Enhancing the Security of Mobile Applications by Using TEE and (U)SIM

Mobile phone platforms are increasingly becoming vulnerable to security attacks and is untrusted to host security sensitive applications, content, and services. Open source mobile ecosystems such as Android allow increased flexibility for developing and deploying applications. However, there are industry-led initiatives to increase the security of mobile phone platforms by using virtualisation and hardware abstraction techniques. In this paper, we explore the potential of the recently introduced Trusted Execution Environment (TEE) ecosystem for mobile phones in order to compliment the security-proven (U)SIM based security functions. We present a security architecture and a novel mobile payment and multimedia content playback solution leveraging on the existing post-paid billing method. We integrate TEE with (U)SIM based security techniques to provide enhanced security for user authentication, content purchase, protected storage and secure content viewing.