Trusted Platform for Mobile Devices: Challenges and Solutions

Transcription

1 Trusted Platform for Mobile Devices: Challenges and Solutions Lily Chen Motorola Inc. May 13, 2005

2 Outline Introduction Challenges for a trusted platform Current solutions Standard activities Summary

3 New Security Objective Trusted Platform Controlled network access To bar unauthorized access. Protect service provider s revenue; Protect network properties; Guarantee quality of service Protected communications To protect the information flow to/from a wireless terminal, even as it moves, and between network entities. Seamless security handover/handoff; Layered protection protocol; Link-by-link or end-to-end protection Trusted platform To guarantee the integrity of the mobile platform. Trusted execution environment; Protected storage; Validated system software; Authenticated applications; Authorized user transactions.

4 An Open Platform May Be Open to Attack A mobile terminal has features beyond a traditional mobile phone. Its open platform makes over-the-air provisioning, software updates, and reconfiguration possible. Push type of service and user downloadable applications task handsets with prompt and bulk content authentications. Malicious software can launch Denial of Service attacks on network entities and also damage the device. A Trojan horse may destroy user terminals, e.g. modifying all icons to picture of skulls. Any intrusion may compromise user privacy. Illegal software can open up a back door to the black market and make service providers, manufacturers and consumers lose money. Push Initiator Internet Push Services

5 Value Based Applications are also Valuable to Attackers E/M transactions require handsets accommodating value sensitive applications and user crucial private information. It requires Non-repudiation for the transaction; and MP3 Music MPEG Movie Protection of private information. Purchasing rights protected content by delivering to mobile terminals adds more chance for piracy. It requires E-Book Robust implementation of policies that prevent copyright abuse. Valued content and applications make mobile device a more attractive target for attackers to pursue for physiological satisfaction and financial benefit. Any security breech will imply revenue loss as well as user privacy intrusion. Payme Radio n t Motion Picture Game High speed TV

6 Trusted Mobile Platform A wireless terminal device often has, if not always, multiple secure stakeholders, e.g. manufacturer, operator, software suppliers, digital content suppliers, users, etc. A wireless terminal must serve as a trusted platform to all the stakeholders. Application #1 Application #2 Application #3 Application #n A trusted platform is to assure it functions as it is supposed to. In order to do so, it shall Authenticate hardware and software components; Conduct access control to platform assets. Authorize executions. The access policy shall be established based on security privilege. Trusted platform is a far more complicated concept and difficult target to reach, compared with communication security. System Software Hardware Trusted Platform

7 Trusted Platform Principles Transitive Trust Transitive trust is the principle for a trusted platform. It depends on roots of trust. The roots of trust may include Hardware resources, e.g., non-volatile memory, cryptographic engine and protected storage. Software blocks to enforce mandatory security. It will start from the roots of trust. It measures and verifies the very first software component before transferring control. Then the first component will measure the next component and so on. 2 Transfer Control 4 Roots of Trust Software Component Executable Code Component Executable Code Hardware Measures Next Component Measures Next Component 1 Measure Next Component 3

8 Challenges for Mobile Device in Implementing Trusted Platform Principles A mobile phone platform is accessible by multiple parties in a way that one party may create threat to another party s assets, for example, DRM content provider and a greed user. In order to achieve expectations for all parties, implementing trusted platform principles must be mandatory not optional. Any platform compromise shall be detected as early as possible, even before the mobile device is attached to the network so that with any detected compromise, the device shall be prevented from accessing the network. Implementing trusted platform principles may not be able to use common infrastructure like PKI before a terminal is attached to the network. It may need an on device root of trust. It will need on device active functions to enforce the verification such that it cannot be bypassed.

9 Secure Boot Execution of Transitive Trust A secure boot is a procedure that executes the transitive trust principles. The secure boot code is stored in ROM or equivalent memory and should not be bypassed during execution. The secure boot code can be considered as the root of trust in software and is protected by hardware. It validates each of the components as the device is booting up before giving it control. Each component is authenticated using a public-key based digital signature. The public key used to verify the signature must be authentic, The authenticity of the public key may be provided by an on chip one-time programmable memory so that it is authentic for a given piece of hardware. Image part 2 Sig ( ) Image part I Configuration record - parameters Sig(sk, M) pk H(pk) Secure boot code M Address (Start) Flash start OTP ROM

10 Trusted Platform for Integrity Protection Platform integrity may be attacked to change the device identity, e.g., ESN by modifying the memory or the software to report the identity; To replace hardware parts with retrograde parts; to modify the operating system so that the security policy can be changed or removed; to install unauthorized or even malicious software. Platform integrity is: to ensure using authorized hardware and operating systems; to prevent unauthorized modification of software and hardware. Trusted platform technology will ensure complete and robust device implementation; maintain platform integrity and/or detect unauthorized modifications; enforce security and access policy by using only authorized operating systems.

11 Trusted Platform for Software Download Software may be downloaded or pushed to over the air Unauthorized or malicious software can destroy the platform by exploiting worms and viruses; break user privacy by accessing user data; degrade security by replacing it with an obsolete version of the software; attack the network by pushing malicious software. Trusted platform technology can: verify the integrity and authenticity of the software download; specify a privileged architecture for device software so that each executable software is entitled to certain device functionality and no more; enforce access control to sensitive information stored in the device.

12 Trusted Platform for Robust DRM Implementations Both service providers and content providers need assurance that a DRM implementation in the device is robust and can be trusted to protect digital content. If an implementation is not robust, then the software relating to DRM can be manipulated so as to allow unauthorized access to protected content; the key used to authenticate the device to service providers can be extracted and used to clone the device. the data contained within the Rights Objects/Licenses stored on the device can be manipulated; the keys related to DRM (e.g., content encryption keys) can be extracted from the device and used to decrypt intercepted protected content. Trusted platform technologies can: detect any manipulation of the software used for DRM; protect the key for device authentication; provide protected storage for the keys used for content encryption/decryption.

13 Trusted Computing Group TCG was formally announced April 9, 2003 by its initial promoters. It adopts standards and continues efforts initiated by the Trusted Computing Platform Alliance (TCPA). Compared with TCPA, it enables structure improvement, formalizes by-laws, establishes logo program, etc. The main Trusted Platform Module (TPM) specification was developed in the TCPA and adopted by the TCG. Mobile Phone WG started November The main participants include operators, handset manufacturers, chipset suppliers, etc. The main work addresses mobile phone specific requirements and specifications for trusted platforms. Mobile Phone WG current working documents Use cases expected Q2 of 2005; Requirements expected Q3 of 2005; Specifications expected Q4 of 2005.

14 Summary Trusted platform is a new requirement in cellular security due to open platforms and value-based applications. Trusted platform can provide integrity, software authenticity, as well as a secure execution environment for sensitive applications. Trusted platform can prevent software attacks on open platform mobile devices and protects the property of manufacturers, service providers, application providers, enterprise, and end users. Trusted platform technologies are specified in the TCG. Mobile phone specific requirements and specifications are developed in Mobile Phone Working Group of TCG.