Difference between revisions of "Security"

From MILEDROPEDIA
Jump to: navigation, search
(Useful literarure)
m (M-Shield)
 
(25 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
Security of Motorola Droid-family phones based on two important technologies:
 
Security of Motorola Droid-family phones based on two important technologies:
  
* eFuse cells for one-time blowing to increment counter for security purposes
+
* '''eFuse''' cells for one-time blowing to increment counter for security purposes
* M-Shield protection, solution from Texas Instruments special for cellular networks (similar as SecureShield from Quallcomm)
+
* '''M-Shield''' protection, solution from Texas Instruments special for cellular networks (similar as SecureShield from Quallcomm)
 +
* '''L3 firewall''' protection for managing mandatory access for devices in OMAP SoC
  
=== M-Shield ===
+
=== [[eFuse]] ===
 +
=== [[L3 firewall]] ===
 +
 
 +
=== [[M-Shield]] ===
  
 
This is an extended implementation of MTM (Mobile Trusted Module) of Trusted Computing Group,
 
This is an extended implementation of MTM (Mobile Trusted Module) of Trusted Computing Group,
 
based on reference design of MTM, and embedded into OMAP chip. Also it support TrustZone ARM technology.
 
based on reference design of MTM, and embedded into OMAP chip. Also it support TrustZone ARM technology.
 
It's located on it's own ROM/RAM and in M-Shield only software emulation - see TrustZone specification.
 
It's located on it's own ROM/RAM and in M-Shield only software emulation - see TrustZone specification.
Both, Secure and Insecure world are running on one core.  
+
Both, Secure and Insecure world are running on one core.
From insecure world it's called by the **SMC** ARM instruction
+
From insecure world it's called by the '''SMC''' ARM instruction.
 +
Here all info about SMC module: [[Secure Monitor]]
  
Here is full TrustZone description - [[File:prd29-genc-009492c_trustzone_security_whitepaper.pdf|TrustZone white paper]]
+
==== OMAP3430 ====
 
+
In our target device, the native handset boot starts exe-
+
cuting from an on-chip ROM, which in turns loads a signed
+
bootloader and executes it on successful verification. The
+
M-Shield architecture additionally includes on-chip RAM to
+
be used by so-called protected applications. These can either
+
persistently be present on an on-chip ROM, or be uploaded
+
to on-chip RAM as signed binaries. The system implements
+
a firewall/monitor entry point for executing these applica-
+
tions, and this firewall takes care of disabling or clearing all
+
security-critical processor features (interrupts, DMA, VM)
+
for the duration of the TrEE invocation. In this manner
+
the system provides hardware-enforced isolation for the pro-
+
tected applications. The on-chip
+
protected applications have access to a limited amount of
+
persistent secret data (like a device-specific symmetric key)
+
and to cryptographic accelerator primitives.
+
 
+
 
+
[http://www.trusted-logic.com/spip.php?rubrique6&from=15]
+
 
+
[[File:sheme.gif]]
+
[[File:2007_06-nokia-figure-2.gif]]
+
[[File:arch_1.jpg]]
+
 
+
# ROM to store the program code or a mechanism by which the integrity of code uploaded to the secure environment can be validated (code signing).
+
# a shielded location (secure RAM) for the loaded state, as well as for run-time data.
+
# an isolated execution environment (TrEE) for the program code with access to the shielded data location.
+
# a device-specific, persistent secret to seed the RTS. The confidentiality (access control) of the secret can e.g. be bound to the secure environment itself.
+
# a simple (I/O) library for use in the isolated environment, including cryptographic primitives and random number generation necessary for a MTM.1
+
 
+
== Definitions ==
+
  
 
{| border="1" cellpadding="0" cellspacing="0" style="border: 1px solid #cccccc;"
 
{| border="1" cellpadding="0" cellspacing="0" style="border: 1px solid #cccccc;"
! Abbreviation
+
! Normal World
! Meaning
+
! Secure World
 
|-
 
|-
| '''AKI'''
+
| 32Kb on-chip ROM
| Attestation Identity Key
+
| 64Kb on-chip Secure ROM
 
|-
 
|-
| '''EK'''
+
| 32Kb on-chip SRAM
| Endorcement Key
+
| 32Kb on-chip Secure SRAM
|-  
+
| '''DAA'''
+
| Direct Anonymous Attestation
+
|-
+
| '''DRTM'''
+
| Dynamic Root of Trust Management
+
|-
+
| '''MTM'''
+
| Mobile Trusted Module
+
|-
+
| '''RIM'''
+
| Reference Integrity Metric
+
|-
+
| '''RTE'''
+
| Root of Trust for Enforcement
+
|-
+
| '''RTR'''
+
| Root of Trust for Reporting
+
|-
+
| '''RTS'''
+
| Root of Trust for Storage
+
|-
+
| '''RTV'''
+
| Root of Trust for Verification
+
|-
+
| '''RVAI'''
+
| Root Verification Authority Information
+
|-
+
| '''SRK'''
+
| Storage Root Key, is used to protect local data (keys e.g)
+
 
|}
 
|}
  
 +
== [[Secure Services]] ==
  
 +
OMAP3430 have various number of secure services
  
Listing 1: Structure for symmetric SRK
+
== [[Trust Zone]] ==
<pre>
+
// 128 bits key length                       
+
#define SRK KEYLENGTH 16 
+
                                                 
+
typedef struct tdTPM KEY SRK {
+
  TPM STRUCT VER ver;
+
  TPM KEY USAGE keyUsage;
+
  TPM KEY FLAGS keyFlags;
+
  TPM AUTH DATA USAGE authDataUsage;
+
  TPM KEY PARMS algorithmParms;
+
  TPM SECRET usageAuth;
+
  UINT32 PCRInfoSize;
+
  TPM PCR INFO pcrInfo;
+
  BYTE symKey[SRK KEYLENGTH];
+
} TPM KEY SRK;
+
// Size of TPM KEY SRK in bytes: 123
+
</pre>
+
Listing 2: Structure for loaded asymmetric key
+
<pre>
+
typedef struct tdTPM KEY LOADED {
+
TPM STRUCT VER ver;
+
TPM KEY USAGE keyUsage;
+
TPM KEY FLAGS keyFlags;
+
TPM AUTH DATA USAGE authDataUsage;
+
TPM KEY PARMS algorithmParms;
+
TPM KEY PARMS algorithmParms;
+
UINT32 PCRInfoSize;
+
UINT32 PCRInfoSize;
+
TPM PCR INFO pcrInfo;
+
TPM STORE ASYMKEY keyData;
+
} TPM KEY LOADED;
+
// Size of TPM KEY LOADED in bytes: 551
+
</pre>
+
**COMPRESSED STRUCTURES**
+
<pre>
+
typedef struct tdTPM PCR ATTRIBUTES {
+
  BOOL pcrReset;
+
} TPM PCR ATTRIBUTES;
+
 
+
// Size of TPM PCR ATTRIBUTES in bytes: 1
+
typedef struct tdTPM PERMANENT FLAGS {
+
  TPM STRUCTURE TAG tag;
+
  BOOL disable;
+
  BOOL FIPS;
+
 
+
  BOOL readSRKPub;
+
} TPM PERMANENT FLAGS;
+
 
+
// Size of TPM PERMANENT FLAGS in bytes: 5
+
typedef struct tdTPM STCLEAR FLAGS {
+
  TPM STRUCTURE TAG tag;
+
  BOOL deactivated;
+
} TPM STCLEAR FLAGS;
+
 
+
// Size of TPM STCLEAR FLAGS in bytes: 3
+
typedef struct tdTPM STANY FLAGS {
+
  TPM STRUCTURE TAG tag;
+
  BOOL postInitialise;
+
} TPM STANY FLAGS;
+
 
+
// Size of TPM STANY FLAGS in bytes: 3
+
#define TPM SESSIONS 2
+
typedef struct tdTPM STANY DATA {
+
  TPM STRUCTURE TAG tag;
+
  TPM SESSION DATA sessions[TPM SESSIONS];
+
} TPM STANY DATA;
+
 
+
// Size of TPM STANY DATA in bytes: 98
+
#define TPM NUM COUNTER 1
+
#define TPM NUM PCR 16
+
 
+
typedef struct tdTPM PERMANENT DATA {
+
  TPM STRUCTURE TAG tag;
+
  BYTE revMajor;
+
  BYTE revMinor;
+
  TPM NONCE tpmProof;
+
  TPM KEY srk;
+
  TPM COUNTER VALUE monotonicCounter[TPM NUM COUNTER];
+
  TPM PCR ATTRIBUTES pcrAttrib[TPM NUM PCR];
+
} TPM PERMANENT DATA;
+
 
+
// Size of TPM PERMANENT DATA in bytes: 173
+
typedef struct tdTPM STCLEAR DATA {
+
  TPM STRUCTURE TAG tag;
+
  TPM COUNT ID countID;
+
  TPM PCRVALUE PCR[TPM NUM PCR];
+
} TPM STCLEAR DATA;
+
// Size of TPM STCLEAR DATA in bytes: 326
+
</pre>
+
 
+
We have SMC2.7 version of Secure Monitor OS
+
 
+
Software Emulators:
+
  * MTM Emulator - http://mtm.nrsec.com/
+
  * TroUserS http://trousers.sourceforge.net/ (http://sourceforge.net/projects/trousers/)
+
  * http://tpm-emulator.berlios.de/
+
 
+
=== We very need this files! ===
+
 
+
http://inderscience.metapress.com/app/home/contribution.asp?referrer=parent&backto=issue,1,6;journal,2,5;linkingpublicationresults,1:121008,1
+
 
+
=== Useful literarure ===
+
 
+
# '''Patent description''' with nice graphics [http://www.faqs.org/patents/app/20090320110]
+
 
+
# http://droid-developers.org/files/m-shield/NRCTR2007015.pdf
+
 
+
# '''MCM Specification''' http://droid-developers.org/files/m-shield/87852F33-1D09-3519-AD0C0F141CC6B10D.pdf
+
 
+
# '''Trusted Mobile Reference Architecture''' http://droid-developers.org/files/m-shield/644597BE-1D09-3519-AD5ADDAFA0B539D2.pdf
+
 
+
# '''MTM Use cases''' http://droid-developers.org/files/m-shield/6443B207-1D09-3519-AD3180491A6DF1F5.pdf
+
 
+
=== Other Staff (needed to be cleared) ===
+
 
+
Work history
+
Motorola June 2005 to the present
+
Senior Software Engineer
+
 
+
tags: c • stracore • tms320c55x+
+
How would you describe your time at Motorola?
+
 
+
    1. Implementation of Alternate Linear Output Equalizer (ALOE) for GSM handsets.
+
    Tools: Code Composer Studio (CCS), Freescale code warrior simulation tool.
+
    Language: TMS320C55x+ Algebraic Assembly, STARCORE ASSEMBLY
+
    Description: The ALOE algorithm is aimed at improving co-channel performance of the handset over the conventional GSM equalizers. The new algorithm gives 13 dB improvements over the conventional MLSE method.
+
    The implementation of this algorithm involved the coding in TMS320C55x+ Algebraic Assembly using CCS tool. And implementation is targeted to have lesser MIPS and better precision results. The algorithm testing is done with legacy starcore reference code.
+
 
+
    2. Implementation of G728 speech codec with FIXED POINT, 32/16 bit data paths.
+
    Tools: Freescale code warrior simulation tool.
+
    Language: C, STARCORE ASSEMBLY
+
    Description: The G728 speech codec adhering to the ITUT standards is implemented using fixed point 16 bit and 32 bit data paths. The 16 bit fixed point data path is bit complaint with ITUT standard provided testvectors.The work involved is implementation, integration and Testing of entire G728 codec of 32 bit and 16 bit precisions and analysis with fixed point arithmetic using C language. And then porting the C code to the STARCORE architecture and also porting to starcore assembly to meet the MIPS criterion. The code is implemented in C and then star core assembly coded to meet MIPS criterion.
+
 
+
    3. Development and Testing of Sync Detection, AFC, and sensitivity improvement algorithms.
+
    Tools: Matlab Freescale code warrior simulation tool.
+
    Language: C, STARCORE ASSEMBLY
+
    Description: The IDEN (similar to GSM) system has RF modem part which has Transmitter and Receiver. The Receiver is to demodulate the received Quad QAM data into in-Phase and Quadrature symbols, by applying sub channel demodulation, time synchronization, automatic frequency control, pilot interpolation and data decoding algorithms.
+
    The work involved implementation of AFC using the 1st order loop and synchronization using WLS algorithm and sensitivity improvement algorithm using 4-F Doppler mutipath fading modeling .The implementation of all these algorithms are on C, and STARCORE ASSEMBLY using the freescale code warrior tools....
+
   
+
 
+
RNG, DES/3DESx2, SHA1/MD5x2, AESx2, Fast PKA (Safenet EIP-29), e-fuse
+
 
+
On-Chip Memory:
+
96 Kbytes ROM, 64 Kbytes SRAM
+
 
+
M-Shield Hardware Security Technology
+
 
+
Integrated into TI's OMAP and OMAP-Vox platforms, M-Shield hardware security technology is a complete infrastructure for mobile platform robustness that includes:
+
 
+
    * Hardware cryptographic accelerators and randon number generator
+
    * Public key infrastructure with secure on-chip keys (e-fuse)
+
    * Secure booting and flashing
+
    * Secure access/restriction to all chip peripherals and memories
+
    * Secure DMA transfers
+
    * Hardware-based countermeasures against software attacks and cloning
+
    * Secure protection of debug, trace, and test capabilities
+
    * Hardware-reinforced secure execution and storage environment (Secure Environment) embedding:
+
          o A Secure State Machine
+
          o Secure RAM for sensitive authorized application execution and secure data storage
+
          o Secure ROM with 100+ accessible by authorized applications (Protected Applications)
+
          o Secure storage mechanism
+
 
+
M-Shield hardware security technology is operating system-independent and not sensitive to software attacks. And once it is available, ARM® TrustZone™ hardware extensions will be incorporated and strengthened.
+
M-Shield Software Security Technology
+
 
+
M-shield software security technology is the key software-based security element of OMAP Platforms and OMAP-Vox devices, built on top of and strengthened by M-Shield Hardware technology. This software security encompasses:
+
 
+
    * Secure signing and flashing tools
+
    * IMEI and SIMlock protection software on OMAP-Vox devices
+
    * Toolkits for development and signature of protected applications running in a secure environment
+
    * Security Middleware Component with associated Protected Applications and SDKs
+
    * Security packs to strengthen HLOS security
+
 
+
Additionally, the M-shield Security Middleware Component (SMC) provides sets of standard APIs that solve the problems of de-fragmentation and porting complexity:
+
 
+
    * Software reuse across platform generations as APIs on current platforms can continue to be utilized
+
    * SMC APIs are compatible with ARM® TrustZone™ software APIs
+
          o Applications can call specific secure services ported on SMC using ARM TrustZone API
+
          o Applications can use secure storage and standard PKCS#11 APIs for cryptography
+
          o Native secure services can use standard PKCS#11 APIs
+
          o Interpreted secure services can use GlobalPlatform GPD/STIP mobile profile standard APIs
+
    * Applications developed on TI's M-shield mobile security technology today will run binary compatible on devices incorporating an ARM core with TrustZone hardware extensions
+
    * Services developed today using ARM TrustZone software API will run on TI devices with M-Shield mobile security technology
+
  
Some info about eFuse in OMAP - http://elinux.org/OMAP_Power_Management/SmartReflex
+
See [[Trust Zone]] page for details
  
All Secure ROM soultion based on Synopsys products http://www.synopsys.com/Tools/SLD/CapsuleModule/vp_ti_ss.pdf
 
  
http://www.freepatentsonline.com/y2005/0228980.html
+
[[Category:Security]]

Latest revision as of 20:36, 4 February 2012

Introduction

Security of Motorola Droid-family phones based on two important technologies:

  • eFuse cells for one-time blowing to increment counter for security purposes
  • M-Shield protection, solution from Texas Instruments special for cellular networks (similar as SecureShield from Quallcomm)
  • L3 firewall protection for managing mandatory access for devices in OMAP SoC

eFuse

L3 firewall

M-Shield

This is an extended implementation of MTM (Mobile Trusted Module) of Trusted Computing Group, based on reference design of MTM, and embedded into OMAP chip. Also it support TrustZone ARM technology. It's located on it's own ROM/RAM and in M-Shield only software emulation - see TrustZone specification. Both, Secure and Insecure world are running on one core. From insecure world it's called by the SMC ARM instruction. Here all info about SMC module: Secure Monitor

OMAP3430

Normal World Secure World
32Kb on-chip ROM 64Kb on-chip Secure ROM
32Kb on-chip SRAM 32Kb on-chip Secure SRAM

Secure Services

OMAP3430 have various number of secure services

Trust Zone

See Trust Zone page for details