Market-driven code provisioning to mobile secure hardware
Today, most smartphones feature different kinds of secure hardware, such as processor-based security extensions (e.g., TrustZone) and dedicated secure co-processors (e.g., SIM-cards or embedded secure elements). Unfortunately, secure hardware is almost never utilized by commercial third party apps, although their usage would drastically improve security of security critical apps. The reasons are diverse: Secure hardware stakeholders such as phone manufacturers and mobile network operators (MNOs) have full control over the corresponding interfaces and expect high financial revenue; and the current code provisioning schemes are inflexible and impractical since they require developers to collaborate with large stakeholders. In this paper we propose a new code provisioning paradigm for the code intended to run within execution environments established on top of secure hardware. It leverages market-based code distribution model and overcomes disadvantages of existing code provisioning schemes. In particular, it enables access of third party developers to secure hardware; allows secure hardware stakeholders to obtain revenue for usage of hardware they control; and does not require third party developers to collaborate with large stakeholders, such as OS and secure hardware vendors. Our scheme is compatible with Global Platform (GP) specifications and can be easily incorporated into existing standards.