Enabling Secure and Usable Mobile Application: Revealing the Nuts and Bolts of software TPM in todays Mobile Devices

TL;DR

This paper explores using Trusted Platform Module 2.0 in Windows Phone 8.1 to enhance security and usability of mobile apps through remote attestation and secure data storage, highlighting implementation challenges.

Contribution

It introduces a novel framework leveraging software TPM 2.0 for mobile security, including remote attestation and user authentication, with performance evaluation and analysis.

Findings

Successful implementation of TPM-based remote attestation on mobile

Identified performance bottlenecks in software TPM usage

Revealed limitations of current software TPM in mobile environments

Abstract

The emergence of mobile applications to execute sensitive operations has brought a myriad of security threats to both enterprises and users. In order to benefit from the large potential in smartphones there is a need to manage the risks arising from threats, while maintaining an easy interface for the users. In this paper we investigate the use of Trusted Platform Model (TPM) 2.0 to develop a secure application for smartphones using Windows Phone 8.1. In particular, we suggest a framework based on remote attestation as a proxy to authenticate remote services, where the device is associated to the user and replaces the users credentials. In addition, we use the TPM 2.0 to enable secured information and data storage within the device itself. We present an implementation and performance evaluation of the suggested architecture that uses our novel attestation and authentication scheme and reveal the caveats of using software TPM in todays mobile devices.