Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust and Trustworthy Computing

Trust 2010: Trust and Trustworthy Computing pp 1–15Cite as

Beyond Kernel-Level Integrity Measurement: Enabling Remote Attestation for the Android Platform

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6101))

Abstract

Increasing adoption of smartphones in recent times has begun to attract more and more malware writers towards these devices. Among the most prominent and widely adopted open source software stacks for smartphones is Android that comes with a strong security infrastructure for mobile devices. However, as with any remote platform, a service provider or device owner needs assurance that the device is in a trustworthy state before releasing sensitive information to it. Trusted Computing provides a mechanism of establishing such an assurance. Through remote attestation, tc allows a service provider or a device owner to determine whether the device is in a trusted state before releasing protected data to or storing private information on the phone. However, existing remote attestation techniques cannot be deployed on Android due to the unique, vm-based architecture of the software stack. In this paper, we present an attestation mechanism tailored specifically for Android that can measure the integrity of a device at two levels of granularity. Our approach allows a challenger to verify the integrity of Android not only at the operating system level but also that of code executing on top of the vm. We present the implementation details of our architecture and show through evaluation that our architecture is feasible both in terms of time complexity and battery consumption.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. PandaLabs: PandaLabs Q1 2008 report (2008), http://pandalabs.pandasecurity.com/blogs/images/PandaLabs/2008/04/01/Quarterly_Report_PandaLabs_Q1_2008.pdf

  2. Gartner Research (2009) Press Release, http://www.gartner.com/it/page.jsp?id=985912

  3. Google: Android Home Page (2009), http://www.android.com .

  4. AdMob Mobile Metrics: Mobile Metrics Report (June 2009), http://metrics.admob.com/2009/07/june-2009-mobile-metrics-report/ .

  5. Pearson, S.: Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall PTR, Upper Saddle River (2002)

    Google Scholar 

  6. TCG: Trusted Computing Group (2010), http://www.trustedcomputinggroup.org/

  7. Zovi, D.A.D.: Advanced Mac OS X Rootkits. In: Black Hat Technical Security Conference USA (2009), https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html

  8. Miller, C., Mulliner, C.: Fuzzing the Phone in your Phone. In: Black Hat Technical Security Conference USA (2009), https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html

  9. Burns, J.: Exploratory Android Surgery. In: Black Hat Technical Security Conference USA (2009), https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html

  10. Evers, J.: Russian Phone Trojan Tries to Ring Up Charges – Zdnet Australia (2006), http://www.zdnet.com.au/news/security/soa/Russian-phone-Trojan-tries-to-ring-up-charges/0,130061744,139240795,00.htm

  11. Google: Android Abstract ClassLoader (2009), http://developer.android.com/reference/java/lang/ClassLoader.html

  12. Mobile Phone Work Group Mobile Trusted Module Overview Document, http://www.trustedcomputinggroup.org/resources/mobile_phone_work_group_mobile_trusted_module_overview_document

  13. Strasser, M., Stamer, H., Molina, J.: Software-based TPM Emulator, http://tpm-emulator.berlios.de/

  14. Ekberg, J., Kylaanpaa, M.: Mobile Trusted Module (MTM)–An Introduction (2007)

    Google Scholar 

  15. Ekberg, J.E., Bugiel, S.: Trust in a Small Package: Minimized MRTM Software Implementation for Mobile Secure Environments. In: STC 2009: Proceedings of the 2009 ACM workshop on Scalable trusted computing, pp. 9–18. ACM, New York (2009)

    Chapter  Google Scholar 

  16. IAIK: About IAIK/OpenTC PrivacyCA (2010), http://trustedjava.sourceforge.net/index.php?item=pca/about .

  17. Google: Android Market (2009), http://www.android.com/market.html .

  18. Schmidt, A., Kuntze, N., Kasper, M.: On the deployment of Mobile Trusted Modules. Arxiv preprint arXiv:0712.2113 (2007)

    Google Scholar 

  19. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: SSYM 2004: Proceedings of the 13th Conference on USENIX Security Symposium (2004)

    Google Scholar 

  20. Oberheide, J.: A Look at a Modern Mobile Security Model: Google’s Android Platform. In: Annual CanSecWest Applied Security Conference (March 2009), http://jon.oberheide.org/research/

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Peshawar, Pakistan

    Mohammad Nauman

  2. School of Electrical Engineering and Computer Science, NUST, Pakistan

    Sohail Khan

  3. Samsung Information Systems America, San José, USA

    Xinwen Zhang

  4. Technische Universität Berlin & Deutsche Telekom Laboratories,  

    Jean-Pierre Seifert

Authors
  1. Mohammad Nauman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sohail Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xinwen Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jean-Pierre Seifert
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Heinz College, Carnegie Mellon University, 5000 Forbes Avenue, HBH 2105C, 15213, Pittsburgh, PA, USA

    Alessandro Acquisti

  2. Department of Computer Science, 6211 Sudikoff Laboratory, Dartmouth College, 03755-3510, Hanover, NH, USA

    Sean W. Smith

  3. System Security Lab, Ruhr University Bochum, Universitätsstr. 150, 44780, Bochum, Germany

    Ahmad-Reza Sadeghi

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nauman, M., Khan, S., Zhang, X., Seifert, JP. (2010). Beyond Kernel-Level Integrity Measurement: Enabling Remote Attestation for the Android Platform . In: Acquisti, A., Smith, S.W., Sadeghi, AR. (eds) Trust and Trustworthy Computing. Trust 2010. Lecture Notes in Computer Science, vol 6101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13869-0_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-13869-0_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-13868-3

  • Online ISBN: 978-3-642-13869-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation