Enabling Secure and Usable Mobile Application: Revealing the Nuts and Bolts of software TPM in todays Mobile Devices
This addresses security risks for enterprises and users in mobile applications, but it is incremental as it applies existing TPM concepts to a specific mobile platform.
The paper tackles security threats in mobile applications by proposing a framework using Trusted Platform Module (TPM) 2.0 for Windows Phone 8.1, implementing remote attestation and secure data storage, and evaluating performance while highlighting challenges of software TPM in mobile devices.
The emergence of mobile applications to execute sensitive operations has brought a myriad of security threats to both enterprises and users. In order to benefit from the large potential in smartphones there is a need to manage the risks arising from threats, while maintaining an easy interface for the users. In this paper we investigate the use of Trusted Platform Model (TPM) 2.0 to develop a secure application for smartphones using Windows Phone 8.1. In particular, we suggest a framework based on remote attestation as a proxy to authenticate remote services, where the device is associated to the user and replaces the users credentials. In addition, we use the TPM 2.0 to enable secured information and data storage within the device itself. We present an implementation and performance evaluation of the suggested architecture that uses our novel attestation and authentication scheme and reveal the caveats of using software TPM in todays mobile devices.