KR20170067003A - Method and System for Protecting application program in trusted execution environment - Google Patents
Method and System for Protecting application program in trusted execution environment Download PDFInfo
- Publication number
- KR20170067003A KR20170067003A KR1020150173339A KR20150173339A KR20170067003A KR 20170067003 A KR20170067003 A KR 20170067003A KR 1020150173339 A KR1020150173339 A KR 1020150173339A KR 20150173339 A KR20150173339 A KR 20150173339A KR 20170067003 A KR20170067003 A KR 20170067003A
- Authority
- KR
- South Korea
- Prior art keywords
- tee
- application program
- operating system
- management server
- security
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 230000003213 activating effect Effects 0.000 claims 1
- 230000001681 protective effect Effects 0.000 claims 1
- 230000000694 effects Effects 0.000 abstract description 9
- 238000010586 diagram Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 3
- 102100022142 Achaete-scute homolog 1 Human genes 0.000 description 2
- 101000901099 Homo sapiens Achaete-scute homolog 1 Proteins 0.000 description 2
- 230000002708 enhancing effect Effects 0.000 description 2
- 102100022144 Achaete-scute homolog 2 Human genes 0.000 description 1
- 101000901109 Homo sapiens Achaete-scute homolog 2 Proteins 0.000 description 1
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
- G06F21/126—Interacting with the operating system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
Abstract
The present invention relates to a method and system for protecting an application program based on a trusted execution environment. The method for protecting an application program based on a trusted execution environment includes a secure operating system that operates independently of a general operating system, A protection method for protecting an application program installed and running in a TEE device using a TEE device supporting an environment base and a TEE management server updating security information of the TEE device, Separating a specific module related to the security operation of the TEE management server and encrypting and storing it in the TEE management server; And a control unit for receiving the encrypted specific module from the TEE management server and decrypting the specific module in the security area managed by the security operating system of the TEE device when the separated application program is executed in the TEE device, And performing a security operation by the module.
Therefore, according to the present invention, a specific module of an application program installed in a trusted operating environment-based TEE device is stored in a TEE management server, and each time an application program is run, a specific module in a security area managed by the security operating system of the TEE device There is an effect of providing a method and system for protecting an application program based on a trusted execution environment that improves the security of an application program by decrypting the module and performing a security operation by the specific module.
Description
The present invention relates to a method and system for protecting an application program based on a trusted execution environment, and more particularly, to a method and system for protecting an application program installed in a trusted execution environment based TEE device, And more particularly, to a method and system for protecting an application program based on a trusted execution environment that improves the security of an application program by decrypting a specific module in a security area managed by the security operating system of the TEE device each time the program is run.
2. Description of the Related Art In recent years, a general operating system that operates in a non-trusted execution environment (NTEE) in a portable terminal such as a smart phone or a tablet PC, and a trusted execution environment (TEE ), A secure operating environment-based security technology including a security operating system operating at the same time is being applied.
Here, NTEE refers to an operating system (OS), drivers, middleware, and applications. The most popular example of such a system is Android. Android includes the Linux kernel, device drivers, the Android runtime environment, Android middleware and applications.
On the other hand, TEE includes security critical components. Security elements are accessed by the executing NTEE elements, and certain security related actions are performed by this approach. In general, TEE includes a security OS, security drivers, security middleware, and trusted applications (TA).
At this time, in order to maintain the integrity of TEE, all elements of TEE are subject to security boot.
That is, the security technology based on the trusted execution environment greatly improves the security because the security operating system running in TEE is booted before the general operating system running on NTEE is executed.
However, these methods have a problem in that, when using a general operating system based on an open source such as Android, there is a possibility that a malicious code that is installed in a portable terminal in advance, .
Accordingly, there is an urgent need for a realistic and applicable security technology capable of preventing the application program installed in a TEE device, such as a trusted terminal based on a trusted execution environment, from being recompiled.
SUMMARY OF THE INVENTION The present invention has been conceived in order to solve the above problems, and it is an object of the present invention to provide a method and a system for storing a specific module of an application program installed in a trusted execution environment based TEE device in a TEE management server, A method and system for protecting an application program based on a trusted execution environment in which security of an application program is improved by decrypting a specific module in a security area managed by a security operating system of the device and performing a security operation by the specific module .
The method for protecting an application program based on a trusted execution environment according to an exemplary embodiment of the present invention includes a TEE device supporting a Trusted Execution Environment based on a security operating system operating independently of a general operating system, A protection method for protecting an application program installed in a TEE device using an updated TEE management server, the protection method comprising: separating a security module related to an application program installed in the TEE device, ; And a control unit for receiving the encrypted specific module from the TEE management server and decrypting the specific module in the security area managed by the security operating system of the TEE device when the separated application program is executed in the TEE device, And performing a security operation by the module.
The security area managed by the security operating system of the TEE device may be an ARM trust zone (TEE) based on physical isolation from a general area in which a general operating system operates.
Wherein the step of receiving the encrypted specific module from the TEE management server and decrypting the specific module in a security area managed by the secure operating system of the TEE device and performing a security operation by the specific module comprises: And comparing the hash value of the application program with a specific hash value stored in advance in the TEE management server, thereby confirming whether the application program is faked or not based on the trusted execution environment.
The TEE device encrypts the ID information and the version information of the specific module in the secure operating system and transmits the ID information to the TEE management server after confirming whether the application program is falsified or not based on the trusted execution environment, Requesting a specific encrypted module stored in the first module; A second step of the TEE management server searching for an encrypted specific module corresponding to the version information and delivering the encrypted specific module to the TEE device; A third step of the TEE device decoding the specific module in the secure operating system and then loading a specific module for checking whether the application program is falsified or not in the general operating system; A fourth step of encrypting the version information and the specific hash value of the application program collected by the specific module by the TEE device in the security operating system and then transmitting the same to the TEE management server together with the OTP value generated in the security operating system; A fifth step of verifying whether the application program is forged or falsified by using the OTP value received from the TEE device, the version information of the application program and the specific hash value, and generating the forgery / fake result data; And terminating the application program when the TEE device decrypts the encrypted forgery result data received from the TEE management server in the security operating system and turns out to be a forgery or corruption.
The specific module may be configured in a dex file format including a class for verifying forgery and falsification of an application.
The first step in which the TEE device requests an encrypted specific module stored in the TEE management server includes collecting and encrypting ID information of a TEE device and version information of a DEX file corresponding to a specific module in a general operating system; Decrypting the ID information and version information in a secure operating system; Generating a symmetric key in the secure operating system, encrypting the ID information and version information, and encrypting the symmetric key using a public key; And transmitting the encrypted information and the symmetric key to the TEE management server via a general operating system and requesting a specific encrypted module stored in the TEE management server.
Storing a specific hash value of an application program corresponding to version information in the decrypted TEE device information in a TEE management server before a first step in which the TEE device requests an encrypted specific module stored in the TEE management server ; ≪ / RTI >
The second step of the TEE management server searching for an encrypted specific module corresponding to the version information and transferring the encrypted specific module to the TEE device comprises the steps of: decrypting the symmetric key transmitted from the TEE device using the public key; Decrypting the encrypted information transmitted from the TEE device using the decrypted symmetric key; Searching for a specific module requested by the TEE device using the transmitted information of the decrypted TEE device, and generating a symmetric key for the session; Encrypting the specific module and version information using the symmetric key for the session and encrypting the symmetric key for the session with a public key; And transmitting the encrypted specific module and version information together with the symmetric key for the encrypted session to the TEE device.
The third step of the TEE device decrypting the specific module in the secure operating system and then loading a specific module for checking whether the application program is falsified or not in the general operating system is a step of decrypting the symmetric key for the encrypted session with the public key in the secure operating system ; Decrypting the encrypted specific module transmitted from the TEE management server using the symmetric key for the decrypted session in the secure operating system; And executing a forgery check operation by loading a dex file corresponding to the decrypted specific module in a general operating system.
The fourth step of encrypting the version information and the specific hash value of the application program collected by the TEE device by the specific module in the security operating system and then transmitting the same to the TEE management server together with the OTP value generated in the security operating system, Collecting version information and a specific hash value of the application program and delivering it to the security operating system; Generating a symmetric key for OTP and forgery check in a secure operating system; Encrypting the forgery-and-alteration determination information including the version information, the specific hash value and the OTP with the symmetric key for forgery check in the security operating system, and encrypting the symmetric key for forgery check using the public key; And transmitting the encrypted symmetric key for forgery check and forgery determination information to the TEE management server.
The fifth step of verifying whether the application program is forged or falsified by using the OTP value received from the TEE device, the version information of the application program and the specific hash value, and generating the forgery and the falsification result data, Decrypting the encrypted symmetric key for forgery check; Decrypting the forgery-and-alteration determination information using the decrypted symmetric key for forgery check; Determining whether the OTP value is normal using the OTP value received from the TEE device; And comparing the specific hash value received from the TEE device with a specific hash value stored in advance in the TEE management server to determine whether the hash value is normal and generating the forgery result information.
The sixth step of the TEE device decrypting the encrypted forgery result data received from the TEE management server in the security operating system and ending the application program if it is determined that the forgery or falsification has occurred, generates a symmetric key for forgery result in the TEE management server step; Encrypting the forgery and falsification result information using the symmetric key for forgery result in the TEE management server and encrypting the symmetric key for forgery result with a public key; Transmitting the encrypted symmetric key for forgery result and forgery result information to the TEE device; Decrypting the symmetric key for the encrypted forgery result with the public key in the security operating system of the TEE device, and then decrypting the encrypted forgery result information using the decrypted symmetric key for forgery result; And if the forgery and falsification result information is transmitted to the general operating system of the TEE device and it is determined that the application program is forgery and the application program is terminated and the application program is determined to be normal, the method may be executed.
The trusted program execution environment based application program protection system according to an embodiment of the present invention includes a secure operating system that operates independently of a general operating system and supports a trusted execution environment base and supports at least one or more security- A TEE device for installing an application program in the form of a TEE device; And a TEE management server for updating security information of the TEE device, wherein the TEE device is installed with an application program in which a specific module among security-related modules in the form of a DEX file constituting an application program is separated, The server can encrypt and store a specific module in the form of a DEX file separated from the application program.
The TEE device receives the encrypted specific module from the TEE management server when the specific module executes the separated application program, decrypts the decrypted specific module in the security domain managed by the security operating system, Operation can be performed.
Wherein the specific module is configured in the form of a dex file including a class for verifying the forgery and falsification of the application and the security related operation by the specific module is performed by sending a specific hash value of the application program of the TEE device to the TEE management server And comparing the hash value with a predetermined hash value stored in advance, thereby confirming whether the application program is falsified or not based on the trusted execution environment.
As described above, according to the present invention, a specific module of an application program installed in a TEE device based on a trusted execution environment is stored in a TEE management server, and each time an application program is run, It is possible to block the possibility of hacking by decompiling general operating system based on open source by decrypting a specific module in the security domain and performing security operation by the specific module.
In addition, the present invention has an effect of improving security by using a TEE device based on an ARM trust zone physically separated from a general operating system while providing a TEE device based on a trusted execution environment.
In addition, the present invention has an effect of enhancing the efficiency of the security-related application program by comparing the hash value of the application program of the TEE device with the specific hash value stored in advance in the TEE management server to determine whether forgery or falsification has occurred.
In addition, the present invention has an effect of improving security because it is possible to determine whether a forgery or falsification has been made using an OTP value generated by a TEE device and a specific hash value of an application program.
In addition, the present invention can enhance security by selecting a specific module from among one or more security-related modules constituting a Dex file and encrypting and storing the selected module in a TEE management server rather than a TEE device, It is effective to improve the security by performing it independently in the security operating system.
In addition to the forgery and falsification determination information in the TEE device, an effect of increasing the reliability of a security token such as OTP is generated by generating a hash value of an application when generating an OTP and a file size and time of a dex file constituting the application have.
Further, the present invention has an effect of preventing data corresponding to the forgery-and-falsely determined information from being exposed on the network by encrypting the data transmitted and received on the network with the symmetric key and encrypting the symmetric key with the public key.
FIG. 1 is a block diagram for schematically explaining a method for protecting an application program based on a trusted execution environment according to an embodiment of the present invention.
FIG. 2 is a diagram for explaining a configuration in which a Dext file shown in FIG. 1 is separately stored.
3 is a flowchart illustrating a process for checking whether an application program is forged or modified in a trusted execution environment according to an embodiment of the present invention.
4 is a flowchart showing a flow when a TEE device requests a specific module stored in a TEE management server. (Step 1)
5 is a flowchart showing a flow when a TEE management server finds a specific encrypted module and transmits it to a TEE device (second step)
6 is a flowchart showing a flow when a TEE device decodes a specific module and loads a specific module (third step)
7 is a flowchart showing a flow when a TEE device encrypts application forgery determination information and transmits it to a TEE management server. (Step 4)
8 is a diagram showing an example of a flag table and a specific hash value for making a forgery check value including a specific hash value as a flag
9 is a flowchart showing a flow when a TEE management server verifies a forgery and falsification of an application program and generates result data. (Step 5)
10 is a flowchart showing a flow when a TEE device decrypts forgery result data in a TEE management server and terminates an application program if it is determined to be a forgery or falsification (step 6)
11 is a block diagram of a system block for schematically explaining a trusted execution environment based application program protection system according to an embodiment of the present invention.
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings.
FIG. 1 is a block diagram schematically illustrating a method for protecting an application program based on a trusted execution environment according to an embodiment of the present invention. Referring to FIG.
The present invention includes both a general operating system operating in a non-trusted execution environment (NTEE) and a secure operating system operating in a trusted execution environment (TEE) independently of the general operating system The present invention relates to a method of protecting an application program installed in a trusted execution environment based TEE device.
Hereinafter, an area where a general operating system operates is referred to as a NW (Normal World) 100, and an area where a security operating system operates is referred to as a SW (Secure Wolrd)
In the present invention, the TEE
In addition, the present invention includes a
As shown in FIG. 1, a method for protecting an application program based on a trusted execution environment according to an embodiment of the present invention includes separating and encrypting a specific module from an application program installed in the
In this case, according to the embodiment of the present invention, the specific module is separated from a dex file including a plurality of classes provided in an application operating in the Android operating system, and includes a class for verifying forgery / (dex) file format.
FIG. 2 is a diagram for further explaining a configuration in which the Dext files shown in FIG. 1 are separately stored.
2, an application program installed in the TEE device according to an exemplary embodiment of the present invention indicates an Android program package (APK), which separates a specific class previously selected as an important module from a Dex file, The APK can be distributed to the Android market or the like, and the important module such as the above-mentioned specific class can be stored in the
Here, it is desirable that the important module such as the specific class stored in the TEE
As described above, a protection method for protecting an application program installed and executed in a TEE device according to an embodiment of the present invention includes separating a security module related to an application program installed in the TEE device, And when the specific module executes the separated application program in the TEE device, receiving the encrypted specific module from the TEE management server and storing the encrypted specific module in a security area (SW) 200 managed by the security operating system of the TEE device And decrypting the specific module and performing a security operation by the specific module.
At this time, the
Meanwhile, in the embodiment of the present invention, the encrypted specific module is received from the
Hereinafter, a process for checking whether an application program is falsified or not according to an exemplary embodiment of the present invention will be described with reference to FIGS. 3 to 10. FIG.
3 is a flowchart illustrating a process of checking whether an application program has been tampered with in a trusted execution environment according to an exemplary embodiment of the present invention.
As shown in the figure, a process for checking whether an application program is falsified or not based on the trusted execution environment according to an embodiment of the present invention will be described.
First, the
In the first step S100, the
Next, the
Next, the
In the third step S300, the
Next, the
In the fourth step S400, the
Next, the
In the fifth step S500, the
Finally, when the
The process of checking whether the application program shown in FIG. 3 is falsified or not will be described in detail with reference to FIGS. 4 to 10 as follows.
4 is a flowchart showing a flow when a TEE device requests a specific module stored in a TEE management server.
4, in operation S100, the TEE device requests the encrypted specific module stored in the TEE management server according to the embodiment of the present invention. In operation S100, the ID information of the
Next, the security operating system generates a symmetric key, encrypts the ID information and the version information, encrypts the symmetric key using the public key (S130), and transmits the encrypted information and the symmetric key to the TEE management The
Meanwhile, in the embodiment of the present invention, before the
5 is a flowchart showing a flow when a TEE management server finds an encrypted specific module and transmits the specific module to a TEE device.
As shown in FIG. 5, in operation S200, the
Next, a specific module requested by the
6 is a flowchart showing a flow when a TEE device decodes a specific module and loads a specific module.
As shown in the figure, in operation S300, a TEE device decrypts a specific module in a secure operating system and then loads a specific module for checking whether an application program is falsified or not in a general operating system, The secure operating system decrypts the symmetric key for the encrypted session with the public key in step S310 and decrypts the encrypted specific module transmitted from the
7 is a flowchart showing a flow when a TEE device encrypts application forgery determination information and transmits it to a TEE management server.
As shown in the figure, according to an embodiment of the present invention, a TEE device encrypts version information of an application program collected by a specific module and a specific hash value in a security operating system, and then, together with the OTP value generated in the security operating system In step S400, the generic operating system collects the version information of the application program and the specific hash value, and transmits the collected information to the secure operating system in step S410. In step S410, the OTP and the symmetric key for forgery check are generated in the secure operating system. (S420)
Next, the security operating system encrypts the version information, the specific hash value and forgery determination information including the OTP with the symmetric key for forgery check, encrypts the symmetric key for forgery check using the public key (S430) The symmetric key for forgery check and forgery determination information to the TEE management server 20 (S440)
8 is a diagram showing an example of a flag table and a specific hash value for randomizing a forgery check value including a specific hash value.
Referring to FIG. 8, a method for randomizing the feature value for forgery check including the specific hash value of the fourth step will be described in detail as follows.
As shown in the figure, in the embodiment of the present invention, it is possible to configure a flag table that associates the APK file, the DEX file, and the files in the RES folder with the hash value, file size, and binary OFFSET.
Here, for example, HASH1 shown in the drawing can be extracted as SHA1, HASH2 can be extracted as SHA2, and the file size can be expressed by the actual size of the BYTE unit file.
Also, as shown in the figure, a specific position value of a file occupied in the memory, for example, 200 to 300 address HEX values, can also be divided into feature values.
On the other hand, when FLAG TABLE is referenced, when FLAG is displayed as 101203, it indicates the HASH1 value of the FLAG table and the file size of the dex file. When it is transmitted to the security area of the security operating system, Security token).
9 is a flowchart showing a flow when the TEE management server verifies the forgery and falsification of the application program and generates the result data.
As shown in the figure, according to an embodiment of the present invention, a TEE management server verifies whether an application program is forged or falsified by using an OTP value received from a TEE device, version information of an application program, and a specific hash value, (S500), the encrypted symmetric key for forgery check is decrypted using the public key (S510), and the forgery or falsification determination information is decrypted using the decrypted symmetric key for forgery check (S520)
The OTP value and the hash value received from the
10 is a flowchart showing a flow when a TEE device decrypts forgery result data in a TEE management server and ends an application program if it is determined that the data is forged or falsified.
As shown in the figure, according to an embodiment of the present invention, when the TEE device decrypts the encrypted forgery result data received from the TEE management server in the secure operating system and turns out to be forgery, step S600 of terminating the application program , The
Next, the secure operating system of the
11 is a block diagram of a system block for schematically explaining a trusted execution environment based application program protection system according to an embodiment of the present invention.
As shown in the figure, a trusted application environment based application program protection system according to an embodiment of the present invention includes a secure operating system that operates independently of a general operating system, and includes a
At this time, the
More specifically, the TEE device performs communication with the
The
More specifically, the
Meanwhile, in the embodiment of the present invention, when the specific module executes the separated application program, the
Also, in the embodiment of the present invention, the specific module is configured in the form of a dex file including a class for verifying the forgery and falsification of the application, and the security related operation by the specific module is performed by the TEE And comparing the hash value of the application program of the
As described above, according to the present invention, a specific module of an application program installed in a trusted execution environment-based TEE device is stored in a TEE management server, and whenever the application program is activated, the security operating system of the TEE device The specific module is decrypted in the security zone to be managed and then the security operation is performed by the specific module, thereby making it possible to block the possibility of hacking by decompilation of the general operating system based on the open source.
In addition, the present invention has an effect of improving security by using a TEE device based on an ARM trust zone physically separated from a general operating system while providing a TEE device based on a trusted execution environment.
In addition, the present invention has an effect of enhancing the efficiency of the security-related application program by comparing the hash value of the application program of the TEE device with the specific hash value stored in advance in the TEE management server to determine whether forgery or falsification has occurred.
In addition, the present invention has an effect of improving security because it is possible to determine whether a forgery or falsification has been made using an OTP value generated by a TEE device and a specific hash value of an application program.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is clearly understood that the same is by way of illustration and example only and is not to be taken by way of limitation, It is within the scope of the present invention that component changes to such an extent that they can be coped evenly within a range that does not deviate from the scope of the present invention.
10: TEE device 20: TEE management server
21: server communication unit 22: dex file encryption unit
23: server encryption / decryption unit 24: server OTP generation unit
25: server symmetric key generation unit 100: NWD (Normal World)
110: communication unit 120: information collecting unit
130: DEX file loading unit 140: JNI interface
200: SWD (Secure World) 210: forgery encryption unit
220: dex file decryption unit 230: ID information encryption unit
240: encryption / decryption unit 250: OTP generation unit
260: Symmetric key generation unit
Claims (15)
Separating a security module related to a security operation of an application program installed in the TEE device and encrypting and storing the module in the TEE management server; And
When the specific application module executes the separated application program in the TEE device, receives the encrypted specific module from the TEE management server, decrypts the specific module in the security area managed by the security operating system of the TEE device, And performing a security operation based on the trusted execution environment
A Trusted Execution Environment based application program protection method characterized by being an ARM TrustZone based TEE that is physically separated from a general area in which a general operating system operates
And comparing the hash value of the application program of the TEE device with a specific hash value stored in advance in the TEE management server to confirm whether the application program is forged or modified based on the trusted execution environment. To Protect Your Application Programs
A first step of encrypting ID information and version information of the specific module in the secure operating system, transmitting the encrypted ID information to the TEE management server, and requesting a specific encrypted module stored in the TEE management server;
A second step of the TEE management server searching for an encrypted specific module corresponding to the version information and delivering the encrypted specific module to the TEE device;
A third step of the TEE device decoding the specific module in the secure operating system and then loading a specific module for checking whether the application program is falsified or not in the general operating system;
A fourth step of encrypting the version information and the specific hash value of the application program collected by the specific module by the TEE device in the security operating system and then transmitting the same to the TEE management server together with the OTP value generated in the security operating system;
A fifth step of verifying whether the application program is forged or falsified by using the OTP value received from the TEE device, the version information of the application program and the specific hash value, and generating the forgery and the falsification result data; And
And terminating the application program when the TEE device decrypts the encrypted forgery result data received from the TEE management server in the security operating system and turns out to be a forgery or corruption. How to Protect Programs
And a dex file format including a class for verifying the forgery and falsification of the application.
Collecting ID information of a TEE device and version information of a DEX file corresponding to a specific module in a general operating system and encrypting the ID information;
Decrypting the ID information and version information in a secure operating system;
Generating a symmetric key in the secure operating system, encrypting the ID information and version information, and encrypting the symmetric key using a public key; And
And transmitting the encrypted information and the symmetric key to the TEE management server through a general operating system and requesting a specific encrypted module stored in the TEE management server. Way
And storing the hash value of the application program corresponding to the version information among the information of the decrypted TEE device in the TEE management server
Decrypting the symmetric key transmitted from the TEE device using the public key;
Decrypting the encrypted information transmitted from the TEE device using the decrypted symmetric key;
Searching for a specific module requested by the TEE device using the transmitted information of the decrypted TEE device, and generating a symmetric key for the session;
Encrypting the specific module and version information using the symmetric key for the session and encrypting the symmetric key for the session with a public key;
And transmitting the encrypted specific module and version information together with the symmetric key for the encrypted session to the TEE device.
Decrypting the symmetric key for the encrypted session with a public key in a secure operating system;
Decrypting the encrypted specific module transmitted from the TEE management server using the symmetric key for the decrypted session in the secure operating system; And
And executing a forgery check operation by loading a dex file corresponding to the decrypted specific module in a general operating system.
Collecting version information and a specific hash value of an application program in a general operating system, and transferring the version information and the hash value to a security operating system;
Generating a symmetric key for OTP and forgery check in a secure operating system;
Encrypting the forgery and falsification determination information including the version information and the specific hash value with the symmetric key for forgery check in the security operating system and encrypting the symmetric key for forgery check using the public key; And
And transmitting the encrypted symmetric key for forgery check and forgery determination information to the TEE management server.
Decrypting the encrypted symmetric key for forgery check using a public key;
Decrypting the forgery-and-alteration determination information using the decrypted symmetric key for forgery check;
Determining whether the OTP value is normal using the OTP value received from the TEE device; And
Comparing the specific hash value received from the TEE device with a specific hash value stored in advance in the TEE management server to determine whether the hash value is normal and generating forged result information; How to protect application program based on execution environment
Generating a symmetric key for forgery result in the TEE management server;
Encrypting the forgery and falsification result information using the symmetric key for forgery result in the TEE management server and encrypting the symmetric key for forgery result with a public key;
Transmitting the encrypted symmetric key for forgery result and forgery result information to the TEE device;
Decrypting the symmetric key for the encrypted forgery result with the public key in the security operating system of the TEE device, and then decrypting the encrypted forgery result information using the decrypted symmetric key for forgery result; And
And transmitting the forgery and falsification result information to the general operating system of the TEE device, and if it is determined that the forgery and falsification has occurred, terminating the application program and activating the application program if it is determined to be normal.
And a TEE management server for updating the security information of the TEE device,
The TEE device includes an application program in which a specific module among security-related modules in the form of a DEX file constituting an application program is detached,
Wherein the TEE management server encrypts and stores a specific module in the form of a DEX file separated from the application program,
When the specific module executes the separated application program, receives the encrypted specific module from the TEE management server, decrypts the decrypted specific module in the security domain managed by the security operating system, and then performs security related operation by the decrypted specific module Application program protection system based on trusted execution environment
Wherein the specific module is configured in a dex file format including a class for verifying the forgery and falsification of an application,
The security-related operation by the specific module is a process for checking whether an application program is forged or modified based on a trusted execution environment by comparing a specific hash value of the application program of the TEE device with a specific hash value stored in advance in the TEE management server And the application program protection system based on the trusted execution environment
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150173339A KR101756978B1 (en) | 2015-12-07 | 2015-12-07 | Method and System for Protecting application program in trusted execution environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150173339A KR101756978B1 (en) | 2015-12-07 | 2015-12-07 | Method and System for Protecting application program in trusted execution environment |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20170067003A true KR20170067003A (en) | 2017-06-15 |
KR101756978B1 KR101756978B1 (en) | 2017-07-11 |
Family
ID=59217359
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150173339A KR101756978B1 (en) | 2015-12-07 | 2015-12-07 | Method and System for Protecting application program in trusted execution environment |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101756978B1 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20190046022A (en) | 2017-10-25 | 2019-05-07 | 이화여자대학교 산학협력단 | Validation method for medical enterprise application and validation system for the same |
WO2019098790A1 (en) * | 2017-11-20 | 2019-05-23 | 삼성전자 주식회사 | Electronic device and method for transmitting and receiving data on the basis of security operating system in electronic device |
KR102031248B1 (en) * | 2019-01-14 | 2019-10-11 | 충남대학교산학협력단 | Method for verifying safeness in execution environment using security module |
CN111881459A (en) * | 2020-08-03 | 2020-11-03 | 沈阳谦川科技有限公司 | Equipment risk control and management system and detection method based on trusted computing environment |
CN112364374A (en) * | 2020-11-04 | 2021-02-12 | 沈阳通用软件有限公司 | File copying, moving, compressing and decompressing operation identification method on Linux platform |
CN112446033A (en) * | 2020-12-11 | 2021-03-05 | 中国科学院信息工程研究所 | Software trusted starting method and device, electronic equipment and storage medium |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111740824B (en) * | 2020-07-17 | 2020-11-17 | 支付宝(杭州)信息技术有限公司 | Trusted application management method and device |
-
2015
- 2015-12-07 KR KR1020150173339A patent/KR101756978B1/en active IP Right Grant
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20190046022A (en) | 2017-10-25 | 2019-05-07 | 이화여자대학교 산학협력단 | Validation method for medical enterprise application and validation system for the same |
WO2019098790A1 (en) * | 2017-11-20 | 2019-05-23 | 삼성전자 주식회사 | Electronic device and method for transmitting and receiving data on the basis of security operating system in electronic device |
US11347897B2 (en) | 2017-11-20 | 2022-05-31 | Samsung Electronics Co., Ltd. | Electronic device and method for transmitting and receiving data on the basis of security operating system in electronic device |
KR102031248B1 (en) * | 2019-01-14 | 2019-10-11 | 충남대학교산학협력단 | Method for verifying safeness in execution environment using security module |
WO2020149440A1 (en) * | 2019-01-14 | 2020-07-23 | 충남대학교산학협력단 | Method for verifying safety of execution environment by using security module |
CN111881459A (en) * | 2020-08-03 | 2020-11-03 | 沈阳谦川科技有限公司 | Equipment risk control and management system and detection method based on trusted computing environment |
CN111881459B (en) * | 2020-08-03 | 2024-04-05 | 沈阳谦川科技有限公司 | Equipment risk control system and detection method based on trusted computing environment |
CN112364374A (en) * | 2020-11-04 | 2021-02-12 | 沈阳通用软件有限公司 | File copying, moving, compressing and decompressing operation identification method on Linux platform |
CN112446033A (en) * | 2020-12-11 | 2021-03-05 | 中国科学院信息工程研究所 | Software trusted starting method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
KR101756978B1 (en) | 2017-07-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101756978B1 (en) | Method and System for Protecting application program in trusted execution environment | |
KR101000191B1 (en) | Secure software updates | |
JP5821034B2 (en) | Information processing apparatus, virtual machine generation method, and application distribution system | |
US20160277186A1 (en) | Securely recovering a computing device | |
US20090257595A1 (en) | Single Security Model In Booting A Computing Device | |
CN106295255B (en) | Application program reinforcing method and device | |
US20070039054A1 (en) | Computing system feature activation mechanism | |
WO2009129192A1 (en) | Code image personalization for a computing device | |
CN111143869B (en) | Application package processing method and device, electronic equipment and storage medium | |
CN103577206A (en) | Method and device for installing application software | |
JP2009070408A (en) | Information processing unit | |
WO2009032036A2 (en) | Compatible trust in a computing device | |
US9344406B2 (en) | Information processing device, information processing method, and computer program product | |
JP2010182196A (en) | Information processing apparatus and file verification system | |
JP6199712B2 (en) | Communication terminal device, communication terminal association method, and computer program | |
US10025575B2 (en) | Method for installing security-relevant applications in a security element of a terminal | |
CN110837643B (en) | Activation method and device of trusted execution environment | |
JP2019008592A (en) | Secure element, computer program, device, os starting system, and os starting method | |
US11556673B2 (en) | Method for managing an instance of a class | |
US10318766B2 (en) | Method for the secured recording of data, corresponding device and program | |
JP2009169868A (en) | Storage area access device and method for accessing storage area | |
WO2010023683A2 (en) | A method and system for client data security | |
JP6322961B2 (en) | Application program and execution method thereof | |
US8176249B2 (en) | Methods for embedding session secrets, within application instances | |
EP2138946A1 (en) | Secure memory management system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |