2022年4月,国科大密码学院李彦初博士生在荆继武教授指导下,在IEEE Transactions on Information Forensics and Security(TIFS)期刊发表了题为“TrustSAMP: Securing Streaming Music Against Multivector Attacks on ARM Platform” (原文链接:https://ieeexplore.ieee.org/document/9762750) 的研究论文,提出了一种抗物理内存泄漏攻击和软件攻击的终端音频数据保护方案。研究工作得到国家重点研发计划2020YFB1806205和国家自然科学基金61802398的支持。
近年来,流媒体音乐在数字音乐行业占据主导地位,用户可以以低廉的订阅价格在线聆听庞大的音乐库。终端侧音频数字版权管理(Digital rights management,DRM)对于流媒体音乐行业来说非常关键,因为方案被攻破将导致整个音乐库面临盗版风险。然而,现有的终端侧DRM方案主要侧重于抵御软件攻击,无法完全阻止物理内存泄露攻击(包括冷启动攻击,总线监听攻击,直接内存访问攻击)。
文章提出一种抗物理内存泄漏攻击和软件攻击的终端侧音频DRM方案,称为TrustSAMP,通过将音频数据限制在片上硬件组件构成的隔离执行环境中解密并传输来保证安全。为尽量减小安全域的可信计算基,我们将音频子系统的控制流和数据流进行了分离,仅将关键的音频数据解密和数据明文传输的功能移植到安全世界;此外,还对与音频相关的片上硬件组件的驱动进行了拆分,将大部分驱动代码留在普通执行环境,在隔离执行环境中引入一个微型驱动代理安全地控制相关寄存器。在真实硬件上实现的原型显示,TrustSAMP可以播放多种规格的WAV格式的音频,性能开销非常小,音频质量的损失也可忽略不计。
Streaming music has dominated the digital music industry in recent years, which allows users to enjoy a huge music library online with a low subscription price. Terminal-side audio DRM (Digital Right Management) is very critical for streaming music industry, compromising of which will cause unrestricted listening, dumping and unauthorized secondary distribution. However, existing DRM protection schemes mainly focus on defeating software attacks but lack complete shielding against the physical memory disclosure attacks, including cold boot attacks, bus snooping attacks and DMA attacks.In this paper, we propose a terminal-side audio DRM solution (called TrustSAMP) to protect the copyrighted audio data against both software attacks and physical memory disclosure attacks. The basic idea is to decrypt and transfer the audio data only in certain on-SoC components secured by ARM TrustZone. To minimize the TCB (Trusted Computing Base) of the secure world, we separate the control flow and the data flow of the Linux audio subsystem and port only the codes used for audio data decryption and plaintext transfer into the secure world. Moreover, we leave most driver codes of the audio-associated on-SoC components in the rich OS (i.e., in the normal world), and introduce a tiny proxy in the secure world to control the associated registers according to the requests from the normal-world drivers. The prototype implemented on real hardware shows that TrustSAMP can play a variety of wav-format audio with very small overhead and negligible loss of audio quality.
论文信息:Yanchu Li, Lingguang Lei, Yuewu Wang, Jiwu Jing, Quan Zhou: TrustSAMP: Securing Streaming Music Against Multivector Attacks on ARM Platform. in IEEE Transactions on Information Forensics and Security, vol. 17, pp. 1709-1724, 2022, doi: 10.1109/TIFS.2022.3170274(CCF-A)
