The Pennsylvania State University The Graduate School PROVIDING VERIFIABLE INTEGRITY ON MOBILE PLATFORMS A Thesis in Electrical Engineering by Anuj Sawani c 2008 Anuj Sawani Submitted in Partial Fulfillment of the Requirements for the Degree of Master of Science August 2008 The thesis of Anuj Sawani was reviewed and approved∗ by the following: Trent Ray Jaeger Associate Professor of Computer Science and Engineering Thesis Co-Adviser George Kesidis Professor of Electrical Engineering and Computer Science and Engineering Thesis Co-Adviser Ken Jenkins Professor and Head of the Department of Electrical Engineering ∗Signatures are on file in the Graduate School. Abstract Mobile phone systems are becoming as advanced and powerful as desktop comput- ers. They now provide services beyond telephony, such as browsing the internet, personal information management or even playing games. However, third-party ap- plications, such as mobile games, could execute malware on the phone and threaten to affect the integrity of trusted software like mobile banking clients. The goal is to prevent trusted data or code from being affected by untrusted software with mini- mum overhead. The phone has limited processing power and we aim to show that an optimized security framework running on the phone does not affect the performance significantly. We use the Security Enhanced Linux (SELinux) framework combined with Policy Reduced Integirty Measurement Architecture (PRIMA) to provide in- tegrity guarantees to remote parties. Each of these components have been ported to work with an ARM-based platform. Further, the SELinux policy loaded at boot time also ensures that the trusted software is not compromised at any time. On average, we found that the phone takes approximately 0.03 seconds to perform an integrity measurement on a 150KB file. This negligible overhead does not affect performance significantly while assuring integrity of the phone. Our work shows that the approach is practical and will provide a basis for the future development of a standard security framework for mobile phone systems. iii Table of Contents List of Figures vii List of Tables viii Acknowledgments ix Chapter 1 Introduction 1 1.1 The Mobile Era . 1 1.2 Open Mobile Phone Systems . 2 1.2.1 Linux as a Mobile Platform . 3 1.3 Thesis Contribution . 3 1.4 Thesis Structure . 5 Chapter 2 Background 7 2.1 Mobile Phone Architecture . 7 2.1.1 Linux-based Mobile Phones . 7 2.1.2 OpenMoko Software Stack . 9 2.2 SELinux and Integrity Measurement . 11 2.2.1 Trusted Platform Module (TPM) . 11 2.2.2 Integrity Models . 12 2.2.3 Integrity Measurement Architecture(IMA) . 13 2.2.4 Policy Reduced Integrity Measurement Architecture (PRIMA) 14 2.3 Cross-compiling for ARM CPU . 15 Chapter 3 Related Work 17 iv 3.1 Software based Integrity Measurement on Embedded Platforms . 18 3.1.1 SWATT and Genuinity . 18 3.1.1.1 Attack on Genuinity . 19 3.1.2 Pioneer . 19 3.1.3 Energy and Execution Time Analysis of Software based TPM 20 3.2 Hardware based Integrity Measurement on Embedded Platforms . 20 3.2.1 ARM TrustZone . 20 3.2.2 Intel's Authenticated Flash . 22 3.3 Linux-based Mobile Security Solutions . 22 3.3.1 Montavista's Mobilinux . 22 3.3.2 Motorola's MotoAC . 23 Chapter 4 Vulnerability and Security Analysis of Mobile Platforms 24 4.1 Threat Model . 24 4.1.1 Physical device access . 25 4.1.2 Wireless Attacks . 25 4.1.3 DoS attacks . 26 4.1.4 Network attacks . 26 4.1.5 Worms and Virus . 26 4.2 Linux Platform . 27 4.2.1 Montavista Linux . 27 4.2.1.1 Motorola A780 . 27 4.2.1.2 Motorola A1200 . 31 4.2.2 OpenMoko . 33 4.3 Symbian Platform . 35 Chapter 5 Approach 36 5.1 The Goal . 36 5.2 System Architecture . 37 5.3 SELinux . 38 5.4 Integrity Measurement . 38 5.5 System Security . 39 Chapter 6 Building a Mobile Platform with Integrity Measurement 41 6.1 Experimental Setup . 41 6.1.1 Evaluation Board . 42 6.1.2 OpenMoko Phone . 43 v 6.2 Cross-compiling with OpenEmbedded . 44 6.2.1 Basic concepts of OpenEmbedded . 45 6.3 Enabling SELinux . 46 6.3.1 SELinux Policy design . 47 6.4 Modifications . 48 6.4.1 Kernel . 49 6.4.1.1 JFFS2 and xattr support . 50 6.4.2 RootFS . 50 6.4.3 Software Installer . 50 6.5 Verifying integrity measurement . 51 6.5.1 Package Installer . 52 6.5.1.1 Install a trusted package . 52 6.5.1.2 Install an untrusted package . 52 6.5.1.3 Invoke installer by an untrusted process . 53 6.6 Performance Results on Mobile Hardware . 53 Chapter 7 Conclusion 56 Bibliography 58 vi List of Figures 2.1 Organization of on-board flash memory of Linux mobile phones . 8 2.2 Openmoko Software Stack . 10 2.3 The decision process of SELinux . 12 3.1 ARM TrustZone System Architecture . 21 3.2 Intel's Authenticated Flash . 22 4.1 Motorola A780's Bootloader Mode . 30 4.2 The functioning of gsmd ........................ 34 5.1 The proposed mobile phone system architecture . 37 6.1 Overview of the integrity framework ported for mobile phone hard- ware ................................... 42 6.2 The OMAP 5912 OSK Evaluation Board . 43 6.3 Implementation of the filtering interface in the software installer . 49 vii List of Tables 4.1 A possible mapping of mux devices . 32 6.1 Comparison of boot time on the Openmoko phone . 54 6.2 Time taken to measure files of varying sizes . 54 6.3 Output of openssl speed sha1 - speed measurement of SHA1 hash 55 viii Acknowledgments First and foremost, I would like to offer my sincerest gratitude to my advisor, Dr. Trent Jaeger, who has supported me with his knowledge, guidance, patience and encouragement during the course of my research. He steered me in the right direction whenever I needed it and without him, this thesis would not have been possible. I would also like to thank my student colleagues, Divya Muthukumaran, Mo- hamed Hassan and Josh Schiffman with whom I collaborated during my research. Each of us with our own expertise complemented each other perfectly as a team. I am grateful to the Penn State Systems and Internet Infrastructure Security (SIIS) laboratory where I did my research. I would also like to thank my committee members, Dr. George Kesidis and Dr. Ken Jenkins for supporting my thesis and research. Finally, I thank my parents for supporting me throughout my studies at the university. ix Chapter 1 Introduction 1.1 The Mobile Era In the last decade, cellular phones have evolved tremendously. In the beginning, mobile phones were huge impractical devices whose functions supported only mak- ing calls or receiving calls. Very soon, they started supporting short messaging services while the size of mobile phones became smaller. But now, mobile devices are capable of performing every function that a desktop computer can perform. We now term these phones as smart phones. These phones are very powerful com- puting devices that are capable of functions like Email, Web Browsing, Personal Information Management and run custom applications. In 2007, more than 1.15 billion phones were sold worldwide. This large number emphasizes the widespread reach of mobile phones currently. Most users of these phones install third party applications at some point of time while using the phone. Now, there is no guarantee that these applications will not perform malicious activity on the phone. In most cases, these applications have read and write access to the phone's filesystem. Hence, they are capable of affecting the phone's functionality without the user's knowledge. Some of the applications that are installed on the phone could turn out to be worms or virus that are coded to spread through any communication channel it can find. The mobile phones usually provide various channels for communica- tion with other devices. These channels include Infrared, Bluetooth, Wifi, USB, GPRS/EDGE/EVDO, etc. 2 An important point to note for smart phones is that the operating systems have now become standard for phones. Most operating systems have released a mobile version which are compatible with various phone models. Currently, the market is dominated by three most common operating systems: Symbian, Windows and Linux. Hence, there is a lack of diversity in the market which allows attackers to target these operating systems while creating worms or virus. The complexity of these devices does add functionality to the user, but it also opens up many doors for malware to slip in. Hence, with all these views in mind, the need for security on mobile phones is obvious. 1.2 Open Mobile Phone Systems A new trend to open up mobile platforms has gained momentum in the past year. Why do we need open source mobile systems? A fully featured, fully open source mobile handset could help reduce the cost of mobile telecommunications and give users access to a rich set of low cost applications for personal use. On the other hand, certain companies prefer a standard and familiar user interface that makes it easier for users to use the device. But, with the flexibility offered by open source mobile devices, it has been gaining popularity very rapidly. Though there have been various initiatives to bring out a completely open source mobile software stack, two of the most notable ones are Google's Android [1] and FIC's Openmoko [2]. Google's Android is a software platform and operating system based on Linux. Developers can write applications for the platform using Java-like code using Java libraries provided by Google.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages70 Page
-
File Size-