TZMon: Improving mobile game security with ARM trustzone

Sanghoon Jeon, Huy Kang Kim

Research output: Contribution to journalArticlepeer-review

Abstract

As the game industry is moving from PC to smartphone platforms, security problems related to mobile games are becoming critical. Considering the characteristics of mobile games such as having short life-cycles and high communication costs, the server/network-side security technologies designed for PC games are not appropriate for mobile games. In this study, we propose TZMon, a client-side game protection mechanism based on the ARM TrustZone, which protects the confidentiality and integrity of mobile games. TZMon is composed of application integrity protocol, secure update protocol, data hiding protocol, and timer synchronization protocol. To adequately safeguard game codes and data, TZMon is designed considering an environment of frequent communications with the game server, a stand-alone operation environment, and an unreliable environment using a rooted OS. Furthermore, flexibility is provided to game application developers who apply security policies by using the Java Native Interface (JNI). In this study, we use Android and the Open Portable Trusted Execution Environment (OPTEE) as the OS platforms for Normal World and Secure World, respectively. After implementing a full-featured prototype of TZMon, we apply it to several open-source mobile games. We prove through the experiments that the application of the proposed TZMon does not cause any noticeable performance degradation and can detect major cheating techniques of mobile games.

Original languageEnglish
Article number102391
JournalComputers and Security
Volume109
DOIs
Publication statusPublished - 2021 Oct

Keywords

  • Application Integrity
  • ARM TrustZone
  • Mobile Game Security
  • OPTEE
  • Secure Update

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Fingerprint

Dive into the research topics of 'TZMon: Improving mobile game security with ARM trustzone'. Together they form a unique fingerprint.

Cite this