Securing the System with TrustZone Ready Program Securing your Digital World. Secure Services Division

Transcription

1 Securing the System with TrustZone Ready Program Securing your Digital World Secure Services Division 1

2 ARM Secure Services Division Established in Q To enable a market for secure applications and services Based on trusted technology foundations: TrustZone Addressing the needs of multiple application areas Content, enterprise, payment, commerce and device management Operating ethos Scalability Interoperability Pragmatic Assurance 2

3 PC Threatscape 3

4 Coming to a Mobile Device Near You The mobile device is fast becoming the centre of our connected lives: Capable business devices Shopping, banking Social networking An increasing amount of mobile malware has been reported over the past several years, which raises concerns for the future, particularly when coupled with the recent trend towards establishing a more open system environment for cellular handheld devices. -NIST Guidelines on Cell Phone and PDA Security - PC-like threats are starting to surface: Trojans, viruses Keyloggers Patch cycles Rich operating systems are vulnerable to attack Q: What is the answer to this? A: HARDWARE BACKED SECURITY 4

5 Hardware Security Starts With Architecture Good SoC design software services Services Software OS Hardware 5

6 TrustZone in 3 Steps 1. Define secure hardware architecture Two separate domains: normal and secure Extends across system Processor, display, keypad, memory, clock, radios 2. Implement in silicon system on chip (SoC) Enforcing secure/normal separation physically 3. Combine SoC with OS Separate but connected to main operating system CPU NORMAL Rich OS CPU SECURE Secure OS Result: A Execution Environment (TEE) Ready to develop and deploy trusted services Execution Environment 6

7 TrustZone Software View TrustZone enables a Execution Environment (TEE) Protects against software attack from open/rich OS Delivers two separate domains, normal and secure Normal App App App Platform / Rich-OS App Secure Monitor Secure App App Secure OS in Execution Environment Secure Boot ARM Processor with TrustZoneSecurity Extensions SoC with Security Aware Components Extends across entire system Beyond the processor Can deliver secure Processing data path On/off-chip memory Input & display Video path etc. TEE provides scalable environment for security applications Content management, strong user authenticated payments, etc. 7

8 Interoperability and Assurance Convergence brings complexity Many standards Many bodies Many purposes Key challenges Applicability to address multiple market requirements Scalability across devices and form factors Certification and Assurance within CE lifecycles We need to make hardware security simple 8

9 Introducing: TrustZone Ready Program Market Requirements Desired Services Industry Factors Security Design Blueprints TEE Integration Interoperability Standard APIs SoC Platform Implementation Industry Certification SoC Platform Assurance SoC Checklist 9

10 Designing the right chip: we can help ARM is making it quicker and easier to develop a SoC with the right security features: Security design blueprints Market requirements Checklists Optional design reviews TrustZone Ready Program ARM working with Ecosystem Design Review (optional) Security Requirements checklist Market Requirements Reviewer s agreements Early access Updates OS Base System Architecture Board Boot Security Blueprints 10

11 ARM Base System Architecture CPU Core Execution Environment Boot Rom Other Non- CPUs and Masters GPU Processor Cluster L1$ L2$ Processors ARMv7A Display External Interface such as IEEE1149.1(JTAG) Serial Wire Debug (SWD) CoreSight Debug Sub- System Display Display Controller System Control and Power subsystem (SCP) External Interface such as IEEE1500 (SECT) Clock Debug Test Manufacturing Other CPUs and Masters SoC Test interface Power control System Integrity INTERCONNECT Configuration registers On-chip memory Region Mapping DMC PHY DDR Configuration Registers SRAM SRAM Boot ROM Scratch SRAM Region Mapping FLASH CTRL PHY FLASH Non Secure Peripherals: Timers, Counters, RTC, MHU, UARTs, etc... OTP/Fuses NV Counter Random Num Gen Real-time Clock WDTimer Secure Peripherals Configurable Secure Peripherals KMI/I2C/ GPIO Input Device input IO RAM Firmwares Boundary2 or higher Switchable Between and Normal World Off-chip memory Has Capabilities Key storage Random number generator Counters and timers Security Anchors 11

12 TrustZone is System Wide Security Complete TrustZone solution consists of: TrustZone-Enabled CPU Core (eg Cortex-A5) TrustZone Software running on the CPU core TrustZone-Aware L2 cache controller (if L2 cache is used) TrustZone-Aware AXI Interconnect Fabric Secure-World Memory (in addition to Normal World memory) TrustZone-Aware Interrupt Controller On-chip OTP protection for encryption and signature keys On-SoC ROM protection for Boot Code Off-SoC Memory Address Space Control Secure Debug Control Disable debug of Secure World ARM can supply System Wide TrustZone Technology 12

13 Giesecke & Devrient (G+D) Mobicore MobiCore at a Glance Normal World - NWd Application TLC API Trustlet Connector (TLC) MC Driver API MobiCore Android TM Driver TCI MCI Secure World - SWd ARM TrustZone with MobiCore Trustlet MC Trustlet API ARM TrustZone with G&D MobiCore MobiCore MobiCore Use Cases MobiCore and Content Protection MobiCore and Enterprise Applications Security Support of the Rich OS MobiCore with Financial Services: -Securing Mobile Banking, NFC and Proximity Payment -New payment methods such as Peer2Peer Money transfer ARM TrustZone enabled SoC G&D Contact Bernhard von Canstein Customer Solutions Phone: +49 (172) bernhard.canstein@gi-de.com Location: Prinzregentenstr Munich, Germany App Development Trustlets are based on Trustlet API Trustlet development in C using the Trustlet SDK Compiling and linking supported with ARM RVCT tools 13

14 Logic Foundations Contact : Christophe Colas, Marketing Director Christophe.Colas@trusted-logic.com Execution Environment Used in multiple security use cases Premium content protection (PlayReady, CPRM, Marlin, DTCP-IP, Widevine,..) Mobile financial services Enterprise services (VPN, SSL, secure , ) Device integrity and management Software Development Kit for 3rd parties APPLICATIONS Rich OS Foundations Supports GlobalPlatform standards Deployed in millions of smartphones and tablets Supports User Interface (critical to payment solutions) Smartphone Processor Crypto Secure Storage User Interface Leverages hardware security features present on hardware platforms including ARM TrustZone 14

15 GlobalPlatform Defining TEE Standards Rich OS Application Environment Client Application DRM Client Application Payment Client Application Corporate Execution Environment Application DRM Application Payment Application Corporate GlobalPlatform TEE Functional API GlobalPlatform TEE Client API GlobalPlatform TEE Internal API Proprietary Interfaces Rich OS TEE Kernel Hardware Platform HW Secure Resources HW Keys, Secure Storage, UI (Keypad, Screen), Crypto accelerators, NFC controller, Secure Element, etc. GlobalPlatform Standards Status : Done Future Development 15

16 GP Compliance and Certification GlobalPlatform Devices Committee Normal World <-> Secure World API already published Secure World App API under public review NOW TEE Working Group will work on Interoperability test suites in 2012 Certification Working Group Will re-use GlobalPlatform Composite Certification Processes Certifying at Chip level Final checking at Device level Defining Security Targets NOW Processes will be defined in

17 Growing Demand for Applications Content Premium content protection Advertising enforcement Cloud-based services Payment Service/ Bank Secure PIN Entry for payments Remote User Authentication Mobile banking Enterprise Anti Malware Data security and storage Identity/SSO Management Commerce Vouchers/Coupons Identity Management Location based services 17

18 How Does TrustZone Help? ❷ ❶ ❸ TrustZone trusted PIN entry path ❶ hardware peripheral input ❷ To trusted software ❸ To trusted authentication service Just as Chip and PIN Point of Sales terminals do today So accepting a transaction from a Certified TEE PIN authenticated device should be lower risk for an internet retailer than from a PC today with no hardware security A corresponding reduction in interchange rate is justifiable alongside reduction in risk possibly approaching cardholder present rates. At the same time, User Experience is SIMPLER than today s PC based payments 18

19 SmartTV, Payment & Content Protection 1 time SETUP Please link your Payment Account Payment Service Provider THE BIG GAME Ticket Price: $10 To Access this Channel Please Enter PIN Internet Content Protection Manager Please Wait... Payment Authorized Installing CP System Scrambled Broadcast Content owner 19

20 Application: Enterprise AIM: Bring better user experience through security Problems to solve Preventative approach rather than reactive best suited to Mobile devices Authentication techniques need simplicity for mobile devices (four digit PIN or biometric matching rather than complex Username/Passwords) Certification WILL be a requirement for some markets (healthcare) Replace additional hardware that is inconvenient to carry Hardware backed security in devices can solve this 2-FA Token Function Handset 2 Factor Authentication Secure Storage Communication Security Corporate Policy Enforcement $20 Annual Price per User $TBD 20

21 Example Use of TrustZone TPM2.0 Microsoft demonstrated TPM2.0 implemented using TrustZone TrustZone/ OS Ideal for: boot, Key storage, Certificates jump to mins 21

22 Benefits of TrustZone Ready Program Quicker to market with right product A cohesive set of documents and checklists developed by ARM in conjunction with major service providers developing trusted applications Clearer target = shorter TTM Faster Industry Certification Reduced cost Fewer re-spins = less $ Increased sales Application processors & devices with recognised security capability will be preferred over those without 22

23 How To Get Involved? 1. Sign up to the TrustZone Ready Enablement Program Access the documents, recommendations & checklists 2. Join GlobalPlatform TEE Working Group 3. Work with G+D or Gemalto for TEE software 4. Build chips/devices/services based on TrustZone + TEE 23

24 In Summary Security is an opportunity for the partnership It will bring your chips and devices more value It will bring new revenue opportunities It will open up new markets Ensure TrustZone based TEE is part of your strategy 24