Lecture 3 MOBILE PLATFORM SECURITY

Similar documents
Embedded System Security Mobile Hardware Platform Security

Mobile Platform Security Architectures A perspective on their evolution

Embedded System Security Mobile Hardware Platform Security

Old, New, Borrowed, Blue: A Perspective on the Evolution of Mobile Platform Security Architectures

Lecture Secure, Trusted and Trustworthy Computing Mobile Hardware Platform Security

On-board Credentials. N. Asokan Kari Kostiainen. Joint work with Jan-Erik Ekberg, Pekka Laitinen, Aarne Rantala (VTT)

Lecture 2 PLATFORM SECURITY IN ANDROID OS

INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD

Designing Security & Trust into Connected Devices

Designing Security & Trust into Connected Devices

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

On-board Credentials. N. Asokan Nokia Research Center, Helsinki. Joint work with Jan-Erik Ekberg, Kari Kostiainen, Pekka Laitinen, Aarne Rantala (VTT)

ARM Security Solutions and Numonyx Authenticated Flash

TCG TPM2 Software Stack & Embedded Linux. Philip Tricca

Protecting your system from the scum of the universe

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

SMART DEVICES: DO THEY RESPECT YOUR PRIVACY?

Trustzone Security IP for IoT

Laying a Secure Foundation for Mobile Devices. Stephen Smalley Trusted Systems Research National Security Agency

Provisioning secure Identity for Microcontroller based IoT Devices

Security Philosophy. Humans have difficulty understanding risk

Linux Kernel Security Update LinuxCon Europe Berlin, 2016

Lecture 10. Denial of Service Attacks (cont d) Thursday 24/12/2015

Town Crier. Authenticated Data Feeds For Smart Contracts. CS5437 Lecture by Kyle Croman and Fan Zhang Mar 18, 2016

SIERRAWARE SIERRATEE FOR MIPS OMNISHIELD

Protecting your system from the scum of the universe

Lecture Embedded System Security Introduction to Trusted Computing

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

Designing Security & Trust into Connected Devices


Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

New Approaches to Connected Device Security

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

Intelligent Terminal System Based on Trusted Platform Module

Lecture Embedded System Security Trusted Platform Module

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

TERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004

Binding keys to programs using Intel SGX remote attestation

Lecture Embedded System Security Introduction to Trusted Computing

How I Learned to Stop Worrying and Love the Internet of Things

Linux Kernel Security Overview

OP-TEE Using TrustZone to Protect Our Own Secrets

Module: Cloud Computing Security

Lecture Embedded System Security Introduction to Trusted Computing

Influential OS Research Security. Michael Raitza

TPM v.s. Embedded Board. James Y

Mobile Trusted Computing

Operating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008

Securing IoT with the ARM mbed ecosystem

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Google on BeyondCorp: Empowering employees with security for the cloud era

Introduction to Device Trust Architecture

Applications of Attestation:

GlobalPlatform Trusted Execution Environment (TEE) for Mobile

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC

CSE543 - Computer and Network Security Module: Virtualization

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

RISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas

How to protect Automotive systems with ARM Security Architecture

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2007

Facing the Reality: Virtualization in a Microkernelbased Operating System. Matthias Lange, MOS, January 26th, 2016

Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

Technical Brief Distributed Trusted Computing

Lecture 9. PSiOS: Bring Your Own Privacy & Security to ios Devices. Tim Werthmann, Ralf Hund, Lucas Davi, Ahmad-Reza Sadeghi and Thorsten Holz

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2009

CIS 4360 Secure Computer Systems Secured System Boot

Trusted Platform for Mobile Devices: Challenges and Solutions

The Next Steps in the Evolution of Embedded Processors

Mobile Middleware Course. Mobile Platforms and Middleware. Sasu Tarkoma

CIS 4360 Secure Computer Systems SGX

Surviving in the wilderness integrity protection and system update. Patrick Ohly, Intel Open Source Technology Center Preliminary version

CSE Computer Security

The Future of Security is in Open Silicon Linux Security Summit 2018

Creating a Practical Security Architecture Based on sel4

Building Trust Despite Digital Personal Devices

GSE/Belux Enterprise Systems Security Meeting

Beyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited

CSE543 - Computer and Network Security Module: Virtualization

Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices

CSE484 Final Study Guide

2 Lecture Embedded System Security A.-R. Darmstadt, Android Security Extensions

IoT It s All About Security

Security of Embedded Systems

Intel s s Security Vision for Xen

Android: A Security Analysis

Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel

Securing the System with TrustZone Ready Program Securing your Digital World. Secure Services Division

A Proposed Standard for Entity Attestation draft-mandyam-eat-00. Laurence Lundblade. November 2018

CSE543 - Computer and Network Security Module: Virtualization

Trusted Virtual Domains: Towards Trustworthy Distributed Services. Ahmad-Reza Sadeghi System Security Lab Ruhr-Universität Bochum

Windows IoT Security. Jackie Chang Sr. Program Manager

Unicorn: Two- Factor Attestation for Data Security

Date: 13 June Location: Sophia Antipolis. Integrating the SIM. Dr. Adrian Escott. Qualcomm Technologies, Inc.

Big and Bright - Security

Trusted Computing and O/S Security

A Developer's Guide to Security on Cortex-M based MCUs

CLASS AGENDA. 9:00 9:15 a.m. 9:15 10:00 a.m. 10:00 12:00 p.m. 12:00 1:00 p.m. 1:00 3:00 p.m. 3:00 5:00 p.m.

Secure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Four Components of a Computer System

Transcription:

Lecture 3 MOBILE PLATFORM SECURITY

You will be learning: What techniques are used in mobile software platform security? What techniques are used in mobile hardware platform security? Is there a common general architecture? 2

Mobile platform security Recall classes of basic security techniques: isolation Permission-based access control signing Hardware-based security features 3

Ecosystem stakeholders Platform provider Developer Mobile device Marketplace operator Mobile operator manufacturer See also: Book section 2.1. User Administrator Think about threat models! 4

Modeling threats Identify Assets and trust assumptions Potential adversaries Adversary capabilities/limitations Possible attack vectors Cf. Software Security course 5

Ecosystem stakeholders Platform provider Developer Mobile device Marketplace operator Mobile operator manufacturer See also: Book section 2.1. User Administrator Think about threat models! 6

Mobile platform architecture Mobile Library Service Plugin Mobile Platform (OS) OS middleware OS kernel System services (Inter-process ) communication (IPC) resources System libraries Legend Mobile Platform Component Third-Party Software Component 7

Platform security architecture Mobile Third-party library Third-party service System service System library User Platform Security Architecture Reference Monitor IPC Software Isolation Developer Platform Provider Administrator System Updater Management Boot Verifier Secure Storage Provider Policy Database Database Legacy DAC Installer Loader Execution Protection HW Security API Centralized Marketplace Operator Auxiliary Marketplace Operator Boot Integrity Secure Storage Identification Isolated Execution Authentication Legend Role Platform Security Component Third-Party Software Component Hardware-Security Functionality 8

Step 1a: Developer publishes an application Mobile Developer requests permissions for his application Platform Security Architecture Developer submits the application to a centralized marketplace Developer In some platforms the application can be directly sideloaded to the mobile device Centralized Marketplace Operator Auxiliary Marketplace Operator Role Legend Some platforms support auxiliary marketplaces 9

Step 1b: Marketplace signs the application Mobile In some platforms the developer signs the app package Platform Security Architecture Developer Marketplace provider checks the application (and requested permissions) and signs the app package Centralized Marketplace Operator Auxiliary Marketplace Operator Role Legend 10

Step 2: installation Installer consults local policy database about requested permissions Mobile Installer checks application signature and requested permissions Installer may prompt the user to accept some of the requested permissions User installer component needs integrity protection Platform Security Architecture Installer stores assigned application permissions Boot Verifier Boot Integrity Permission and policy Role databases need integrity protection Policy Database Secure Storage Provider Secure Storage Legend Platform Security Component Installer Database Hardware-Security Functionality Developer Centralized Marketplace Operator Auxiliary Marketplace Operator Mobile device receives an application installation package from a marketplace (or developer) 11

Step 3a: loading Mobile Loader attaches permissions to the started process User Platform Security Architecture Developer Policy Database Installer Centralized Marketplace Operator Boot Verifier Secure Storage Provider Database Loader Auxiliary Marketplace Operator Loader reads permissions from the permission database Loader component needs integrity protection Boot Integrity Role Secure Storage Platform Security Component Legend Third-Party Software Component Integrity of installed application binaries Hardware-Security Functionality 12

Step 3b: execution OS/HW isolate applications from one another at runtime Reference monitor checks permissions to control access to system resources Some applications need secure state (e.g., DRM) Mobile Platform Security Architecture Some applications Role need Policy s and platform Database Boot Integrity secrecy for their persistent storage Platform Security Component need to communicate with each other and HW Boot Verifier Third-party library Reference Monitor Secure Storage Provider Secure Storage Database Legend Legacy DAC Identification Third-party service IPC Third-Party Software Component Software Isolation Installer Loader Isolated Execution System service System library HW Security API Execution Protection Authentication Hardware-Security Functionality User Developer Centralized Marketplace Operator Auxiliary Marketplace Operator Some applications need device identification and authentication (e.g., provisioning) 13

Step 4: System updates Platform providers issue (signed) system updates System updater rewrites parts of system software Mobile Third-party library Platform Security Architecture Reference Monitor System updater verifies received update using policy database Third-party service IPC System service System library Software Isolation User Developer Platform Provider Administrator System Updater Management Boot Verifier Secure Storage Provider Policy Database Database Legacy DAC Installer Loader Execution Protection HW Security API Centralized Marketplace Operator Auxiliary Marketplace Operator Administrators may update device policies and applications Boot Integrity Secure Storage Identification Isolated Execution Authentication Role System updates need secure state to prevent rollbacks to previous system version Platform Security Component Legend Third-Party Software Component System updates may Hardware-Security need device Functionality identification 14

Recap: main techniques 4. Permission-based access control Platform Provider Administrator Mobile Platform Security Architecture System Updater Management Boot Verifier Third-party library Reference Monitor Secure Storage Provider Policy Database Database Third-party service IPC 3. Permission assignment Legacy DAC System service Installer Loader Execution Protection System library Software isolation 5. isolation HW Security API User Developer Centralized Marketplace Operator Auxiliary Marketplace Operator 1. Permission request 2. signing 6. API to system functionality (e.g. secure storage) Boot Integrity Secure Storage Identification Isolated Execution Authentication Legend Role Platform Security Component Third-Party Software Component Hardware-Security Functionality 15

Platform security architecture Mobile Third-party library Third-party service System service System library User Platform Security Architecture Reference Monitor IPC Software isolation Developer Platform Provider Administrator System Updater Management Boot Verifier Secure Storage Provider Policy Database Database Legacy DAC Installer Loader Execution Protection HW Security API Centralized Marketplace Operator Auxiliary Marketplace Operator Boot Integrity Secure Storage Identification Isolated Execution Authentication Legend Role Platform Security Component Third-Party Software Component Hardware-Security Functionality Skip to other OSs Skip to Why Generalize? 16

Mobile platforms revisited Android ~2007 Java ME ~2001 feature phones : 3 billion devices! Not in smartphone platforms Symbian ~2004 First smartphone OS 17

Mobile platforms revisited ios ~2007 ip* devices; BSD-based MeeGo ~2010 Linux-based MSSF (security architecture) Windows Phone ~2010... Skip to Why Generalize? 18

Mobile Android Java/Dalvik/ART Library native User OS Middleware ActivityManagerService/ PackageManagerService Developer Platform Provider eg. Google System Updater Policy Database Installer Administrator Remote Management Loader Database Binder IPC Reference Monitor Execution Protection HW Security API (Java) Auxiliary Marketplace Operator Google Play and others Boot loader OS Kernel Legacy DAC Reference Monitor Binder IPC Execution Protection Boot Verifier (optional) SELinux MAC Reference Monitor Legacy IPC Boot Integrity Secure Storage Legend Role Platform Security Component Third-Party Software Component Hardware-Security Functionality Android

Symbian First widely deployed smartphone OS EPOC OS for Psion devices (1990s) Microkernel architecture: OS components as user space services Accessed via inter-process communication (IPC) 20

Symbian Platform Security Introduced in ~2004 Apps distributed via Nokia Store Sideloading supported Permissions are called capabilities, fixed set (21) 4 Groups: User, System, Restricted, Manufacturer 21

Symbian Platform Security s identified by: UID from protected range, based on trusted code signature Or UID picked by developer from unprotected range Optionally, vendor ID (VID), based on trusted code signature 22

Mobile Symbian OS (C++) Shared Library (C++) Service (C++) User OS Middleware Platform Provider (Nokia) System Updater Policy Database Installer Service Database HW Security API Developer Centralized Marketplace Operator (Nokia Store) Boot loader Boot Verifier OS Kernel Reference Monitor Execution Protection IPC Software isolation Loader Boot Integrity Secure Storage Identification Authentication Legend Role Platform Security Component Third-Party Software Component Hardware-Security Functionality Symbian

Apple ios Native application development in Objective C Web applications on Webkit Based on Darwin + TrustedBSD kernel extension TrustedBSD implements Mandatory Access Control Darwin also used in Mac OS X 24

ios Platform Security Apps distributed via itunes App Store One centralized signature authority Apple software vs. third party software Runtime protection All third-party software sandboxed with same profile Permissions: entitlements (post ios 6) Contextual permission prompts: e.g. location 25

Mobile ios Objective-C, C/C++ web Platform Provider Apple System Updater Policy Database Installer User Developer Administrator Apple Remote Management Database Loader Core OS Boot Verifier Reference Monitor (TrustedBSD MAC) Secure Storage Provider Execution Protection HW Security API (file system, key chain) Centralized Marketplace Operator Apple Boot Integrity Secure Storage Legend Role Platform Security Component Third-Party Software Component Hardware-Security Functionality ios

MeeGo Linux-based open source OS Intel, Nokia, Linux Foundation Evolved from Maemo and Moblin development in Qt/C++ Partially buried, but lives on Linux Foundation shifted to HTML5-based Tizen MeeGo -> Mer -> Jolla s Sailfish OS 27

MeeGo Platform Security Mobile Simplified Security Framework (MSSF) Permissions: resource tokens Enforced via Smack Apps identified by signatures from software sources Policy specifies privileges grantable by software sources 28

Mobile MSSF C/C++ Library C/C++ Plugin C/C++ Service C/C++ User OS Middleware Platform Provider System Updater Policy Database Database Installer Loader HW Security API (file system) Developer Boot loader Boot Verifier OS Kernel Smack MAC Reference Monitor IPC Secure Storage (Integrity) Provider (IMA/EVM) Legacy DAC Reference monitor Software isolation Execution Protection Auxiliary Marketplace Operator Boot Integrity Secure Storage Legend Role Platform Security Component Third-Party Software Component Hardware-Security Functionality MSSF

Why Generalize? The General Problem http://xkcd.com/974/ 30

Model for platform security Four processes to protect: 1. Software deployment 2. installation 3. Runtime operation 4. Platform management Skip to Big Picture 31

1. Software deployment Developing and publishing Design choices: Distribution : centralized vs. decentralized App signing: certified vs. self-signed Developer Centralized Marketplace Operator Auxiliary Marketplace Operator 32

1. Software deployment Design choices: App identification: global vs. local Developer Centralized Marketplace Operator More design choices discussed in book chapter 4. Auxiliary Marketplace Operator 33

Software deployment Android ios MSSF Symbian Distribution model Multiple marketplaces, sideloading Centralized marketplace Multiple marketplaces, sideloading Centralized marketplace, limited sideloading signing Developer signature Centralized signature Marketplace and developer signature Centralized or developer signing: affects set of permissions identifier Package ID, local Linux UID for permissions ID 3-part ID: Marketplace - package - application ID, vendor ID 34

2. App installation Acquiring/installing a new app Design choices: Permission assignment: user vs. authority? Permission granularity? updates: same origin vs. centrally authorized? Policy Database Installer Database 35

App permissions Ask user? Install or use time? Automatic granting? Revocation? What about libraries? Symbian ios Android 36

App permissions Android ios MSSF Symbian Granularity Fine-grained Pre-defined profiles (ios6 entitlements) Assignment Ask user: presentation Ask user or app signature by group (11), install time & runtime (6.0) Fixed profile for all apps by name, runtime Fine-grained Marketplacespecific rights profiles Coarse-grained Ask user or centralized signature never ask by name (21), install time Both Android (> 6.0) and ios allow revocation of granted permissions 37

App permissions Runtime permission changes Android ios MSSF Symbian Changes in process permissions at runtime Pre 6.0: Constant (except URI permissions) > 6.0: User can change rights User can change rights Rights can increase by plugin loading, decrease by request Constant (library loading can fail) Permissions of libraries App s permissions App s permissions Union of app and library permissions App s permissions (library perms must be a superset) 38

App updates Who can update an app? Same-origin: same dev. key Trusted marketplace(s) Allow anyone Android ios MSSF Symbian Updates allowed if Same-origin: must match old version s developer key Centrally signed Marketplace s trust level high enough Protected? Same-origin; Unprotected? Anyone 39

3. Runtime operation Design choices: Permission enforcement: where? App data protection: how to secure storage? Reference Monitor IPC Database Loader Hardware support: Lecture 4 Secure Storage Provider Legacy DAC Execution Protection 40

Runtime operation Access control enforcement: where is reference monitor? Where is access control enforced? Android ios MSSF Symbian UID/GID-based in kernel + IPC access control in Binder + application code Centralized D-Bus framework + socket IPC in kernel + application code Reference monitor for IPC calls + application code 41

Protecting data & code s: isolation for data access Platform: executables (see later) Android ios MSSF Symbian data integrity Own directory and Linux access control Access to own directory only Permissionbased policies Own directory 42

4. Platform management Bootup, platform integrity, updates Design choices: Boot integrity: secure vs. authenticated? Platform Provider System Updater Policy Database Boot Verifier Administrator Management Database 43

Secure boot vs. authenticated boot OS Kernel checker pass/fail OS Kernel measurer Boot block checker pass/fail Boot block measurer Firmware checker pass/fail Firmware measurer state Secure boot Authenticated boot 44

Boot integrity Secure boot Only authorized images can be booted Authenticated boot Access levels depend on booted image Android ios MeeGo Symbian Platform boot integrity Vendor-specific, verified boot Secure boot Secure boot, authenticated boot Secure boot 45

Platform data integrity Android ios MeeGo Symbian Platform data integrity Linux A/C, SELinux, UIDbased sandboxing Dedicated directory, code signing enforcement Linux A/C, Smack, IMA, EVM Dedicated directory IMA: Integrity measurement architecture EVM: Extended validation module (see An Overview of The Linux Integrity Subsystem ) 46

The big picture Recurring common themes Permission-based security architectures VAX /VMS privileges (~1970 s): adapted for applications Code signing (mid 1990 s): adapted for application installation /process isolation 47

The big picture Different choices in the design space lead to different architectures Open issues remain: can you think of some? More in Lecture 6 48

Platform security architecture Mobile Third-party library Third-party service System service System library User Platform Security Architecture Reference Monitor IPC Software isolation Developer Platform Provider Administrator System Updater Management Boot Verifier Secure Storage Provider Policy Database Database Legacy DAC Installer Loader Execution Protection HW Security API Centralized Marketplace Operator Auxiliary Marketplace Operator Boot Integrity Secure Storage Identification Isolated Execution Authentication Legend Role Platform Security Component Third-Party Software Component Hardware-Security Functionality

Hardware platform security Trusted Execution Environment HW Security API Boot Integrity Secure Storage Identification Isolated Execution Authentication

What is a TEE? Processor, memory, storage, peripherals Trusted Execution Environment Isolated and integrity-protected Chances are that: You have devices with hardware-based TEEs in them! But you don t have (m)any apps using them From the normal execution environment (Rich Execution Environment) 51

TEE overview 1. Platform integrity ( boot integrity ) 2. Secure storage 3. Isolated execution 4. identification 5. authentication REE App App Mobile OS TEE Trusted app Mobile device hardware Trusted OS Trusted app Verification root Cryptographic mechanisms certificate Identity Boot sequence Platform integrity Volatile memory Trusted application TEE mgmt layer key K D Non-volatile memory Secure storage and isolated execution Base identity identification pub key PK D authentication More information in the 2014 IEEE S&P article 52

Secure boot vs. authenticated boot OS Kernel checker OS Kernel measurer Boot block checker pass/fail Boot block measurer Firmware checker pass/fail Firmware measurer state Secure boot Why? How will you implement a checker? - hardcode H(Boot block checker) as reference value in checker (in Firmware)? Why? Authenticated boot State can be: - bound to stored secrets (sealing) - reported to external verifier (remote 54 attestation)

Boot code certificate Boot code hash Mobile device hardware TCB Platform integrity Certified by device manufacturer: Sig SK (H(boot code)) M manufacturer public key: PK M Legend Trust anchor (Hardware) Trust anchor (Code) TEE code External certificate Platform integrity Volatile memory Boot sequence Cryptographic mechanisms Launch boot code Verification root key K D Trusted Nonvolatile Stores measurements for (TA) authenticated boot memory TEE management Secure storage and isolated execution Base Signature identity verification algorithm identification 55

Legend Trust anchor (Hardware) Trust anchor (Code) TEE code External certificate Mobile device hardware TCB Secure storage Sealed-data = AuthEnc K (data...) D Volatile memory Boot sequence Verification root Cryptographic mechanisms Trusted (TA) TEE management Insecure Storage key K D Nonvolatile memory Base identity Protected memory Rollback protection Encryption algorithm Platform integrity Secure storage identification 56

Isolated execution Certified by device manufacturer TA code certificate TA code hash Mobile device hardware TCB Legend Trust anchor (Hardware) Trust anchor (Code) TEE code External certificate Volatile memory Boot sequence Verification root Cryptographic mechanisms Trusted (TA) key K D Nonvolatile memory Base identity Controls TA execution Platform integrity TEE management Secure storage and isolated execution identification TEE Entry from Rich Execution Environment 57

identification Multiple assigned identities (Certified by device manufacturer) Identity certificate Base identity Assigned identity Mobile device hardware TCB Legend Trust anchor (Hardware) Trust anchor (Code) TEE code External certificate Platform integrity Volatile memory Boot sequence Verification root Cryptographic mechanisms Trusted (TA) TEE management key K D Nonvolatile memory Secure storage and isolated execution Base identity One fixed device identity identification 58

authentication (and remote Mobile device hardware TCB attestation) External trust root Legend Trust anchor (Hardware) Trust anchor (Code) TEE code External certificate Verification root Cryptographic mechanisms Volatile memory Boot sequence Sign system state in remote attestation Platform integrity Trusted (TA) TEE management key K D Nonvolatile Used to protect/derive memory signature key Secure storage and isolated execution certificate Identity public key PK D Issued by device manufacturer authentication 59

Hardware security mechanisms (recap) 1. Platform integrity Secure boot Authenticated boot Identity certificate 2. Secure storage 3. Isolated execution Trusted Execution Environment (TEE) 4. identification 5. authentication Remote attestation Base identity Assigned identity Boot code certificate Boot code hash TA code certificate TA code hash External trust root Mobile device hardware TCB Legend Trust anchor (Hardware) Verification root Cryptographic mechanisms certificate Identity Trust anchor (Code) TEE code External certificate Boot sequence Platform integrity Volatile memory Trusted application TEE mgmt layer key K D Non-volatile memory Secure storage and isolated execution Base identity identification pub key PK D authentication Launch boot code TEE Entry from Rich Execution Environment 60

Rich execution environment (REE) App TEE API OS TEE system architecture App Trusted execution environment (TEE) Trusted app TEE entry Trusted app TEE management layer hardware and firmware with TEE support Architectures with single TEE ARM TrustZone TI M-Shield Smart card Crypto co-processor Trusted Platform Module (TPM) Architectures with multiple TEEs Intel SGX TPM (and Late Launch ) Hypervisor Figure adapted from: Global Platform. TEE system architecture. 2011. 61

Legend: SoC : system-on-chip OTP: one-time programmable TEE hardware realization alternatives TEE component External Peripherals Off-chip memory External Peripherals Off-chip Memory External Peripherals Off-chip Memory On-SoC On-SoC On-SoC RAM ROM Processor core(s) RAM ROM Processor core(s) RAM ROM Processor core(s) OTP Fields Internal peripherals OTP Fields Internal peripherals OTP Fields Internal peripherals On-chip Security Subsystem External Security Co-processor External Secure Element (TPM, smart card) Embedded Secure Element (smart card) Processor Secure Environment (TrustZone, M-Shield) Figure adapted from: Global Platform. TEE system architecture. 2011. 62

Did you learn: What techniques are used in mobile software platform security? What techniques are used in mobile hardware platform security? Is there a common general architecture? Contributors: Kari Kostiainen, N. Asokan, Sini Ruohomaa, Luca Davi, Ahmad-Reza Sadeghi 63

Plan for the course Lecture 1: Platform security basics Lecture 2: Case study Android Lecture 3: Mobile platform security Lecture 4: Hardware security enablers Lecture 5: Usability of platform security Extra lecture: IoT Security Invited lecture: SE Android policies Extra lecture: Machine learning and security Lecture 6: Summary and outlook 64

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback