Using mobile phones to enhance computing platform trust

This paper presents a new method to enhance the trust of traditional computing device by using the popular mobile phone. We first propose a formal method to analyze the platform trust establishment process based on trusted computing technology, and the formal results reveal possible attack and suggest potential solutions. Then, we design an improved solution, in which the mobile phone is extended to support three trusted computing functions: using mobile phone as a root of trust instead of Trusted Platform Module, as a local investigator to obtain evidences from the local computing platform, and as a trusted agent to build a secure communication channel with an external entity in the remote attestation applications. Finally, to describe the feasibility and efficiency, a prototype of the trusted mobile phone is implemented and evaluated based on an ARM development board.