research article a secure storage system for sensitive...

Research ArticleA Secure Storage System for Sensitive Data Protection Based onMobile Virtualization

Su-Wan Park JaeDeok Lim and Jeong Nyeo Kim

Cyber Security Research Division Electronics and Telecommunications Research Institute Daejeon Republic of Korea

Correspondence should be addressed to Su-Wan Park parksw10etrirekr

Received 12 October 2014 Accepted 4 February 2015

Academic Editor Hwa-Young Jeong

Copyright copy 2015 Su-Wan Park et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

Recently the development of smart phones has been reported the number of security vulnerabilities Although these smart phoneshave a concept of Sandbox for the security sensitive personal information has been still exposed by internal data exchange or rootprivilege acquisition In this paper we propose a system framework for secure storage of sensitive data in smartphoneThe system isdivided into general domain (GD) and secure domain (SD) inmobile device utilizing domain separation technique of virtualizationand SD provides a secure execution environment to protect sensitive data and secure services In addition our system introducesthe secure functions such as authenticationaccess control and encryptionkey management and secures filesystem to be run in SDand addresses a detailed secure filesystem as a key function for secure storage Lastly the experiments are conducted to measurethe performance overhead imposed by security features in SD and by overall system with interdomain communication from GDto SD These experiment results show suitability of our system and suggest applicability of various secure functions which can beapplied in our secure storage system

1 Introduction

Today the mobile phone is the first truly pervasive computerdevice in ubiquitous computing environments It achieved tohelp the fusion of real space and cyber space based on the net-works among existing things in the real world In particularthe popularity of smart handheld devices including smart-phone and tablets is really skyrocketing with advances inhardware and software technologies such as a wide rangeof communication computing and storage capabilities Inaddition wireless technology [1] has been embraced world-wide as it continues to expand in a growing number ofapplications both indoors and outdoors Wireless communi-cations customers continue to demand increased services interms of voice video and data communicationsThese grow-ing demands are driving cellularwireless carriers and serviceproviders to expand their wireless infrastructure to achievehigher data rates and increased capacity to serve the increasedrequirements of a growing customer base

However mobile devices which are important compo-nents in ubiquitous computing environments have beenexposed in security threats such as denial service attack

exploiting low information processing capability of low-powered CPU malicious code attacks exploiting vulnerabili-ties of mobile platforms and application programs and expo-sure of information by unauthorized users Recently incidentcases caused by attack exploiting vulnerabilities of mobiledevices have occurred all over the world It has been expectedthat damage of such attacks is serious as Hacking Group hasdeveloped and announced worm and virus exploiting vul-nerabilities of mobile devices the number of users of mobiledevices and services provided by them has been increased

In addition cloud computing [2 3] is in the spotlight askey IT trend Users access cloud computing using networkedclient devices such as desktop computers laptops tabletsand smartphones Some of these devices such as smartphonesrely on cloud computing for all or a majority of their applica-tions so as to be essentially useless without it Cloud resourcesare usually not only shared bymultiple users but also dynami-cally reallocated per demandThus cloud computing also hasnumerous thread problems since almost every resource forexample disk memory network and so forth is shared Asa result sensitive data of smartphone is easily exposed to ahigher risk by option functions of cloud application such as

Hindawi Publishing CorporationInternational Journal of Distributed Sensor NetworksVolume 2015 Article ID 929380 8 pageshttpdxdoiorg1011552015929380

2 International Journal of Distributed Sensor Networks

automatic updates and users can steal this information fromother users without leaving detectable trails [4]

Furthermore workplace resources are drifting to per-sonal mobile device in order to conduct business recently Toprotect these resources the Bring Your Own Device (BYOD)policy [5] was introduced It allows one physical deviceto be used simultaneously for personal and business needsresulting in a need of rigid separation between these two envi-ronments in order to guarantee user privacy while conform-ing to enterprise policies The solutions presenting separateenvironments to the end-user improve usability of device aswell as access control mechanisms To control and protect thedata and configuration settings for all mobile devices in thenetwork mobile device management (MDM) [6] is intro-duced with BYOD policy MDM aims to optimize the func-tionality and security of a mobile communications networkwhile minimizing cost and downtime

Despite these solutions users of smartphone still facenumerous threats such as sensitive data of user being exposedby unauthorized data access Thus users are requiring moresmart and secure devices which can securely manage sep-arating workplace resource and personal sensitive data inthe device itself In this paper therefore we first discuss theefforts towards solving the above problem in virtualizationThen we propose a secure storage system based on trustedenvironments separated from existing platform of smartelectronic devices and present secure functions to securelymanage sensitive data in trusted environments

The paper is organized as follows Section 2 describesvirtualization In Section 3 we propose system framework forsecure storage based on trusted virtual domain and suggestsecure functions to be operated in trusted virtual domainSection 4 presents the experimental results about the per-formance overhead of secure storage system Lastly wesummarize and conclude in Section 5

2 Related Works

Virtualization [7ndash10] uses a single piece of software whichoperates in kernel mode the hypervisor which is at least twoorders of magnitude smaller than general purpose OSs andless likely to have failures [11] According to [12] there are twomain approaches to implement the virtualization techniqueby using hypervisor either type 1 or type 2 In hypervisor type1 also known as hardware level virtualization the hypervisoritself can be considered as an operating system since it is theonly piece of software that works in kernel mode Its maintask is tomanagemultiple copies of the real hardware just likean OS which manages multitask On the other hand in type2 hypervisors also known as operating system level virtual-ization the hypervisor itself can be compared to another userapplication that simply ldquointerpretsrdquo the guest machine

Recently virtualization is in the spotlight as a possiblesecurity tool in addition to its usefulness for resource sharingBy providing a high degree of isolation between individualenvironments containment of an entire operating systemand all processes beneath it suddenly becomes much morepossible than in a traditional single OS environment [4]

In use of virtualization towards confinement the Terravirtual machine platform [13] and QubesOS [14] were intro-duced Terra is a virtual machine monitor (VMM) that issoftware that manages multiple virtual machines in orderto provide isolation and privacy between them What dis-tinguishes Terra from normal VMMs is that there are twodefined types of virtualmachines that can run onTerra ldquoopenboxesrdquo which have no real distinction with traditional VMsand ldquoclosed boxesrdquo that are highly isolated to ensure privacyand integrity of their contents QubesOS serves as a hybridVMM and operating systemmanaging processes and provid-ing each one with its own virtualized view of the underlyingoperating system The main difference with Terra is thatprocesses from different VMs can be viewed on a singlescreen as if they were operating in the same environmentQubesOS does however provide a mechanism for transfer-ring files between security domains on the machine partiallyimproving the usability drawbacks of such strong isolationThese two mechanisms use Trusted PlatformModule [15ndash17]hardware to ensure isolation of the closed VMs from all otherVMs Although the startup process is verified via the TrustedPlatform Module it still has the vulnerability to malicioussoftware since software subsequently runs on the guest isnot Storage Capsules [18] aim to adapt virtualization-basedsolutions like Terra to a more convenient interface for usersNamely a VMMmanages a single untrusted guest operatingsystem which can switch between secure and insecuremodesin order to gain and lose access to sensitive data which isstored in a secure VM with a communication channel to theguest VM One important point worth noting is that even inthe event of a compromise of the operating system capsulesare designed to still prevent the leak of data Capsules [19] alsosimplify usability while maintaining strong isolation whereusers can still access the files available to them in insecuremode and are only unable to access the secure data outside ofsecure mode

Virtualization solutions have been around for years in thePClaptop and server markets Recent technology advance-ments have permitted the use of virtualization in mobiledevices As this technology gains acceptance over the next fewyears enterprises will have yet another workspace manage-ment tool available to them for managing devices in a BYODworld Mobile virtualization also uses a type-1 or type-2hypervisor to create virtual work and personal profiles onan employeersquos mobile device which provide greater controland security for the enterprise workspace while the personalarea is kept private Despite obvious similarities betweenenterprisedesktop virtualization and its mobile counterpartmobile phone use cases present key differences smallermemory capacities demand slimmer embedded hypervisorfootprints current mobile processors lack virtualization sup-port in hardware requiring paravirtualization and hostedguest software span the gamut from enterprise OSes toembedded RTOSes to stand-alone device drivers Adding tothat the small form factor and limited battery life impose newusability restrictionsThis has motivated research into lighterweight virtualization systems [20ndash26]

MOSES system [25] presents a policy-based frameworkfor Android that enables the separation and isolation of

International Journal of Distributed Sensor Networks 3

Secure service API

CPU memory disk and NIC

Secure filesystem

Interdomain communication

Secure service abstraction

Authenticationaccess control

Key management

encryption

Virtualization (hypervisor)

Hardware

Application

Secure platformAndroid platform

Android OS techniques based on

virtualization

General domain Secure domain

Secure services(app)

Figure 1 The system framework for secure storage based on domain separation

applications and data A crucial one in MOSES is the notionof security profiles Each security profile represents a unit ofisolation enforcing that applications can only access data ofthe same security profile MOSES uses a combination of taintpropagation reference monitors and filesystem namespacesto achieve strong information isolation in a lightweight man-ner The policies control the behavior of the reference moni-tors and taint trackers Furthermore the policies can be con-figured to switch automatically based on the physical contextof the device Cells [26] proposes a lightweight virtual smart-phone architecture for Android Cells introduces a usagemodel of having one foreground virtual phone and multipleback-ground virtual phones This model enables a newdevice namespace mechanism and novel device proxies thatintegrate with lightweight operating system virtualization tomultiplex phone hardware across multiple virtual phoneswhile providing native hardware device performance HenceCells provides the same illusion as traditional desktop virtual-ization and has similar information confinement guaranteesInformation from one virtual phone cannot leak to anotherHowever any vulnerability in a program that needs real supe-ruser privileges running in a virtual phone will compromisethe base kernel This is a fundamental difference betweenCells and traditional virtualization mechanisms that containseparate kernels

To conclude virtualization technologies have beenmainly provided in network-based high performance envi-ronment like cloud computing or server system Mobilevirtualization techniques have focused on limited range suchas policy-based framework running on an identical OS andswitching secure and insecuremodesThis still leavesmuch tobe desired Therefore it is time for the development of novelmobile security system based on virtualization providingusability to user and lightweight secure schemes optimized bydevice characteristics are required desperately

3 The Proposed Scheme

Providing isolation of data and execution through virtualiza-tion is a very effective security technique In this chapter thuswe describe a system framework for secure storage which is away to protect sensitive data of smartphone based on domainseparation on virtualization and present secure functions tobe operated on virtual secure domain

31 System Framework for Secure Storage The proposed sys-tem makes virtual secure domain (SD) separated from gen-eral domain (GD) using hypervisor of paravirtualization SDmeans a virtual machine created by the virtualization mech-anism and is strictly prohibited to make a direct call withGDThismeans that secure functions in SD are performed ona distinct and standalone execution environment separatedfrom existing mobile platform

Figure 1 shows the system framework for secure storageof smartphone It greatly consists of four layers applicationplatform virtualization and hardware and application layerand platform layer are separated into android part of GDand secure part of SD In platform layer including OSs andmiddleware secure platform is run by120583COS [27]which is anembedded and real-time operating system and is composedof secure functions while android platform is run by theexisting android OS and functions Also all user apps can bedownloaded in GD and secure service (SS) apps distin-guished from personal android apps can be managed by con-tainer SS apps call SS APIs to manage the data of app in SDand only these requests by SS APIs can attempt interdomaincommunication (IDC) to transmit the data to SD

IDC is permitted through two authentication steps Oneis user authentication using user PIN which is registered byuser at the early stage of app use and is stored after encryptingin SDThe other one is app authentication utilizing AppID AuniqueAppID assigned to each appmakes it possible to block


the access or use of data generated by app A from app B Sincethe data sharing between apps may be required to provideflexibility of data access we solve this problem through policysetting prescribed for access control in SD

If these authentications are successful IDC opens upchannel and session between domains to message commu-nication The app requests to reach in SD through IDC aremapped to security functions by SS abstraction Namely SSabstraction represents secure APIs in SD to call secure func-tions As the secure functions mean the detailed secure fea-tures to help data protection in addition they include accesscontrol secure filesystem (SFS) encryption and key genera-tion

As a result security functions in SD can be accessedby only authorized SS APIs accessed through IDC This isbecause our system does not permit user applications todirectly access SS abstraction or security functions in SDsince user applications are not allowed in SD In additionsecurity functions in SDhavemutual relationwith each otherSFS calls encryption function to encrypt the file data receivedfromGD and encryption function calls the key managementfunction to generate the file encryption key Besides theaccess control and authentication are applied in combinationwith these functions on platform of SD

In paper [28] authors classify goals of the attacker con-tainer compromise denial of service and privilege escalationThen they mentioned that these attack groups can be furtherarranged into two classes based on the type of underlyingmechanism attacks via communication mechanisms andattacks via storage mechanisms From this classification theyderived a set of security requirements Thus we analyze oursystem through these security requirements Here we denoteexisting android apps by 119863

119894(119894 = 1 2 119873) and SS apps by

119878119895(119895 = 1 2 119872) 119873 and119872 mean the maximum number

of apps and119863119894and 119878119895do not permit overlapping

(i) Separation of processes aims to isolate processes run-ning in distinct containers 119878

119895of the proposed system

are separated from119863119894through container and it allows

only 119878119895in secure container to call the SSAPIThe con-

tainer is managed by special user PIN and use of PINand AppID prevents the illegitimate access throughIDC fromGD to SD even if119863

119894are possible to directly

access SS APIs of 119878119895 And most importantly SD is

operated by distinct embedded OS and it means thatprocesses in SD are completely separated from thoseof GD

(ii) IDC isolation is needed to prevent 119863119894from accessing

or modifying data of 119878119895being transmitted over IDC

channels To prevent illegal access of data in IDC IDCcan perform encrypted communication and messagequeue for IDC can keep the encrypted messagesBesides IDC does not allow channel open if userand App authentication fail in modifying message forcommination between domains

(iii) Filesystem isolation is required to prevent illegitimateaccess to filesystem objects SFS of our system is

located in SD and it can be only accessed by 119878119895hav-

ing legitimate user authority and app authenticationinformation

(iv) Device isolation should protect device drivers sharedbetween different containers or domains Our systemis based on the paravirtualization on which hyper-visor resides on top of the hardware and operatesthrough a set of low-level routines with the hardwarecalled hypervisor calls We maintain independenceand safety of device drivers in SD on the assumptionthat the embedded OS of SD can interface with thehypervisor through these hypervisor calls

(v) Network isolation aims to prevent attacks by 119878119895via

available network interfaces Since SD does not per-mit any direct network communication such as appdownload system and security policy our systemis guaranteed safety from attacks through networkInstead settings for secure platform can be securelysupplied from GD

(vi) Resource management is needed to limit the amountof resources available to each domain depending onthe system load The resources for SD in our systemare allocated appropriately considering embeddedOSthrough hypervisor The closed SD can protect thephysical resources available from exhaustingworks byintentional attacks

32 Secure Functions in Secure Platform In this subsectionwe introduce secure functions run on the secure platformin SD and mention concretely the SFS closely associatedwith secure storage of data [29 30] Secure functions of theproposed system can be classified into threemodules authen-ticationaccess control [31 32] encryptionkey managementand SFS The role and method of functions are as follows

(i) Authentication and Access Control Module The proposedsystem performs access control function by requiring userand app authentications for communication channel open inIDC First the unique AppID given to each SS app is utilizedto verify whether app has the legal authority to access andto use other secure functions in SD If AppID is successfullyverified our system identifies user PIN to check whether SSapp is being used by legitimate user This module is linkedwith SFS module for managing AppID and PIN informa-tion In addition new secure policies can be set in SD toprovide the strict access control between domains apps andfunctions and policy data should be also managed throughSFS

(ii) Encryption and Key Management Module All data trans-mitted from GD is encrypted before storage through SFSAlso the encrypted data is decrypted when it is called foruse for other secure functions The encryption module canprovide various algorithms and operation modes dependingon symmetric or asymmetric key We assume that keys forencryptiondecryption are provided on root of trust which


Volume info Bitmap Objects (inodes) Files

White magic number Max number of objects System block size Number of blocks

Volume name ReservedFS auth

Byte 1 Byte 2 Byte 3

1 1 1 1 0 0 1 1 1 0 0 1 0 1 1 0 0 1 1 1 0 1 0 1 1 0 0 1 1 1 0 0

Data type Block address File size Crypto flag Reserved File name

Encryption file seed

32 bytes

App info

File 1 File 2 File 3

File auth Reserved

(1) Volume info

4bytes 4bytes 4bytes 4bytes

4bytes 4bytes

1byte

16bytes 1bytes 1bytes

4bytes4bytes4bytes

20bytes 34bytes

(2) Bitmap

(3) Objects (inodes)

20bytes20bytes

128 bytesa file(Number of blocks8) bytes

24bytes 16bytes

96bytes

(4) Files

PIN flagSystemIDUsed blocks FS save

(HMAC output = 160bits)

flagtime

ldquo0rdquo shows usable blocksldquo1rdquo shows used blocks

3bytes

Figure 2 The structure of secure filesystem

are inherently trusted using hardwaresoftware componentsand they are generated and managed only in SD

(iii) Secure Filesystem (SFS) Module Sensitive data trans-mitted from GD is managed by SFS This module is con-nected with encryption module to request data encryp-tiondecryption and is linked with authentication and accesscontrol module to provide information related to authentica-tion or secure policy

Here we describe SFS in detail As shown in Figure 2 SFSconsists of four parts divided into volume bitmap objectsand files Volume supports the system information like bootrecord and bitmap is used to manage total blocks composedby filesystem Here the used block is expressed as ldquo1rdquo in a bitObjects which are called inodes in general filesystem includeinformation to find and access the file Lastly files mean thereal file data to be stored in the storage For simplicity ofexpression in this paper the scope of volume bitmap andobjects is referred to as a filesystemmetadata and each objectis called a filersquos metadata

The secure features for SFS have two aspects as follows(i) First is file data protection

(a) Each file is encrypted by various algorithms andoperation modes The encryption key can begenerated by root key of hardware chip and theseed value for generating the encryption keyis stored in the corresponding file metadataWhether the file encryption is applied or not itis marked to ldquoCrypto flagrdquo field in file metadata

(b) When a file is recorded a hash value of eachfile is generated by hash functions like MAC(Message Authentication Code) or MD5 and itis stored in the corresponding filemetadata withlength 20 bytes Also file integrity is verifiedwhenever the file is read

(ii) Second is filesystem information protection

(a) Exposure of filesystem metadata can stillthreaten the stored file data in attack Thusbitmap and objects in filesystem metadata areencrypted to securely protect data in hardwareAt this time volume is excluded for encryptionsince its values should be used to mount SFS tomemory If the filesystemmetadata size imposesloads nevertheless some parts of objects can beselectively used for filesystemmetadata encryp-tion

(b) Integrity of SFS is also checked when mountingor remounting Verification value is generatedusing bitmap and objects by the hash functionat the unmounting point and it is restored involume

4 Experiment Results

We implement the secure storage system for sensitive data ofsmartphone andmeasure the performance overhead imposed


Table 1 The performance of SFS in SD

Operations UnitData size

256 bytes 1 KB 2KB 4KBWrite Read Write Read Write Read Write Read

None120583sec 3031 71 3098 117 3242 184 3407 325MBs 008 360 033 879 063 1116 120 1259 100 100 100 100 100 100 100 100

Encryption MBs 008 120 027 143 047 155 072 155 105 300 121 613 135 722 168 813

Integrity MBs 006 055 026 103 043 118 057 118 133 649 128 855 147 944 212 1067

Enc + Integrity MBs 006 042 021 061 035 072 043 072 138 865 159 1441 182 1548 277 1748

by secure features of secure storage system [33] Our experi-ment is performed in two sides One is tomeasure the perfor-mance of SFS in SD the other is to measure the performanceof SFS through overall system based on IDC Namely thefirst way means the overhead caused only by secure featuressuch as encryptiondecryption and integrity verification asthe yellow arrows shown in Figure 1 The second way meansthe overhead imposed by IDC and secure functions whiledata of SS apps in GD are transmitted to SD and stored by SFSas the black arrows shown in Figure 1

All experiments are performed on Odroid-Q2 which isan open development platform based on Exynos4412 PrimeARM Cortex-A9 Quad Core 16GHz with 2GB memoryIn addition we used AES algorithm and counter mode forencryption and usedHMAC function for integrity validationThe write read and delete operations of SFS are performediteratively between 100 and 10000 times and the performancetimes are measured in microsecond (120583sec)

We first evaluated the performance of SFS with 256 B1 KB 2 KB and 4KB data in SD as yellow dotted box shown inFigure 1 In Table 1 ldquononerdquo row shows write and read resultsof SFS conducted without secure features the following rowsshow the results performed only file encryption only fileintegrity and the combination of encryption and integrityrespectively Basically write operation takes some time as ourwrite operation includes sequential search for checking theexistence of the identical file name Thus the performancetime of write operation has a low increasing rate in additionalapplication of secure features while read operation growssteeply The delete operation with 2KB data has average273120583sec (749MBs) and it is maintained at similar valuesbecause it is not affected by secure features As the amountof data increases it improves the efficiency of data processingwhile it spends more processing time

Figure 3 also shows the performance comparison resultsof write read and delete operations of SFS applied orunapplied secure features through data throughput (MBsec)Write operation has slight difference under 1MBsec betweennone and secure featuresMoreover delete operation has pro-portional increasing rates in none and secure features since itis not affected by secure features However the performanceof read operation is significantly degraded by adding securefeatures Therefore it means that read operation is affected

0

2

4

6

8

10

12

14

Dat

a thr

ough

put (

MB

s)

1 2 4

Write (none)Read (none)Delete (none)

Write (enc + inteinte

)

Read (enc + )

Delete (enc + inte)

0256

(kB)

Figure 3The performance comparison ofmeasured withNone andEncryption + Integrity

greatly on performance by secure features in comparisonwithwrite and delete operations

Next we tested the performance time of SFS by overallsystem based on IDC as blue dotted box shown in Figure 1Here we only use 2KB data As shown in ldquononerdquo row ofTable 2 the performance time for IDC itself takes a long timefundamentally in these experiments Thus the time increas-ing rate by secure features in the performance based on IDCis relatively low

Finally we summarize briefly Tables 1 and 2 mentionedearlier The values in italic font of Table 3 become referencevalue for write and read respectively The values of MBsmean the data throughput and values of ratio show theincreasing rates according to the reference value And to con-clude the performance overhead by secure features has littleeffect on our system by IDC while the performance increas-ing rate by secure features is relatively high

5 Conclusion

Since sensitive information stored in an insecure manner isvulnerable to theft the ways to safely store and manage data


Table 2 The performance of SFS by overall system based on IDC

Operations Unit Write Read Delete

None msec 1204 815 635MBs 017 025 0323

Encryption MBs 017 024 032 102 104 100

Integrity MBs 015 025 033 116 100 97

Enc + Integrity MBs 013 022 032 127 113 101

Table 3 The increase rate of performance by SFS in TVD and SFSby overall system based on IDC

2048 bytes Unit SFS in TVDSFS by overall

system based onIDC

Operation Write Read Write Read

None MBs 063 1116997904rArr

017 025Ratio 1 1 371 4442

Enc + Integrity MBs 035 072 013 022Ratio 182 1548 473 5024

have been the focus Thus we proposed a system frameworkto protect sensitive data of smartphone It provides generaldomain (GD) and secure domain (SD) in mobile device uti-lizing domain separation technique of virtualization NamelyGD means general android execution area and SD can pro-vide a secure execution environment that runs secure func-tions to securely manage all data input by secure service appsin GD These sensitive data by secure service apps can becalled through only secure service API and can be trans-mitted through interdomain communication (IDC) As IDCrequires user and app authentications the secure commu-nication between domains satisfies isolation of filesystemnetwork and IDC

In addition we suggested the secure functions such asauthenticationaccess control encryptionkey managementand secure filesystem and especially secure filesystem is dis-cussed as a key function for secure storageThuswe evaluatedthe performance of secure filesystem imposed by securityfeatures in SD and by overall system based on IDCWhile theSFS imposed a lot of time overhead in SD the performancebased on IDC is almost not affected since IDC consumes apretty long time for basic communication It will providemany possibilities about security functions based on virtu-alization domain

The target data of our system were small size data set assensitive private information As amounts ofmemory of latestsmartphone are occupied by pictures or videos processingmethods for big size data should be considered together inour system Therefore we first will enhance scalability andefficiency of our system and then we will suggest varioussecure functions which can be combinedwith our system anddescribe each security function in detail

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

Acknowledgment

This work was supported by the ICT RampD program ofMSIPIITP (2014(10043959) development of EAL 4 levelmil-itary fusion security solution for protecting against unautho-rized accesses and ensuring a trusted execution environmentin mobile devices)

References

[1] R Singh P Singh andM Duhan ldquoAn effective implementationof security based algorithmic approach in mobile adhoc net-worksrdquo Human-Centric Computing and Information Sciencesvol 4 article 7 4 pages 2014

[2] J Kim H Jeong I Cho S M Kang and J H Park ldquoAsecure smart-work service model based OpenStack for Cloudcomputingrdquo Journal of Cluster Computing vol 17 no 3 pp 691ndash702 2014

[3] Y Song and Y Pang ldquoHow to manage cloud risks based on theBMIS modelrdquo Journal of Information Processing Systems vol 10no 1 pp 132ndash144 2014

[4] A Crowell B H Ng E Fernandes and A Prakash ldquoTheconfinement problem 40 years laterrdquo Journal of InformationProcessing Systems vol 9 no 2 pp 189ndash204 2013

[5] J P Shim D Mittleman R Welke A M French and J CGuo Bring Your Own Device (BYOD) Current Status Issuesand Future Directions AIS Electronic Library 2013

[6] K Rhee W Jeon and D Won ldquoSecurity requirements of amobile device management systemrdquo International Journal ofSecurity and its Applications vol 6 no 2 pp 353ndash358 2012

[7] T Garfinkel and A Warfield ldquoWhat virtualization can do forsecurityrdquoThe USENIX Magazine pp 28ndash34 2007

[8] G Heiser ldquoThe role of virtualization in embedded systemsrdquo inProceedings of the 1st Workshop on Isolation and Integration inEmbedded Systems (IIES rsquo08) pp 11ndash16 April 2008

[9] A Aguiar and F Hessel ldquoEmbedded systemsrsquo virtualization thenext challengerdquo in Proceedings of the 21st IEEE InternationalSymposium onRapid SystemPrototyping (RSP rsquo10) pp 1ndash7 IEEEFairfax Va USA June 2010

[10] K Mahajan A Makroo and D Dahiya ldquoRound robin withserver affinity a VM load balancing algorithm for cloud basedinfrastructurerdquo Journal of Information Processing Systems vol 9no 3 pp 379ndash394 2013

[11] A S Tanenbaum Modern Operating Systems Prentice HallUpper Saddle River NJ USA 2007

[12] M Rosenblum ldquoThe Reincarnation of Virtual MachinesrdquoACMQueue vol 2 no 5 pp 34ndash40 2004

[13] T Garfinkel B Pfaff J Chow M Rosenblum and D BonehldquoTerra a virtual machine-based platform for trusted comput-ingrdquo in Proceedings of the 19th ACM Symposium on OperatingSystems Principles (SOSP rsquo03) vol 37 pp 193ndash206 ACMOctober 2003

[14] J Rutkowska and R Wojtczuk ldquoQubes OS architecturerdquo TechRep Invisible Things Lab 2010


[15] S Berger R Caceres K A Goldman R Perez R Sailer andL Doorn ldquovTPM virtualizing the trusted platformmodulerdquo inProceedings of the 15th Conference on USENIX Security Sympo-sium vol 15 article 21 July 2006

[16] S Moein F Gebali and I Traore ldquoAnalysis of covert hardwareattacksrdquo Journal of Convergence vol 5 no 3 pp 26ndash30 2014

[17] K Hwang and S Nam ldquoNear real-time M2M communicationfor bidirectional AMR systemsrdquo Journal of Convergence vol 5no 2 pp 1ndash7 2014

[18] K Borders E V Weele B Lau and A Prakash ldquoProtectingconfidential data on personal computers with storage capsulesrdquoin Proceedings of the USENIX Security Symposium pp 367ndash3822009

[19] P Maniatis D Akhawe K Fall E Shi S McCamant and DSong ldquoDo you know where your data are secure data capsulesfor deployable data protectionrdquo in Proceedings of the 13thUSENIX Conference on Hot Topics in Operating Systems p 22Berkeley Calif USA 2011

[20] H Tuch C Laplace K C Barr and B Wu ldquoBlock storagevirtualization with commodity secure digital cardsrdquo ACMSIGPLAN Notices vol 47 no 7 pp 191ndash202 2012

[21] L CatuognoH LohrMManulis A Sadeghi andMWinandyldquoTransparent mobile storage protection in trusted virtualdomainsrdquo in Proceedings of the 23rd Conference on Large Instal-lation System Administration pp 1ndash14 November 2009

[22] L Catuogno H Lohr M Winandy and A-R SadeghildquoA trusted versioning file system for passive mobile storagedevicesrdquo Journal of Network and Computer Applications vol 38no 1 pp 65ndash75 2014

[23] J Shu Z Shen and W Xue ldquoShield a stackable secure storagesystem for file sharing in public storagerdquo Journal of Parallel andDistributed Computing vol 74 no 9 pp 2872ndash2883 2014

[24] L Catuogno A Dmitrienko K Eriksson et al ldquoTrusted virtualdomainsmdashdesign implementation and lessons learnedrdquo in Pro-ceedings of the 1st International Conference on Trusted Systemspp 1ndash24 December 2009

[25] G Russello M Conti B Crispo and E Fernandes ldquoMOSESsupporting operation modes on smartphonesrdquo in Proceedingsof the 17th ACM Symposium on Access Control Models andTechnologies (SACMAT rsquo12) pp 3ndash12 June 2012

[26] J Andrus C Dall A V Hof O Laadan and J Nieh ldquoCells avirtual mobile smartphone architecturerdquo in Proceedings of the23rd ACM Symposium on Operating Systems Principles (SOSPrsquo11) pp 173ndash187 October 2011

[27] J Labrosse 120583COS the Real-Time Kernel RampD PublicationsLawrence Kan USA 1992

[28] E Reshetova J Karhunen T Nyman and N Asokan ldquoSecurityof OS-level virtualization technologiesrdquo in Secure IT SystemsLecture Notes in Computer Science pp 77ndash93 Springer BerlinGermany 2014

[29] SMDiesburg andA-I AWang ldquoA survey of confidential datastorage and deletion methodsrdquo ACM Computing Surveys vol43 no 1 article no 2 2010

[30] Y Qin W Tong J Liu and Z Zhu ldquoSmSDA smart securedeletion scheme for SSDsrdquo Journal of Convergence vol 4 no 4pp 30ndash35 2013

[31] T Truong M Tran and A Duong ldquoImprovement of the moreefficient and secure ID-based remote mutual authenticationwith key agreement scheme formobile devices on ECCrdquo Journalof Convergence vol 3 no 2 pp 1ndash10 2012

[32] J W Gnanaraj K Ezra and E Rajsingh ldquoSmart card basedtime efficient authentication scheme for global grid computingrdquoHuman-Centric Computing and Information Sciences vol 3article 16 2013

[33] M I Malkawi ldquoThe art of software systems developmentreliability availability maintainability performance (RAMP)rdquoHuman-Centric Computing and Information Sciences vol 3 no1 article 22 2013

International Journal of

AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

RoboticsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Active and Passive Electronic Components

Control Scienceand Engineering

Journal of



RotatingMachinery


Hindawi Publishing Corporation httpwwwhindawicom

Journal ofEngineeringVolume 2014

Submit your manuscripts athttpwwwhindawicom

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics


Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

SensorsJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation



DistributedSensor Networks



automatic updates and users can steal this information fromother users without leaving detectable trails [4]

Furthermore workplace resources are drifting to per-sonal mobile device in order to conduct business recently Toprotect these resources the Bring Your Own Device (BYOD)policy [5] was introduced It allows one physical deviceto be used simultaneously for personal and business needsresulting in a need of rigid separation between these two envi-ronments in order to guarantee user privacy while conform-ing to enterprise policies The solutions presenting separateenvironments to the end-user improve usability of device aswell as access control mechanisms To control and protect thedata and configuration settings for all mobile devices in thenetwork mobile device management (MDM) [6] is intro-duced with BYOD policy MDM aims to optimize the func-tionality and security of a mobile communications networkwhile minimizing cost and downtime

Despite these solutions users of smartphone still facenumerous threats such as sensitive data of user being exposedby unauthorized data access Thus users are requiring moresmart and secure devices which can securely manage sep-arating workplace resource and personal sensitive data inthe device itself In this paper therefore we first discuss theefforts towards solving the above problem in virtualizationThen we propose a secure storage system based on trustedenvironments separated from existing platform of smartelectronic devices and present secure functions to securelymanage sensitive data in trusted environments

The paper is organized as follows Section 2 describesvirtualization In Section 3 we propose system framework forsecure storage based on trusted virtual domain and suggestsecure functions to be operated in trusted virtual domainSection 4 presents the experimental results about the per-formance overhead of secure storage system Lastly wesummarize and conclude in Section 5

2 Related Works

Virtualization [7ndash10] uses a single piece of software whichoperates in kernel mode the hypervisor which is at least twoorders of magnitude smaller than general purpose OSs andless likely to have failures [11] According to [12] there are twomain approaches to implement the virtualization techniqueby using hypervisor either type 1 or type 2 In hypervisor type1 also known as hardware level virtualization the hypervisoritself can be considered as an operating system since it is theonly piece of software that works in kernel mode Its maintask is tomanagemultiple copies of the real hardware just likean OS which manages multitask On the other hand in type2 hypervisors also known as operating system level virtual-ization the hypervisor itself can be compared to another userapplication that simply ldquointerpretsrdquo the guest machine

Recently virtualization is in the spotlight as a possiblesecurity tool in addition to its usefulness for resource sharingBy providing a high degree of isolation between individualenvironments containment of an entire operating systemand all processes beneath it suddenly becomes much morepossible than in a traditional single OS environment [4]

In use of virtualization towards confinement the Terravirtual machine platform [13] and QubesOS [14] were intro-duced Terra is a virtual machine monitor (VMM) that issoftware that manages multiple virtual machines in orderto provide isolation and privacy between them What dis-tinguishes Terra from normal VMMs is that there are twodefined types of virtualmachines that can run onTerra ldquoopenboxesrdquo which have no real distinction with traditional VMsand ldquoclosed boxesrdquo that are highly isolated to ensure privacyand integrity of their contents QubesOS serves as a hybridVMM and operating systemmanaging processes and provid-ing each one with its own virtualized view of the underlyingoperating system The main difference with Terra is thatprocesses from different VMs can be viewed on a singlescreen as if they were operating in the same environmentQubesOS does however provide a mechanism for transfer-ring files between security domains on the machine partiallyimproving the usability drawbacks of such strong isolationThese two mechanisms use Trusted PlatformModule [15ndash17]hardware to ensure isolation of the closed VMs from all otherVMs Although the startup process is verified via the TrustedPlatform Module it still has the vulnerability to malicioussoftware since software subsequently runs on the guest isnot Storage Capsules [18] aim to adapt virtualization-basedsolutions like Terra to a more convenient interface for usersNamely a VMMmanages a single untrusted guest operatingsystem which can switch between secure and insecuremodesin order to gain and lose access to sensitive data which isstored in a secure VM with a communication channel to theguest VM One important point worth noting is that even inthe event of a compromise of the operating system capsulesare designed to still prevent the leak of data Capsules [19] alsosimplify usability while maintaining strong isolation whereusers can still access the files available to them in insecuremode and are only unable to access the secure data outside ofsecure mode

Virtualization solutions have been around for years in thePClaptop and server markets Recent technology advance-ments have permitted the use of virtualization in mobiledevices As this technology gains acceptance over the next fewyears enterprises will have yet another workspace manage-ment tool available to them for managing devices in a BYODworld Mobile virtualization also uses a type-1 or type-2hypervisor to create virtual work and personal profiles onan employeersquos mobile device which provide greater controland security for the enterprise workspace while the personalarea is kept private Despite obvious similarities betweenenterprisedesktop virtualization and its mobile counterpartmobile phone use cases present key differences smallermemory capacities demand slimmer embedded hypervisorfootprints current mobile processors lack virtualization sup-port in hardware requiring paravirtualization and hostedguest software span the gamut from enterprise OSes toembedded RTOSes to stand-alone device drivers Adding tothat the small form factor and limited battery life impose newusability restrictionsThis has motivated research into lighterweight virtualization systems [20ndash26]

MOSES system [25] presents a policy-based frameworkfor Android that enables the separation and isolation of


Secure service API


Secure filesystem




Key management

encryption


Hardware

Application



virtualization
















119894(119894 = 1 2 119873) and SS apps by





























1 1 1 1 0 0 1 1 1 0 0 1 0 1 1 0 0 1 1 1 0 1 0 1 1 0 0 1 1 1 0 0



32 bytes

App info


File auth Reserved

(1) Volume info


4bytes 4bytes

1byte


4bytes4bytes4bytes

20bytes 34bytes

(2) Bitmap


20bytes20bytes


24bytes 16bytes

96bytes

(4) Files



flagtime


3bytes

















None120583sec 3031 71 3098 117 3242 184 3407 325MBs 008 360 033 879 063 1116 120 1259 100 100 100 100 100 100 100 100

Encryption MBs 008 120 027 143 047 155 072 155 105 300 121 613 135 722 168 813

Integrity MBs 006 055 026 103 043 118 057 118 133 649 128 855 147 944 212 1067






0

2

4

6

8

10

12

14

Dat

a thr

ough

put (

MB

s)

1 2 4



)

Read (enc + )

Delete (enc + inte)

0256

(kB)





5 Conclusion





None msec 1204 815 635MBs 017 025 0323

Encryption MBs 017 024 032 102 104 100

Integrity MBs 015 025 033 116 100 97




system based onIDC



017 025Ratio 1 1 371 4442







Acknowledgment


References





































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










Secure service API


Secure filesystem




Key management

encryption


Hardware

Application



virtualization
















119894(119894 = 1 2 119873) and SS apps by





























1 1 1 1 0 0 1 1 1 0 0 1 0 1 1 0 0 1 1 1 0 1 0 1 1 0 0 1 1 1 0 0



32 bytes

App info


File auth Reserved

(1) Volume info


4bytes 4bytes

1byte


4bytes4bytes4bytes

20bytes 34bytes

(2) Bitmap


20bytes20bytes


24bytes 16bytes

96bytes

(4) Files



flagtime


3bytes

















None120583sec 3031 71 3098 117 3242 184 3407 325MBs 008 360 033 879 063 1116 120 1259 100 100 100 100 100 100 100 100

Encryption MBs 008 120 027 143 047 155 072 155 105 300 121 613 135 722 168 813

Integrity MBs 006 055 026 103 043 118 057 118 133 649 128 855 147 944 212 1067






0

2

4

6

8

10

12

14

Dat

a thr

ough

put (

MB

s)

1 2 4



)

Read (enc + )

Delete (enc + inte)

0256

(kB)





5 Conclusion





None msec 1204 815 635MBs 017 025 0323

Encryption MBs 017 024 032 102 104 100

Integrity MBs 015 025 033 116 100 97




system based onIDC



017 025Ratio 1 1 371 4442







Acknowledgment


References





































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation














119894(119894 = 1 2 119873) and SS apps by





























1 1 1 1 0 0 1 1 1 0 0 1 0 1 1 0 0 1 1 1 0 1 0 1 1 0 0 1 1 1 0 0



32 bytes

App info


File auth Reserved

(1) Volume info


4bytes 4bytes

1byte


4bytes4bytes4bytes

20bytes 34bytes

(2) Bitmap


20bytes20bytes


24bytes 16bytes

96bytes

(4) Files



flagtime


3bytes

















None120583sec 3031 71 3098 117 3242 184 3407 325MBs 008 360 033 879 063 1116 120 1259 100 100 100 100 100 100 100 100

Encryption MBs 008 120 027 143 047 155 072 155 105 300 121 613 135 722 168 813

Integrity MBs 006 055 026 103 043 118 057 118 133 649 128 855 147 944 212 1067






0

2

4

6

8

10

12

14

Dat

a thr

ough

put (

MB

s)

1 2 4



)

Read (enc + )

Delete (enc + inte)

0256

(kB)





5 Conclusion





None msec 1204 815 635MBs 017 025 0323

Encryption MBs 017 024 032 102 104 100

Integrity MBs 015 025 033 116 100 97




system based onIDC



017 025Ratio 1 1 371 4442







Acknowledgment


References





































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation














1 1 1 1 0 0 1 1 1 0 0 1 0 1 1 0 0 1 1 1 0 1 0 1 1 0 0 1 1 1 0 0



32 bytes

App info


File auth Reserved

(1) Volume info


4bytes 4bytes

1byte


4bytes4bytes4bytes

20bytes 34bytes

(2) Bitmap


20bytes20bytes


24bytes 16bytes

96bytes

(4) Files



flagtime


3bytes

















None120583sec 3031 71 3098 117 3242 184 3407 325MBs 008 360 033 879 063 1116 120 1259 100 100 100 100 100 100 100 100

Encryption MBs 008 120 027 143 047 155 072 155 105 300 121 613 135 722 168 813

Integrity MBs 006 055 026 103 043 118 057 118 133 649 128 855 147 944 212 1067






0

2

4

6

8

10

12

14

Dat

a thr

ough

put (

MB

s)

1 2 4



)

Read (enc + )

Delete (enc + inte)

0256

(kB)





5 Conclusion





None msec 1204 815 635MBs 017 025 0323

Encryption MBs 017 024 032 102 104 100

Integrity MBs 015 025 033 116 100 97




system based onIDC



017 025Ratio 1 1 371 4442







Acknowledgment


References





































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation













None120583sec 3031 71 3098 117 3242 184 3407 325MBs 008 360 033 879 063 1116 120 1259 100 100 100 100 100 100 100 100

Encryption MBs 008 120 027 143 047 155 072 155 105 300 121 613 135 722 168 813

Integrity MBs 006 055 026 103 043 118 057 118 133 649 128 855 147 944 212 1067






0

2

4

6

8

10

12

14

Dat

a thr

ough

put (

MB

s)

1 2 4



)

Read (enc + )

Delete (enc + inte)

0256

(kB)





5 Conclusion





None msec 1204 815 635MBs 017 025 0323

Encryption MBs 017 024 032 102 104 100

Integrity MBs 015 025 033 116 100 97




system based onIDC



017 025Ratio 1 1 371 4442







Acknowledgment


References





































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation












None msec 1204 815 635MBs 017 025 0323

Encryption MBs 017 024 032 102 104 100

Integrity MBs 015 025 033 116 100 97




system based onIDC



017 025Ratio 1 1 371 4442







Acknowledgment


References





































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation









research article a secure storage system for sensitive...

Documents