TruApp: A TrustZone-based Authenticity Detection Service for Mobile Apps

TitleTruApp: A TrustZone-based Authenticity Detection Service for Mobile Apps
Publication TypeConference Paper
Year of Publication2017
AuthorsYalew SD, Mendonça P, McGuire G, Haridi S, Correia M
Conference NameProceedings of the 13th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob)
Date Published10/2017
Conference LocationRome, Italy

In less than a decade, mobile apps became an integral part of our lives. In several situations it is important to provide assurance that a mobile app is authentic, i.e., that it is indeed the app produced by a certain company. However, this is challenging, as such apps can be repackaged, the user malicious, or the app tampered with by an attacker. This paper presents the design of TRUAPP, a software authentication service that provides assurance of the authenticity and integrity of apps running on mobile devices. TRUAPP provides such assurance, even if the operating system is compromised, by leveraging the ARM TrustZone hardware security extension. TRUAPP uses a set of techniques (static watermarking, dynamic watermarking, and cryptographic hashes) to verify the integrity of the apps. The service was implemented in a hardware board that emulates a mobile device, which was used to do a thorough experimental evaluation of the service.