a trusted framework has been introduced to establish a chain of trust for clients, relying on PBA Furthermore, the CORA model enables cloud tenants to select nodes that meet their security requirements and dynamically verify their trustworthiness.
Vijay et al [70] proposed a new trust model utilizing PBA to enhance the security framework for virtual machines and services in the cloud Their approach focuses on key communication properties, including source address, traffic patterns, and state validation of tenant virtual machines, to effectively detect and prevent security attacks within the cloud environment.
In the realm of mobile computing, Nauman et al developed a bootstrapping attestation (BA) method for the Android platform, creating a root-of-trust by emulating a Trusted Platform Module (TPM) within the kernel, thereby establishing a chain-of-trust extending to the Dalvik virtual machine and its components Similarly, another study explored remote attestation for low-cost embedded devices lacking trusted hardware, identifying essential properties to support secure attestation through a minimal system component collection Additionally, Kostiainen et al introduced property-based attestation (PBA) for in-vehicle communication systems, facilitating data exchange between mobile devices and car head units by leveraging existing mobile application certification infrastructure and omitting the need for a trusted intermediary for software measurement translation.
Conclusion
This chapter examines current trusted platforms, focusing on the critical feature of remote attestation We analyze recent studies that highlight the advantages and disadvantages of these platforms, particularly noting the shortcomings of existing remote attestation mechanisms Additionally, we explore the limitations associated with application attestation.
While previous research has highlighted the importance of business analytics (BA), there remains a lack of clarity regarding which property-based attestations are essential and how to generate them automatically The following chapter will explore recent security challenges associated with mobile cloud computing (MCC) by examining various approaches.
Security issues in Mobile Cloud
Mobile Cloud Computing (MCC) leverages cloud computing capabilities while also inheriting its security vulnerabilities Key challenges include connection loss, bandwidth limitations, latency issues, and resource constraints, alongside significant security and trust concerns Current threats facing MCC encompass malware, viruses, privacy breaches, financial fraud, content protection, enterprise data security, and secure storage This has led to increased awareness and a swift adoption of security solutions We will explore the importance of Trusted Platforms in MCC by addressing security concerns related to both mobile devices and the cloud infrastructure.
Securing the mobile devices
Trusted Platforms have effectively enhanced security for mobile users by collaborating to meet various security requirements For instance, the Trusted Execution Environment (TEE) acts as a complementary security measure, integrating services that rely on partial identities from Secure Elements (SEs) like Active Stickers, Secure Micro SD Cards, Universal Integrated Circuit Cards (UICCs), and Embedded SEs This integration ensures seamless interaction and secure processes at the device's periphery Additionally, the combination of TEE with Trusted Platform Module (TPM) Mobile exemplifies how on-processor technologies and flexible TPM protocols can be utilized Consequently, TPM Mobile functionality is implemented as a Trusted Application within the TEE, providing an integrated security solution.
To ensure the security of mobile devices, it is crucial to consider both mobile apps and data Since applications run on untrusted mobile devices, employing trusted platforms is vital to address security challenges Depending on the required security level, these apps can utilize either physical or software-based trusted platforms For instance, Roland developed a prototype that emulates secure elements within Android platforms, providing an open emulator for debugging and rapid prototyping of secure element applications This emulator, which fully implements the Java Card API within Android, offers enhanced security and trust compared to Google's Host Card Emulation (HCE) and is proposed as a replacement for physical secure elements.
For effective long-term testing and application showcasing, it is essential to ensure confidentiality and integrity of data stored on mobile devices and transferred via the Internet Utilizing established protocols like SSL/TLS for data transfer is crucial, while trusted platforms within mobile devices, equipped with crypto-processors and cryptographic algorithms, can compute confidentiality and integrity Sensitive data, such as PIN codes, security keys, or passwords, should be securely stored in Flash memory or EEPROM of trusted platforms like Secure Elements (SE) or Trusted Execution Environments (TEE) If the data size exceeds the capacity of these trusted platforms, it can be stored in the mobile device's protected memory or outsourced to a trusted Cloud environment Conversely, non-sensitive data may be stored on the untrusted mobile device or in the Cloud without special precautions.
1 https://globalplatform.org/specifications.asp
Securing the Cloud
With regard to the security of apps and VMs in the cloud environment, the authors, in
The Cloud of Secure Elements (CoSE) concept, proposed by [75], revolutionizes mobile payments by hosting secure services on servers instead of smartphone Secure Elements This approach allows NFC smartphones to act as a bridge between NFC readers and secure microcontroller internet servers that manage EMV applications A key benefit of CoSE is the dynamic assignment of physical secure elements in the cloud for sensitive applications To ensure security, service providers must implement auditability, which can be achieved through remote attestation techniques that utilize a trusted platform module (TPM) The TPM, which contains a unique endorsement private key, verifies the host's system state during boot by generating a sequence of hashes that can be securely stored and authenticated by a remote party.
In traditional systems, the attestation process links the operating system to the hardware, but in virtualized environments like the cloud, VMs can migrate dynamically, rendering remote attestation inadequate To enhance security, Santos et al proposed utilizing hardware TPM to secure the hardware layer and employing secure virtual machine monitors for VMs, ensuring migration occurs only between trusted servers Efficient protocols for trust establishment and management were designed by other authors, while Patidar et al introduced a system integrating cloud computing with trusted computing platforms using TPM, which provides essential security mechanisms such as authentication, confidentiality, and integrity Alongside securing applications and VMs, safeguarding data remains a crucial aspect of the cloud ecosystem.
Many authors have proposed various security mechanisms for Cloud storage Hsueh et al introduced a hybrid cryptography and digital signatures approach to ensure data security on mobile devices, effectively preventing unauthorized access by malicious attackers while allowing information sharing with designated friends through specific access rights In contrast, hardware-based encryption leverages Trusted Platform Module (TPM) technology, requiring no user intervention and having no negative impact on system performance The Trusted Computing Group has released a Trusted Storage specification aimed at enabling full-disk encryption across enterprises using TPM, a concept that can also be applied to the storage solutions offered by Cloud data centers.
Zou et al proposed Phosphor, a cloud-based mobile DRM system that utilizes a subscriber identity module (SIM) card in mobile phones to combat illegal distribution and piracy of digital content, including videos, audio, and e-books The SIM card implements a license state word (LSW) protocol that decrypts digital content from the cloud using a decryption key stored on the SIM However, a significant drawback of this approach is the necessity for the cloud to maintain a unique secret key for each user, raising concerns about key management and security.
Authentication
Mobile devices necessitate robust authentication, secure storage, and device integrity, making access control more vital than ever due to the widespread accessibility of cloud services The Trusted Platform Module (TPM) offers a more secure authentication method than traditional usernames and passwords To enhance mobile security, features like PIN access and biometric locks—such as eyeprints, fingerprints, and facial recognition—are now standard in mobile devices Operating in conjunction with TPM 2.0, these security measures ensure that if a user fails to enter the correct password or does not follow the proper verification process, the TPM locks the device, safeguarding sensitive data.
In [82], the authors propose a protocol for mobile devices to authenticate nearby Cloudlets using NFC applications This authentication process involves a Secure Element (SE) in the mobile device and incorporates the Mobile Network Operator along with a trusted service management system associated with cloud computing.
2 https://trustedcomputinggroup.org/tcg-storage-architecture-core-specification/
Data Privacy
Privacy in cloud computing empowers users to maintain control over their personal data In frameworks like MobiCloud, the Extended Semi-Shadow Image (ESSI) concept allows for various types of device clones, enhancing functionality beyond traditional virtual images Similarly, CloneCloud employs offloading techniques using trusted device clones for computing on resourceful servers However, both MobiCloud and CloneCloud fall short in providing privacy options for users regarding the selection of personal data to be outsourced Implementing a Trusted Execution Environment (TEE) could address these privacy concerns by securely storing personal data that users prefer not to outsource, utilizing its larger memory capacity compared to a Secure Element (SE).