KR20170067003A - Method and System for Protecting application program in trusted execution environment - Google Patents

Method and System for Protecting application program in trusted execution environment Download PDF

Info

Publication number
KR20170067003A
KR20170067003A KR1020150173339A KR20150173339A KR20170067003A KR 20170067003 A KR20170067003 A KR 20170067003A KR 1020150173339 A KR1020150173339 A KR 1020150173339A KR 20150173339 A KR20150173339 A KR 20150173339A KR 20170067003 A KR20170067003 A KR 20170067003A
Authority
KR
South Korea
Prior art keywords
tee
application program
operating system
management server
security
Prior art date
Application number
KR1020150173339A
Other languages
Korean (ko)
Other versions
KR101756978B1 (en
Inventor
최원근
김성원
안준철
강지헌
Original Assignee
(주)케이스마텍
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)케이스마텍 filed Critical (주)케이스마텍
Priority to KR1020150173339A priority Critical patent/KR101756978B1/en
Publication of KR20170067003A publication Critical patent/KR20170067003A/en
Application granted granted Critical
Publication of KR101756978B1 publication Critical patent/KR101756978B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
    • G06F21/126Interacting with the operating system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Abstract

The present invention relates to a method and system for protecting an application program based on a trusted execution environment. The method for protecting an application program based on a trusted execution environment includes a secure operating system that operates independently of a general operating system, A protection method for protecting an application program installed and running in a TEE device using a TEE device supporting an environment base and a TEE management server updating security information of the TEE device, Separating a specific module related to the security operation of the TEE management server and encrypting and storing it in the TEE management server; And a control unit for receiving the encrypted specific module from the TEE management server and decrypting the specific module in the security area managed by the security operating system of the TEE device when the separated application program is executed in the TEE device, And performing a security operation by the module.
Therefore, according to the present invention, a specific module of an application program installed in a trusted operating environment-based TEE device is stored in a TEE management server, and each time an application program is run, a specific module in a security area managed by the security operating system of the TEE device There is an effect of providing a method and system for protecting an application program based on a trusted execution environment that improves the security of an application program by decrypting the module and performing a security operation by the specific module.

Figure P1020150173339

Description

Technical Field [0001] The present invention relates to a method and system for protecting an application program based on a trusted execution environment,

The present invention relates to a method and system for protecting an application program based on a trusted execution environment, and more particularly, to a method and system for protecting an application program installed in a trusted execution environment based TEE device, And more particularly, to a method and system for protecting an application program based on a trusted execution environment that improves the security of an application program by decrypting a specific module in a security area managed by the security operating system of the TEE device each time the program is run.

2. Description of the Related Art In recent years, a general operating system that operates in a non-trusted execution environment (NTEE) in a portable terminal such as a smart phone or a tablet PC, and a trusted execution environment (TEE ), A secure operating environment-based security technology including a security operating system operating at the same time is being applied.

Here, NTEE refers to an operating system (OS), drivers, middleware, and applications. The most popular example of such a system is Android. Android includes the Linux kernel, device drivers, the Android runtime environment, Android middleware and applications.

On the other hand, TEE includes security critical components. Security elements are accessed by the executing NTEE elements, and certain security related actions are performed by this approach. In general, TEE includes a security OS, security drivers, security middleware, and trusted applications (TA).

At this time, in order to maintain the integrity of TEE, all elements of TEE are subject to security boot.

That is, the security technology based on the trusted execution environment greatly improves the security because the security operating system running in TEE is booted before the general operating system running on NTEE is executed.

However, these methods have a problem in that, when using a general operating system based on an open source such as Android, there is a possibility that a malicious code that is installed in a portable terminal in advance, .

Accordingly, there is an urgent need for a realistic and applicable security technology capable of preventing the application program installed in a TEE device, such as a trusted terminal based on a trusted execution environment, from being recompiled.

Korean Patent Registration No. 10-1324693 (October 28, 2013)

SUMMARY OF THE INVENTION The present invention has been conceived in order to solve the above problems, and it is an object of the present invention to provide a method and a system for storing a specific module of an application program installed in a trusted execution environment based TEE device in a TEE management server, A method and system for protecting an application program based on a trusted execution environment in which security of an application program is improved by decrypting a specific module in a security area managed by a security operating system of the device and performing a security operation by the specific module .

The method for protecting an application program based on a trusted execution environment according to an exemplary embodiment of the present invention includes a TEE device supporting a Trusted Execution Environment based on a security operating system operating independently of a general operating system, A protection method for protecting an application program installed in a TEE device using an updated TEE management server, the protection method comprising: separating a security module related to an application program installed in the TEE device, ; And a control unit for receiving the encrypted specific module from the TEE management server and decrypting the specific module in the security area managed by the security operating system of the TEE device when the separated application program is executed in the TEE device, And performing a security operation by the module.

The security area managed by the security operating system of the TEE device may be an ARM trust zone (TEE) based on physical isolation from a general area in which a general operating system operates.

Wherein the step of receiving the encrypted specific module from the TEE management server and decrypting the specific module in a security area managed by the secure operating system of the TEE device and performing a security operation by the specific module comprises: And comparing the hash value of the application program with a specific hash value stored in advance in the TEE management server, thereby confirming whether the application program is faked or not based on the trusted execution environment.

The TEE device encrypts the ID information and the version information of the specific module in the secure operating system and transmits the ID information to the TEE management server after confirming whether the application program is falsified or not based on the trusted execution environment, Requesting a specific encrypted module stored in the first module; A second step of the TEE management server searching for an encrypted specific module corresponding to the version information and delivering the encrypted specific module to the TEE device; A third step of the TEE device decoding the specific module in the secure operating system and then loading a specific module for checking whether the application program is falsified or not in the general operating system; A fourth step of encrypting the version information and the specific hash value of the application program collected by the specific module by the TEE device in the security operating system and then transmitting the same to the TEE management server together with the OTP value generated in the security operating system; A fifth step of verifying whether the application program is forged or falsified by using the OTP value received from the TEE device, the version information of the application program and the specific hash value, and generating the forgery / fake result data; And terminating the application program when the TEE device decrypts the encrypted forgery result data received from the TEE management server in the security operating system and turns out to be a forgery or corruption.

The specific module may be configured in a dex file format including a class for verifying forgery and falsification of an application.

The first step in which the TEE device requests an encrypted specific module stored in the TEE management server includes collecting and encrypting ID information of a TEE device and version information of a DEX file corresponding to a specific module in a general operating system; Decrypting the ID information and version information in a secure operating system; Generating a symmetric key in the secure operating system, encrypting the ID information and version information, and encrypting the symmetric key using a public key; And transmitting the encrypted information and the symmetric key to the TEE management server via a general operating system and requesting a specific encrypted module stored in the TEE management server.

Storing a specific hash value of an application program corresponding to version information in the decrypted TEE device information in a TEE management server before a first step in which the TEE device requests an encrypted specific module stored in the TEE management server ; ≪ / RTI >

The second step of the TEE management server searching for an encrypted specific module corresponding to the version information and transferring the encrypted specific module to the TEE device comprises the steps of: decrypting the symmetric key transmitted from the TEE device using the public key; Decrypting the encrypted information transmitted from the TEE device using the decrypted symmetric key; Searching for a specific module requested by the TEE device using the transmitted information of the decrypted TEE device, and generating a symmetric key for the session; Encrypting the specific module and version information using the symmetric key for the session and encrypting the symmetric key for the session with a public key; And transmitting the encrypted specific module and version information together with the symmetric key for the encrypted session to the TEE device.

The third step of the TEE device decrypting the specific module in the secure operating system and then loading a specific module for checking whether the application program is falsified or not in the general operating system is a step of decrypting the symmetric key for the encrypted session with the public key in the secure operating system ; Decrypting the encrypted specific module transmitted from the TEE management server using the symmetric key for the decrypted session in the secure operating system; And executing a forgery check operation by loading a dex file corresponding to the decrypted specific module in a general operating system.

The fourth step of encrypting the version information and the specific hash value of the application program collected by the TEE device by the specific module in the security operating system and then transmitting the same to the TEE management server together with the OTP value generated in the security operating system, Collecting version information and a specific hash value of the application program and delivering it to the security operating system; Generating a symmetric key for OTP and forgery check in a secure operating system; Encrypting the forgery-and-alteration determination information including the version information, the specific hash value and the OTP with the symmetric key for forgery check in the security operating system, and encrypting the symmetric key for forgery check using the public key; And transmitting the encrypted symmetric key for forgery check and forgery determination information to the TEE management server.

The fifth step of verifying whether the application program is forged or falsified by using the OTP value received from the TEE device, the version information of the application program and the specific hash value, and generating the forgery and the falsification result data, Decrypting the encrypted symmetric key for forgery check; Decrypting the forgery-and-alteration determination information using the decrypted symmetric key for forgery check; Determining whether the OTP value is normal using the OTP value received from the TEE device; And comparing the specific hash value received from the TEE device with a specific hash value stored in advance in the TEE management server to determine whether the hash value is normal and generating the forgery result information.

The sixth step of the TEE device decrypting the encrypted forgery result data received from the TEE management server in the security operating system and ending the application program if it is determined that the forgery or falsification has occurred, generates a symmetric key for forgery result in the TEE management server step; Encrypting the forgery and falsification result information using the symmetric key for forgery result in the TEE management server and encrypting the symmetric key for forgery result with a public key; Transmitting the encrypted symmetric key for forgery result and forgery result information to the TEE device; Decrypting the symmetric key for the encrypted forgery result with the public key in the security operating system of the TEE device, and then decrypting the encrypted forgery result information using the decrypted symmetric key for forgery result; And if the forgery and falsification result information is transmitted to the general operating system of the TEE device and it is determined that the application program is forgery and the application program is terminated and the application program is determined to be normal, the method may be executed.

The trusted program execution environment based application program protection system according to an embodiment of the present invention includes a secure operating system that operates independently of a general operating system and supports a trusted execution environment base and supports at least one or more security- A TEE device for installing an application program in the form of a TEE device; And a TEE management server for updating security information of the TEE device, wherein the TEE device is installed with an application program in which a specific module among security-related modules in the form of a DEX file constituting an application program is separated, The server can encrypt and store a specific module in the form of a DEX file separated from the application program.

The TEE device receives the encrypted specific module from the TEE management server when the specific module executes the separated application program, decrypts the decrypted specific module in the security domain managed by the security operating system, Operation can be performed.

Wherein the specific module is configured in the form of a dex file including a class for verifying the forgery and falsification of the application and the security related operation by the specific module is performed by sending a specific hash value of the application program of the TEE device to the TEE management server And comparing the hash value with a predetermined hash value stored in advance, thereby confirming whether the application program is falsified or not based on the trusted execution environment.

As described above, according to the present invention, a specific module of an application program installed in a TEE device based on a trusted execution environment is stored in a TEE management server, and each time an application program is run, It is possible to block the possibility of hacking by decompiling general operating system based on open source by decrypting a specific module in the security domain and performing security operation by the specific module.

In addition, the present invention has an effect of improving security by using a TEE device based on an ARM trust zone physically separated from a general operating system while providing a TEE device based on a trusted execution environment.

In addition, the present invention has an effect of enhancing the efficiency of the security-related application program by comparing the hash value of the application program of the TEE device with the specific hash value stored in advance in the TEE management server to determine whether forgery or falsification has occurred.

In addition, the present invention has an effect of improving security because it is possible to determine whether a forgery or falsification has been made using an OTP value generated by a TEE device and a specific hash value of an application program.

In addition, the present invention can enhance security by selecting a specific module from among one or more security-related modules constituting a Dex file and encrypting and storing the selected module in a TEE management server rather than a TEE device, It is effective to improve the security by performing it independently in the security operating system.

In addition to the forgery and falsification determination information in the TEE device, an effect of increasing the reliability of a security token such as OTP is generated by generating a hash value of an application when generating an OTP and a file size and time of a dex file constituting the application have.

Further, the present invention has an effect of preventing data corresponding to the forgery-and-falsely determined information from being exposed on the network by encrypting the data transmitted and received on the network with the symmetric key and encrypting the symmetric key with the public key.

FIG. 1 is a block diagram for schematically explaining a method for protecting an application program based on a trusted execution environment according to an embodiment of the present invention.
FIG. 2 is a diagram for explaining a configuration in which a Dext file shown in FIG. 1 is separately stored.
3 is a flowchart illustrating a process for checking whether an application program is forged or modified in a trusted execution environment according to an embodiment of the present invention.
4 is a flowchart showing a flow when a TEE device requests a specific module stored in a TEE management server. (Step 1)
5 is a flowchart showing a flow when a TEE management server finds a specific encrypted module and transmits it to a TEE device (second step)
6 is a flowchart showing a flow when a TEE device decodes a specific module and loads a specific module (third step)
7 is a flowchart showing a flow when a TEE device encrypts application forgery determination information and transmits it to a TEE management server. (Step 4)
8 is a diagram showing an example of a flag table and a specific hash value for making a forgery check value including a specific hash value as a flag
9 is a flowchart showing a flow when a TEE management server verifies a forgery and falsification of an application program and generates result data. (Step 5)
10 is a flowchart showing a flow when a TEE device decrypts forgery result data in a TEE management server and terminates an application program if it is determined to be a forgery or falsification (step 6)
11 is a block diagram of a system block for schematically explaining a trusted execution environment based application program protection system according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings.

FIG. 1 is a block diagram schematically illustrating a method for protecting an application program based on a trusted execution environment according to an embodiment of the present invention. Referring to FIG.

The present invention includes both a general operating system operating in a non-trusted execution environment (NTEE) and a secure operating system operating in a trusted execution environment (TEE) independently of the general operating system The present invention relates to a method of protecting an application program installed in a trusted execution environment based TEE device.

Hereinafter, an area where a general operating system operates is referred to as a NW (Normal World) 100, and an area where a security operating system operates is referred to as a SW (Secure Wolrd)

In the present invention, the TEE device 10 refers to a portable terminal such as a smart phone or a tablet PC, and includes a general operating system based on an open source such as Android.

In addition, the present invention includes a TEE management server 20 that updates the security information of the TEE device 10.

As shown in FIG. 1, a method for protecting an application program based on a trusted execution environment according to an embodiment of the present invention includes separating and encrypting a specific module from an application program installed in the TEE device 10 described above TEE management server 20, and distributing the application program in which the specific module is separated to the application store, for example, the Android market.

In this case, according to the embodiment of the present invention, the specific module is separated from a dex file including a plurality of classes provided in an application operating in the Android operating system, and includes a class for verifying forgery / (dex) file format.

FIG. 2 is a diagram for further explaining a configuration in which the Dext files shown in FIG. 1 are separately stored.

2, an application program installed in the TEE device according to an exemplary embodiment of the present invention indicates an Android program package (APK), which separates a specific class previously selected as an important module from a Dex file, The APK can be distributed to the Android market or the like, and the important module such as the above-mentioned specific class can be stored in the TEE management server 20. [

Here, it is desirable that the important module such as the specific class stored in the TEE management server 20 is encrypted and stored. Also, when the user downloads the modified APK from the Android market and installs it in the TEE device 10, The SW 200 of the device can decode the important module. A detailed description thereof will be given later.

As described above, a protection method for protecting an application program installed and executed in a TEE device according to an embodiment of the present invention includes separating a security module related to an application program installed in the TEE device, And when the specific module executes the separated application program in the TEE device, receiving the encrypted specific module from the TEE management server and storing the encrypted specific module in a security area (SW) 200 managed by the security operating system of the TEE device And decrypting the specific module and performing a security operation by the specific module.

At this time, the security area SW 200 managed by the security operating system of the TEE device 10 may be an ARM trust zone-based TEE physically separated from the general area NW 100 in which the general operating system operates .

Meanwhile, in the embodiment of the present invention, the encrypted specific module is received from the TEE management server 20, and the specific module is decrypted in the security area SW 200 managed by the security operating system of the TEE device 10 The step of performing the security operation by the specific module may include comparing the hash value of the application program of the TEE device 10 with a specific hash value stored in advance in the TEE management server 20, And checking whether the application program has been tampered with or not.

Hereinafter, a process for checking whether an application program is falsified or not according to an exemplary embodiment of the present invention will be described with reference to FIGS. 3 to 10. FIG.

3 is a flowchart illustrating a process of checking whether an application program has been tampered with in a trusted execution environment according to an exemplary embodiment of the present invention.

As shown in the figure, a process for checking whether an application program is falsified or not based on the trusted execution environment according to an embodiment of the present invention will be described.

First, the TEE device 10 performs a first step of requesting a specific module stored in the TEE management server 20.

In the first step S100, the TEE device 10 encrypts the ID information and the version information of the specific module in the secure operating system and transmits the ID information to the TEE management server 20, 20, < / RTI >

Next, the TEE management server 20 searches the encrypted specific module corresponding to the version information and transmits the encrypted specific module to the TEE device 10 (S200).

Next, the TEE device 10 performs a third step (S300) of decrypting a specific module and loading a specific module.

In the third step S300, the TEE device 10 may load the specific module for decrypting the specific module in the secure operating system and checking whether the application program is falsified or not in the general operating system.

Next, the TEE device 10 performs a fourth step (S400) of encrypting application forgery determination information and transmitting it to the TEE management server 20.

In the fourth step S400, the TEE device 10 encrypts the version information of the application program collected by the specific module and the specific hash value in the security operating system, and then the OTP value generated in the security operating system Together with the TEE management server.

Next, the TEE management server 20 performs a fifth step S500 of verifying the forgery and falsification of the application program and generating the result data.

In the fifth step S500, the TEE management server 20 determines whether the application program is forged or not by using the OTP value received from the TEE device 10, the version information of the application program, and the specific hash value And generating forged result data.

Finally, when the TEE device 10 decrypts the encrypted forgery result data received from the TEE management server in the secure operating system and turns out to be a forgery, the sixth step S600 is performed to end the application program.

The process of checking whether the application program shown in FIG. 3 is falsified or not will be described in detail with reference to FIGS. 4 to 10 as follows.

4 is a flowchart showing a flow when a TEE device requests a specific module stored in a TEE management server.

4, in operation S100, the TEE device requests the encrypted specific module stored in the TEE management server according to the embodiment of the present invention. In operation S100, the ID information of the TEE device 10 The version information of the DEX file corresponding to the specific module is collected and encrypted (S110), and the ID and version information are decrypted in the secure operating system (S120)

 Next, the security operating system generates a symmetric key, encrypts the ID information and the version information, encrypts the symmetric key using the public key (S130), and transmits the encrypted information and the symmetric key to the TEE management The server 20 and request the specific encrypted module stored in the TEE management server 10. (S140)

Meanwhile, in the embodiment of the present invention, before the TEE device 10 requests the encrypted specific module stored in the TEE management server 20, an application corresponding to the version information of the decrypted TEE device A specific hash value of the program can be stored in the TEE management server and used as information corresponding to the forgery-and-fake determination information to be described later.

5 is a flowchart showing a flow when a TEE management server finds an encrypted specific module and transmits the specific module to a TEE device.

As shown in FIG. 5, in operation S200, the TEE management server 20 finds an encrypted specific module corresponding to the version information of the DEX file and transmits the encrypted specific module to the TEE device 10 , Decrypts the symmetric key transmitted from the TEE device 10 using the public key at step S210, and decrypts the encrypted information transmitted from the TEE device 10 using the decrypted symmetric key at step S220.

Next, a specific module requested by the TEE device 10 is found by using the transmitted information of the decrypted TEE device 10, a symmetric key for the session is generated (S230), and the specific module And version information, encrypts the symmetric key for the session with the public key (S240), and transmits the encrypted specific module and version information together with the symmetric key for the encrypted session to the TEE device 10 (S250 )

6 is a flowchart showing a flow when a TEE device decodes a specific module and loads a specific module.

As shown in the figure, in operation S300, a TEE device decrypts a specific module in a secure operating system and then loads a specific module for checking whether an application program is falsified or not in a general operating system, The secure operating system decrypts the symmetric key for the encrypted session with the public key in step S310 and decrypts the encrypted specific module transmitted from the TEE management server 20 using the decrypted session symmetric key in step S320, , The general operating system loads a dex file corresponding to the decrypted specific module and executes a forgery check operation (S330)

7 is a flowchart showing a flow when a TEE device encrypts application forgery determination information and transmits it to a TEE management server.

As shown in the figure, according to an embodiment of the present invention, a TEE device encrypts version information of an application program collected by a specific module and a specific hash value in a security operating system, and then, together with the OTP value generated in the security operating system In step S400, the generic operating system collects the version information of the application program and the specific hash value, and transmits the collected information to the secure operating system in step S410. In step S410, the OTP and the symmetric key for forgery check are generated in the secure operating system. (S420)

Next, the security operating system encrypts the version information, the specific hash value and forgery determination information including the OTP with the symmetric key for forgery check, encrypts the symmetric key for forgery check using the public key (S430) The symmetric key for forgery check and forgery determination information to the TEE management server 20 (S440)

8 is a diagram showing an example of a flag table and a specific hash value for randomizing a forgery check value including a specific hash value.

Referring to FIG. 8, a method for randomizing the feature value for forgery check including the specific hash value of the fourth step will be described in detail as follows.

As shown in the figure, in the embodiment of the present invention, it is possible to configure a flag table that associates the APK file, the DEX file, and the files in the RES folder with the hash value, file size, and binary OFFSET.

Here, for example, HASH1 shown in the drawing can be extracted as SHA1, HASH2 can be extracted as SHA2, and the file size can be expressed by the actual size of the BYTE unit file.

Also, as shown in the figure, a specific position value of a file occupied in the memory, for example, 200 to 300 address HEX values, can also be divided into feature values.

On the other hand, when FLAG TABLE is referenced, when FLAG is displayed as 101203, it indicates the HASH1 value of the FLAG table and the file size of the dex file. When it is transmitted to the security area of the security operating system, Security token).

9 is a flowchart showing a flow when the TEE management server verifies the forgery and falsification of the application program and generates the result data.

As shown in the figure, according to an embodiment of the present invention, a TEE management server verifies whether an application program is forged or falsified by using an OTP value received from a TEE device, version information of an application program, and a specific hash value, (S500), the encrypted symmetric key for forgery check is decrypted using the public key (S510), and the forgery or falsification determination information is decrypted using the decrypted symmetric key for forgery check (S520)

The OTP value and the hash value received from the TEE device 10 are compared with the OTP value and the specific hash value stored in advance in the TEE management server 20, (S530, S540)

10 is a flowchart showing a flow when a TEE device decrypts forgery result data in a TEE management server and ends an application program if it is determined that the data is forged or falsified.

As shown in the figure, according to an embodiment of the present invention, when the TEE device decrypts the encrypted forgery result data received from the TEE management server in the secure operating system and turns out to be forgery, step S600 of terminating the application program , The TEE management server 20 generates a symmetric key for forgery result (S610), encrypts the forgery and the falsification result information using the symmetric key for forgery result in the TEE management server 20, (S620), and transmits the encrypted symmetric key for forgery result and forgery result information to the TEE device 10. In operation S630,

Next, the secure operating system of the TEE device 10 decrypts the encrypted symmetric key for forgery result with the public key, and then decrypts the encrypted forgery result information using the decrypted symmetric key for forgery result (S640) If the forgery and falsification result information is delivered to the general operating system of the TEE device 10 and it is determined that the application program is forgery and falsified,

11 is a block diagram of a system block for schematically explaining a trusted execution environment based application program protection system according to an embodiment of the present invention.

As shown in the figure, a trusted application environment based application program protection system according to an embodiment of the present invention includes a secure operating system that operates independently of a general operating system, and includes a TEE device 10 And a TEE management server 20 for updating the security information of the TEE device 10.

At this time, the TEE device 10 includes an application program having at least one security-related module in the form of a DEX file, and an application program in which a specific module among the security-related modules in the form of a DEX file, Can be installed.

More specifically, the TEE device performs communication with the TEE management server 20 in an area 100 (NWD) in which a general operating system operates in order to implement the above-described application protection method of FIGS. 3 to 10 A deck file loading unit 130 for loading a specific module in the form of a dex file, and a Java code used in a general operating system for use in a secure operating system. The communication unit 110, the information collecting unit 120 for collecting forgery- A forgery-and-falsification information encryption unit 210 for encrypting the forgery-and-falsification information collected by the information collection unit 120 in an area 200 (SWD) in which the security operating entity operates, a JNI interface 140 for converting the information into native code, A DEC file decryption unit 220 for decrypting an encrypted specific module in the form of a Dex file received by the TEE management server, an ID information encryption unit 230 for encrypting the device ID information, An OTP generation unit 250, and a symmetric key generation unit 260. The OTP generation unit 250,

The TEE management server 20 can encrypt and store a specific module in the DEX file format separated from the application program.

More specifically, the TEE management server 20 includes a server communication unit 21 for communicating with the communication unit 110 of the TEE device 10 in correspondence with the TEE device 10 described above, A server encryption / decryption unit 23 using a public key and a symmetric key, a server OTP generation unit 24, and a server symmetric key generation unit 24, (25).

Meanwhile, in the embodiment of the present invention, when the specific module executes the separated application program, the TEE device 10 receives the encrypted specific module from the TEE management server 20, And perform security related operations by the decrypted specific module after decoding in the security domain.

Also, in the embodiment of the present invention, the specific module is configured in the form of a dex file including a class for verifying the forgery and falsification of the application, and the security related operation by the specific module is performed by the TEE And comparing the hash value of the application program of the device 10 with a specific hash value stored in advance in the TEE management server 20 to confirm whether the application program is forged or modified based on the trusted execution environment.

As described above, according to the present invention, a specific module of an application program installed in a trusted execution environment-based TEE device is stored in a TEE management server, and whenever the application program is activated, the security operating system of the TEE device The specific module is decrypted in the security zone to be managed and then the security operation is performed by the specific module, thereby making it possible to block the possibility of hacking by decompilation of the general operating system based on the open source.

In addition, the present invention has an effect of improving security by using a TEE device based on an ARM trust zone physically separated from a general operating system while providing a TEE device based on a trusted execution environment.

In addition, the present invention has an effect of enhancing the efficiency of the security-related application program by comparing the hash value of the application program of the TEE device with the specific hash value stored in advance in the TEE management server to determine whether forgery or falsification has occurred.

In addition, the present invention has an effect of improving security because it is possible to determine whether a forgery or falsification has been made using an OTP value generated by a TEE device and a specific hash value of an application program.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is clearly understood that the same is by way of illustration and example only and is not to be taken by way of limitation, It is within the scope of the present invention that component changes to such an extent that they can be coped evenly within a range that does not deviate from the scope of the present invention.

10: TEE device 20: TEE management server
21: server communication unit 22: dex file encryption unit
23: server encryption / decryption unit 24: server OTP generation unit
25: server symmetric key generation unit 100: NWD (Normal World)
110: communication unit 120: information collecting unit
130: DEX file loading unit 140: JNI interface
200: SWD (Secure World) 210: forgery encryption unit
220: dex file decryption unit 230: ID information encryption unit
240: encryption / decryption unit 250: OTP generation unit
260: Symmetric key generation unit

Claims (15)

A TEE device supporting a trusted operating environment based on a security operating system operating independently of a general operating system and an application program installed and executed in the TEE device using a TEE management server for updating security information of the TEE device, In a protective method of protection,
Separating a security module related to a security operation of an application program installed in the TEE device and encrypting and storing the module in the TEE management server; And
When the specific application module executes the separated application program in the TEE device, receives the encrypted specific module from the TEE management server, decrypts the specific module in the security area managed by the security operating system of the TEE device, And performing a security operation based on the trusted execution environment
2. The TEE device of claim 1, wherein the secure area managed by the secure operating system of the TEE device comprises:
A Trusted Execution Environment based application program protection method characterized by being an ARM TrustZone based TEE that is physically separated from a general area in which a general operating system operates
The method as claimed in claim 1, wherein the encrypted specific module is received from a TEE management server and decrypted in a secure area managed by the secure operating system of the TEE device,
And comparing the hash value of the application program of the TEE device with a specific hash value stored in advance in the TEE management server to confirm whether the application program is forged or modified based on the trusted execution environment. To Protect Your Application Programs
The method as claimed in claim 3, wherein the step of checking whether the application program is fake or not based on the trusted execution environment comprises:
A first step of encrypting ID information and version information of the specific module in the secure operating system, transmitting the encrypted ID information to the TEE management server, and requesting a specific encrypted module stored in the TEE management server;
A second step of the TEE management server searching for an encrypted specific module corresponding to the version information and delivering the encrypted specific module to the TEE device;
A third step of the TEE device decoding the specific module in the secure operating system and then loading a specific module for checking whether the application program is falsified or not in the general operating system;
A fourth step of encrypting the version information and the specific hash value of the application program collected by the specific module by the TEE device in the security operating system and then transmitting the same to the TEE management server together with the OTP value generated in the security operating system;
A fifth step of verifying whether the application program is forged or falsified by using the OTP value received from the TEE device, the version information of the application program and the specific hash value, and generating the forgery and the falsification result data; And
And terminating the application program when the TEE device decrypts the encrypted forgery result data received from the TEE management server in the security operating system and turns out to be a forgery or corruption. How to Protect Programs
5. The apparatus of claim 4,
And a dex file format including a class for verifying the forgery and falsification of the application.
5. The method of claim 4, wherein the first step of the TEE device requesting an encrypted specific module stored in the TEE management server comprises:
Collecting ID information of a TEE device and version information of a DEX file corresponding to a specific module in a general operating system and encrypting the ID information;
Decrypting the ID information and version information in a secure operating system;
Generating a symmetric key in the secure operating system, encrypting the ID information and version information, and encrypting the symmetric key using a public key; And
And transmitting the encrypted information and the symmetric key to the TEE management server through a general operating system and requesting a specific encrypted module stored in the TEE management server. Way
7. The method of claim 6, further comprising: prior to a first step in which the TEE device requests an encrypted specific module stored in the TEE management server,
And storing the hash value of the application program corresponding to the version information among the information of the decrypted TEE device in the TEE management server
The method as claimed in claim 7, wherein the second step of the TEE management server finds an encrypted specific module corresponding to the version information and transfers the encrypted specific module to the TEE device,
Decrypting the symmetric key transmitted from the TEE device using the public key;
Decrypting the encrypted information transmitted from the TEE device using the decrypted symmetric key;
Searching for a specific module requested by the TEE device using the transmitted information of the decrypted TEE device, and generating a symmetric key for the session;
Encrypting the specific module and version information using the symmetric key for the session and encrypting the symmetric key for the session with a public key;
And transmitting the encrypted specific module and version information together with the symmetric key for the encrypted session to the TEE device.
The method as claimed in claim 8, wherein the TEE device decrypts the specific module in the secure operating system and then loads a specific module for checking whether the application program is falsified or not in the general operating system,
Decrypting the symmetric key for the encrypted session with a public key in a secure operating system;
Decrypting the encrypted specific module transmitted from the TEE management server using the symmetric key for the decrypted session in the secure operating system; And
And executing a forgery check operation by loading a dex file corresponding to the decrypted specific module in a general operating system.
The method according to claim 9, wherein the TEE device encrypts the version information of the application program collected by the specific module and the specific hash value in the security operating system, and then transmits the version information and the hash value together with the OTP value generated in the security operating system to the TEE management server In the fourth step,
Collecting version information and a specific hash value of an application program in a general operating system, and transferring the version information and the hash value to a security operating system;
Generating a symmetric key for OTP and forgery check in a secure operating system;
Encrypting the forgery and falsification determination information including the version information and the specific hash value with the symmetric key for forgery check in the security operating system and encrypting the symmetric key for forgery check using the public key; And
And transmitting the encrypted symmetric key for forgery check and forgery determination information to the TEE management server.
The method as claimed in claim 10, further comprising: a fifth step of verifying whether the application program is forged or falsified by using the OTP value received from the TEE device, version information of the application program and a specific hash value, Quot;
Decrypting the encrypted symmetric key for forgery check using a public key;
Decrypting the forgery-and-alteration determination information using the decrypted symmetric key for forgery check;
Determining whether the OTP value is normal using the OTP value received from the TEE device; And
Comparing the specific hash value received from the TEE device with a specific hash value stored in advance in the TEE management server to determine whether the hash value is normal and generating forged result information; How to protect application program based on execution environment
12. The method as claimed in claim 11, wherein the TEE device decrypts the encrypted forgery result data received from the TEE management server in the secure operating system,
Generating a symmetric key for forgery result in the TEE management server;
Encrypting the forgery and falsification result information using the symmetric key for forgery result in the TEE management server and encrypting the symmetric key for forgery result with a public key;
Transmitting the encrypted symmetric key for forgery result and forgery result information to the TEE device;
Decrypting the symmetric key for the encrypted forgery result with the public key in the security operating system of the TEE device, and then decrypting the encrypted forgery result information using the decrypted symmetric key for forgery result; And
And transmitting the forgery and falsification result information to the general operating system of the TEE device, and if it is determined that the forgery and falsification has occurred, terminating the application program and activating the application program if it is determined to be normal.
A TEE device for installing an application program supporting a trusted execution environment base including a security operating system operating independently of a general operating system and having at least one or more security related modules in a form of a DEX file; And
And a TEE management server for updating the security information of the TEE device,
The TEE device includes an application program in which a specific module among security-related modules in the form of a DEX file constituting an application program is detached,
Wherein the TEE management server encrypts and stores a specific module in the form of a DEX file separated from the application program,
14. The TEE device according to claim 13,
When the specific module executes the separated application program, receives the encrypted specific module from the TEE management server, decrypts the decrypted specific module in the security domain managed by the security operating system, and then performs security related operation by the decrypted specific module Application program protection system based on trusted execution environment
15. The method of claim 14,
Wherein the specific module is configured in a dex file format including a class for verifying the forgery and falsification of an application,
The security-related operation by the specific module is a process for checking whether an application program is forged or modified based on a trusted execution environment by comparing a specific hash value of the application program of the TEE device with a specific hash value stored in advance in the TEE management server And the application program protection system based on the trusted execution environment
KR1020150173339A 2015-12-07 2015-12-07 Method and System for Protecting application program in trusted execution environment KR101756978B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150173339A KR101756978B1 (en) 2015-12-07 2015-12-07 Method and System for Protecting application program in trusted execution environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150173339A KR101756978B1 (en) 2015-12-07 2015-12-07 Method and System for Protecting application program in trusted execution environment

Publications (2)

Publication Number Publication Date
KR20170067003A true KR20170067003A (en) 2017-06-15
KR101756978B1 KR101756978B1 (en) 2017-07-11

Family

ID=59217359

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150173339A KR101756978B1 (en) 2015-12-07 2015-12-07 Method and System for Protecting application program in trusted execution environment

Country Status (1)

Country Link
KR (1) KR101756978B1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190046022A (en) 2017-10-25 2019-05-07 이화여자대학교 산학협력단 Validation method for medical enterprise application and validation system for the same
WO2019098790A1 (en) * 2017-11-20 2019-05-23 삼성전자 주식회사 Electronic device and method for transmitting and receiving data on the basis of security operating system in electronic device
KR102031248B1 (en) * 2019-01-14 2019-10-11 충남대학교산학협력단 Method for verifying safeness in execution environment using security module
CN111881459A (en) * 2020-08-03 2020-11-03 沈阳谦川科技有限公司 Equipment risk control and management system and detection method based on trusted computing environment
CN112364374A (en) * 2020-11-04 2021-02-12 沈阳通用软件有限公司 File copying, moving, compressing and decompressing operation identification method on Linux platform
CN112446033A (en) * 2020-12-11 2021-03-05 中国科学院信息工程研究所 Software trusted starting method and device, electronic equipment and storage medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111740824B (en) * 2020-07-17 2020-11-17 支付宝(杭州)信息技术有限公司 Trusted application management method and device

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190046022A (en) 2017-10-25 2019-05-07 이화여자대학교 산학협력단 Validation method for medical enterprise application and validation system for the same
WO2019098790A1 (en) * 2017-11-20 2019-05-23 삼성전자 주식회사 Electronic device and method for transmitting and receiving data on the basis of security operating system in electronic device
US11347897B2 (en) 2017-11-20 2022-05-31 Samsung Electronics Co., Ltd. Electronic device and method for transmitting and receiving data on the basis of security operating system in electronic device
KR102031248B1 (en) * 2019-01-14 2019-10-11 충남대학교산학협력단 Method for verifying safeness in execution environment using security module
WO2020149440A1 (en) * 2019-01-14 2020-07-23 충남대학교산학협력단 Method for verifying safety of execution environment by using security module
CN111881459A (en) * 2020-08-03 2020-11-03 沈阳谦川科技有限公司 Equipment risk control and management system and detection method based on trusted computing environment
CN111881459B (en) * 2020-08-03 2024-04-05 沈阳谦川科技有限公司 Equipment risk control system and detection method based on trusted computing environment
CN112364374A (en) * 2020-11-04 2021-02-12 沈阳通用软件有限公司 File copying, moving, compressing and decompressing operation identification method on Linux platform
CN112446033A (en) * 2020-12-11 2021-03-05 中国科学院信息工程研究所 Software trusted starting method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
KR101756978B1 (en) 2017-07-11

Similar Documents

Publication Publication Date Title
KR101756978B1 (en) Method and System for Protecting application program in trusted execution environment
KR101000191B1 (en) Secure software updates
JP5821034B2 (en) Information processing apparatus, virtual machine generation method, and application distribution system
US20160277186A1 (en) Securely recovering a computing device
US20090257595A1 (en) Single Security Model In Booting A Computing Device
CN106295255B (en) Application program reinforcing method and device
US20070039054A1 (en) Computing system feature activation mechanism
WO2009129192A1 (en) Code image personalization for a computing device
CN111143869B (en) Application package processing method and device, electronic equipment and storage medium
CN103577206A (en) Method and device for installing application software
JP2009070408A (en) Information processing unit
WO2009032036A2 (en) Compatible trust in a computing device
US9344406B2 (en) Information processing device, information processing method, and computer program product
JP2010182196A (en) Information processing apparatus and file verification system
JP6199712B2 (en) Communication terminal device, communication terminal association method, and computer program
US10025575B2 (en) Method for installing security-relevant applications in a security element of a terminal
CN110837643B (en) Activation method and device of trusted execution environment
JP2019008592A (en) Secure element, computer program, device, os starting system, and os starting method
US11556673B2 (en) Method for managing an instance of a class
US10318766B2 (en) Method for the secured recording of data, corresponding device and program
JP2009169868A (en) Storage area access device and method for accessing storage area
WO2010023683A2 (en) A method and system for client data security
JP6322961B2 (en) Application program and execution method thereof
US8176249B2 (en) Methods for embedding session secrets, within application instances
EP2138946A1 (en) Secure memory management system

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant