A TPM-based secure data access control method of cloud storage in mobile devices
According to the author, server-side encryption mode is not safe, because all the encryption keys are managed by the software, the integrity of the client software is not guaranteed, also a simple authentication mechanism based on user ID and password also a weaker authentication.DFCloud is a kind of Client-Side Encryption because the client uses a TPM and key management module as the security processing module, and the file encryption key will be stored on the client in the DFCloud mechanism.
-
DFCloud uses a client-based encryption method to guarantee that server-side data leakage cannot occur.
-
DFCloud relies on Trusted Platform Module (TPM) functionalities to manage all the encryption keys and define a key sharing protocol among legal users.
-
We assumed that each client is mobile devices using ARM TrustZone technology and implemented security modules in the Secure World of the TrustZone environment to support hardware-based key management.
-
DFCloud performs remote attestation on each client to prevent data or credential leakages caused by malicious programs on the client-side before a data encryption key is used. The key can be used only if the whole client system is in a “safe state”.
