Tsinghua Science and Technology


embedded system, TrustZone, Trusted Application (TA), identity authentication, private data protection


In TrustZone architecture, the Trusted Application (TA) in the secure world does not certify the identity of Client Applications (CA) in the normal world that request data access, which represents a user data leakage risk. This paper proposes a private user data protection mechanism in TrustZone to avoid such risks. We add corresponding modules to both the secure world and the normal world and authenticate the identity of CA to prevent illegal access to private user data. Then we analyze the system security, and perform validity and performance tests. The results show that this method can perform effective identity recognition and control of CA to protect the security of private user data. After adding authentication modules, the data operation time of system increases by about 0.16 s, an acceptable price to pay for the improved security.


Tsinghua University Press