Towards a trusted mobile desktop

Abstract

Today's mobile phone platforms are powerful enough to be used as personal assistants that render and edit even complex document formats. However, short development cycles in combination with high complexity and extendability make these devices not secure enough for security-critical tasks. Therefore, end-users either have to use another secure device, or to accept the risk of losing sensitive information in the case of a loss of the device or a successful attack against it. We propose a security architecture to operate on security-critical documents using a commercial off-the-shelf (COTS) mobile phone hardware platform offering two working environments. The first one is under full control of the user while the second is isolated and restricted by additional security and mobile trusted computing services. The realizability of such an architecture has been proven based on a 'TrustedSMS' prototype developed on top of an OMAP-35xx development board, a hardware platform similar to many actual mobile phone platforms. The prototype includes nearly all components required to securely isolate the two compartments and implements use cases such as SMS writing, signing, receiving, verification, and key management. © 2010 Springer-Verlag.