An Effective Authentication for Client Application Using ARM TrustZone

Owing to lack of authentication for client application (CA), traditional protection mechanism based on ARM TrustZone may lead to the sensitive data leakage within trusted execution environment (TEE). Furthermore, session resources will be occupied by malicious CA due to the design drawback for session mechanism between CA and trusted application (TA). Therefore, attackers can initiate a request to read the data stored in secure world or launch DoS attack by forging malicious CA. In order to address the authentication problems, this paper proposes a CA authentication scheme using ARM TrustZone. When CA establishes a session with trusted application, a CA authentication will be executed in TEE to prevent sensitive data from being accessed by malicious. At the same time, TA closes the session and releases occupied resources. The proposed authentication scheme is implemented on simulation platform built by QEMU and OP-TEE. The experimental results show that the proposed scheme can detect the content change of CA, avoid sensitive data leakage and prevent DoS attack.