Improving smartphone security with remote attestation

Abstract: Smartphones are becoming increasingly powerful and useful in a work environment. This has led to their adoption at the workplace. Many companies hand out smartphones to their employees and allow employees to bring their own devices to work. There are multiple potential vulnerabilities with such a situation. What happens if the device an employee uses to access secret company data with becomes infected by malware? Existing techniques such as remote attestation is widely used on desktop computers using a Trusted Platform Module (TPM) to allow remote parties to determine the integrity of a computer. However, no smartphones come equipped with a TPM, resulting in the need of alternate solutions. This report proposes a remote attestation system for the Android platform that allows employers to detect compromised devices. Any modification to an application is detected and reliably reported to a remote party.