Mobile phone TPM/SE integration

Secure Element LayerIn the context of mobile devices we have to consider that Flash-memories can not be trusted. Unauthorized access or data manipulation by third party applications is a major security threat for security-critical systems. One attempt to overcome this issue is to use secure hardware to safely store security-critical applications and data. The secure element enables such an environment, where the hardware-based implementation gives protection for unauthorized access.

In this research work we will investigate technical variants and analyze trade-offs of integrating TPM/SE functionality into current and next-generation mobile phones. As a first step, TPM/SE chips can be integrated as SIM or Micro-SD cards for compatibility with current hardware; the next step will be a tight integration of cryptographic methods and secure, tamper-resistant key storage on the actual CPUs or auxiliary processors (e.g. NFC) for better security and power efficiency and reduced number of components in a mobile device.

Expected outcome of this work is an integration of APIs for secure access and communication to the secure element in off-the-shelf mobile phones. The add-on should provide TPM (Trusted Platform Module) functionalities for security-critical applications and implement crypto protocols for secure communication. Finally, applications inside the secure element will perform as show case to our concept of an end-to-end security between hardware and user.

Goals

  • API for secure access to the secure element
  • Add TPM (Trusted Platform Module) functionalities
  • Implementation of crypto protocols for secure communication with secure element
  • Develop several secure applications inside SE
  • End-to-end security
yorandomusmilelink