Secure Mobile Payment Employing Trusted Computing on TrustZone Enabled Platforms

Recent technological advances have accelerated the design and worldwide deployment of mobile payment systems (m-payment). However, m-payment over open devices and networks poses security challenges of a new dimension that users disclose lots of sensitive information and privacy can't be protected properly in open environment. In this paper, we propose a mobile payment architecture employing with trusted computing on an ARM TrustZone hardware isolation platform, which can ensure transactions data security, realize privacy friendly payment and provide trusted computing services to the system. We also have implemented a prototype system on a simulation environment by using ARM FastModel and Open Virtualization software stack for ARM TrustZone, and presented our implementation on a real development board by using ARM CoreTile Express A9x4. Our experiment evaluation and security analysis prove that our scheme can effectively meet the security requirements of a practical m-payment with acceptable performance.