计算机工程

• 安全技术 • 上一篇    下一篇

基于TrustZone技术的安全移动远程控制系统

韩金宸1,2,3,夏虞斌3,陈海波3,臧斌宇3   

  1. (1.复旦大学软件学院,上海 201210; 2.复旦大学上海市数据科学重点实验室,上海 200433; 3.上海交通大学软件学院并行与分布式系统研究所,上海 200240)
  • 收稿日期:2015-03-03 出版日期:2016-04-15 发布日期:2016-04-15
  • 作者简介:韩金宸(1990-),男,硕士研究生,主研方向为移动安全;夏虞斌,讲师、博士后;陈海波、臧斌宇,教授、博士。
  • 基金项目:
    国家自然科学基金资助项目(61303011)。

Secure Mobile Remote Control System Based on TrustZone Technology

HAN Jinchen  1,2,3,XIA Yubin  3,CHEN Haibo  3,ZANG Binyu  3   

  1. (1.School of Software,Fudan University,Shanghai 201210,China;2.Shanghai Key Laboratory of Data Science,Fudan University,Shanghai 200433,China;3.Institute of Parallel and Distributed System,School of Software,Shanghai Jiaotong University,Shanghai 200240,China)
  • Received:2015-03-03 Online:2016-04-15 Published:2016-04-15

摘要: 移动设备的发展使得用户能够手持设备远程连接桌面环境办公,但移动平台的安全隐患给移动远程控制带来巨大的风险。为此,利用ARM处理器的安全扩展TrustZone技术,设计一个具有高安全性的远程控制系统TrustRFB。通过对传输信道加密,并把远程控制客户端隐私相关的逻辑放入TrustZone所提供的安全域内,有效地防止攻击者利用恶意软件、恶意系统甚至恶意远程控制客户端窃取用户的隐私。在Exynos4412开发板上实现TrustRFB的原型,安全测试结果表明,TrustRFB能够抵御Rootkit和软件重打包等多种攻击手段,并且在日常使用场景中网络带宽仅下降1.2%。

关键词: 远程控制, TrustZone技术, 远程帧缓冲协议, 虚拟网络计算, Android系统, ARM架构

Abstract: The development of mobile devices makes users remotely control their desktops with phones or tablets,but vulnerabilities in mobile operating systems put mobile remote control under great security risk.This paper introduces TrustRFB,a secure remote control system leveraging the security extension TrustZone of ARM processor.By encrypting the network connection and putting privilege related part of code into the secure world provided by TrustZone,TrustRFB can effectively prevent attackers from stealing users’ privacy with malware,compromised system or even malicious remote control client.A prototype of TrustRFB is implemented on Exynos4412 development board and the evaluation shows that TrustRFB can defend against many attack methods like Rootkit and repackage attack while introducing a bandwidth dropdown of 1.2% in normal use.

Key words: remote control, TrustZone technology, Remote Frame Buffer(RFB) protocol, virtual network computing, Android system, ARM architecture

中图分类号: