omtp davidrogers … · 2009. 1. 13. · omtp security whitepaper: mobile handset security:...
Post on 29-Jul-2021
3 Views
Preview:
TRANSCRIPT
OMTP Security Recommendations and the Advanced Trusted Environment: OMTP TR1
© OMTP All rights reserved Slide 1
TR1
David Rogers, Director of External Relationsdavid.rogers@omtp.org4th ETSI Security Workshop 13 - 14 January 2009 - ETSI, Sophia Antipolis, France
OMTP – Who are we?
Sponsor members
Office
Tim Raby
© OMTP All rights reserved Slide 2
Operator members
Advisor members
Tim Raby– Chief Executive Officer
Nick Allott– Chief Technical Officer
Tim Haysom– Chief Marketing Officer
David Rogers – Director of External Relations
Geoff Preston – Consultant
Barbara Giunchi-Burr- Office Manager
Stefan Engel-Flechsig- Legal Manager
OMTP Mission
Increasing use of mobile applicationsand data services
© OMTP All rights reserved Slide 3
Making life easier, less complicated and less confusing for customers
Championing consistency to simplifycross platform application development
Basic & Advanced Device Management
•Recommended Practices for Connected Applications•Browser•VOIP Management•Anti-Virus Client Requirements•Signing Schemes Requirements•Incident Handling
Operator
Displays
Cameras
+331234567
Dial number:
VOIP Caller
Contacts:
BarryBasilCatherineCorinne
Scanning....
Virus found!
Anti-Virus
Local Bluetooth Connectivity
OMTP Published Recommendations
© OMTP All rights reserved Slide 4
Local Connectivity: Wired Analogue Audio
Positioning Enablers
Requirements for OMA DRMv2 Enabled Terminals
• Local Connectivity: Charging & Data• Data Transfer
•Incident Handling
•Codecs•Basic & Advanced Trusted Environment
•Application Security Framework•Application Framework•Legacy Support for IM & Presence•IMS
AED
85BCEF
F019
UICC
Vendors
PRODUCT PROFILE
• Self certified statement of
Requirements
Product Profile
© OMTP All rights reserved Slide 5
• Self certified statement of compliance
• Economies of scales• once for all operators
• Clear indication of requirement fill
• Marketing – logo rights, public visibility
• Available to non membersOperators
To consistently and securely open up access
New Mobile Web Initiative
© OMTP All rights reserved Slide 6
open up accessto device and
network resident capabilitiese.g. contacts, location, presence, voice calls, messaging
http://www.omtp.org/bondi
Security and Trust within OMTP
© OMTP All rights reserved Slide 7
Security and Trust within OMTP
© OMTP All rights reserved Slide 8
Lifecycle of Handset Security
Protection
Application Security Framework
BONDI Security
Trusted Environment
Advanced Trusted Environment
Signing Schemes
© OMTP All rights reserved Slide 9
DetectionReaction
Advanced Device Management
Incident Handling
Threats to Embedded Consumer Devices
© OMTP All rights reserved Slide 10
If ignorant both of your enemy and yourself, you are certain to be in peril.Sun Tzu
Analysing Threats• Threat Classification
• What threats are relevant?– Have they changed in nature due to
technology etc.
• What does the attack do to the device?
• How difficult is it?
© OMTP All rights reserved Slide 11
• How difficult is it?– To repeat– To distribute– Expertise
• Current situation for hackers:
The real embedded ‘hacking’ is extremely difficult! However, if you can create a tool that you control and that can be used by many....
== reward (££££)!
== motivation!
Attack Methods – Some Examples• Applicable to nearly all embedded consumer devices!
• Probing the PCB
• J-TAG debugging and monitoring – extract flash device data and software build
– Relatively easy (used to be hard due to cost of technology)
• Exploitation of software flaws– Requires extensive debugging and manipulation by the hacker
© OMTP All rights reserved Slide 12
– Requires extensive debugging and manipulation by the hacker
• Exploiting hardware glitches or mistakes– Often induced by the hacker
• Monitoring busses to capture or inject data
• Decapping of devices using Nitric Acid– Probing inside devices – Focused Ion Beam attack– can manipulate data within the devices on the phone– Very difficult!
This process takes months of development and cumulated years of research:
the financial end justifies the means
This process takes months of development and cumulated years of research:
the financial end justifies the means
• OMTP assesses and references many different standards
• Avoids duplication
• Reduces fragmentation in the market
• Ensure good recommendations and requirements
Industry Initiatives and Standards
© OMTP All rights reserved Slide 13
• Some other organisations involved in mobile security:
Handset Embedded Security Evolution
EICTA / GSMA 9 Principles
OMTP Trusted Environment: OMTP TR0
OMTP Advanced Trusted Environment: OMTP TR1
TCG MPWG Specification
Fragmented Security
© OMTP All rights reserved Slide 14
2002 2003 2004 2005 2006 2007 2008 2009 2010
GSMA Pay-Buy-Mobile
Fragmented Security
Advanced Trusted Environment (TR1)
The art of war teaches us to rely not on the likelihood of the enemy's not
© OMTP All rights reserved Slide 15
The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.Sun Tzu
Overview to TR1
• Enhances the Basic Trusted Environment
• New and expanded threat model
• Protects the Application Security Framework on a device
• Different profiles for different levels of security in the handset
• Enables high security platforms and devices
© OMTP All rights reserved Slide 16
• Enables high security platforms and devices
• The grounding for future high security services on mobile phones
TR1 EnablersCore Enablers
Extended EnablersTrusted Execution
EnvironmentSecure Storage
© OMTP All rights reserved Slide 17
Implementation Examples
• M-Commerce, Broadcast, Device Management
• Any high security service that could be deployed on a device!
Generic Bootstrapping Architecture
Run-time Integrity Checking
Secure User Input / Output
Secure Interaction of
UICC and Mobile
Flexible Secure Boot
Summary• TR1 gives an increase in the underlying security and trust in mobile
terminals for at least the next few years
• Deployment of high security services on mobile phones will be possible and updateable
• A common agreement on the correct way forward for mobile security and trusted environments
– Chipset vendors
© OMTP All rights reserved Slide 18
– Chipset vendors– Manufacturers– Middleware platform providers– Operators– OS vendors– Silicon platform providers
• OMTP Advanced Trusted Environment: TR1 is now published and a further version due in 2009
Reduction in hacking attempts? – No
Reduction in successful hacks? – Yes
© OMTP All rights reserved Slide 19
Additional Information
© OMTP All rights reserved Slide 20
Additional Information
Secure Storage
• What is it?– A set of recommendations for securely storing sensitive objects on a
terminal whilst maintaining integrity and confidentiality properties
• What does it protect?– Data and Keys requiring secure storage
© OMTP All rights reserved Slide 21
• How does it work?– A facility on the device, that could be used with the Trusted Execution
Environment– Manages the storage and retrieval of secure data– Protects data when being transferred between memories
Trusted Execution Environment
• What is it?– A set of recommendations for providing the secure hardware and
software facilities to support secure execution of applications.
• What does it protect?– Anything that needs to securely execute! For that:
� memory , execution and application management� communications between execution environments
© OMTP All rights reserved Slide 22
� communications between execution environments � APIs and Instruction Set Architecture
– all at a very low level in the device
• How does it work?– is isolated from normal execution environment(s) (EEs)– Small size – higher level of integrity checking– Can service the user or other EEs
Run-time Integrity Checking
• What is it?– a mechanism for ensuring that the device is doing what it should be doing
and that the integrity of critical data stored on the handset is ok.
• What does it protect?– Data stored on the handset that may be tampered with such as:
� IMEI, SIMlock state etc...
© OMTP All rights reserved Slide 23
• How does it work?– Effectively ‘Polices’ the handset– Monitors data on the device for modification– Looks at suspicious events such as unexpected change– Logs event data– Escalates issues for action
Secure User Input / Output
• What is it?– A set of requirements to ensure that anything that is presented to the
user via an interface, for example a transaction amount displayed on a screen is authentic and not from another (rogue) application.
• What does it protect?– Primarily: the user
© OMTP All rights reserved Slide 24
– Primarily: the user– Any input:– Microphone, keypad entry (eg: PIN), biometrics– Any output:– decoded protected DRM content, displayed information (e.g. prompts)
• How does it work?– Ensures that asset security properties are valid– Protects drivers and codecs on the device from being abused– Prevents attacks such as driver hooking, keylogging etc.
Generic Bootstrapping Architecture
• What is it?– a method of using the existing security relationship between the USIM of
the user and the network for application layer purposes.
• What does it protect?– Already used to protect MBMS (Multimedia Broadcast)– It is not ‘protection’ but a facility that could be used for other applications
© OMTP All rights reserved Slide 25
– It is not ‘protection’ but a facility that could be used for other applications such as IMS services (e.g. presence)
– Could provide keying material for the secure UICC / ME link
• How does it work?– Primary aim is to establish keys for application security– The handset goes through the bootstrapping procedure– Secure application layer communications enabled
Flexible Secure Boot
• What is it?– the process of ensuring the integrity of the software code base on the
phone at boot-time and allowing new code to be updated on the device securely over-the-air or via cable – an extremely security sensitive operation.
• What does it protect?
© OMTP All rights reserved Slide 26
• What does it protect?– The initial state of the handset – the root of trust– Ensures the phone has not been modified while it was ‘off’– Ensures that the manufacturer can update the core software of the phone
securely
• How does it work?– Verifies the integrity of the code base on the device
at boot-time– Checks authenticity and integrity of updates– Acts as a ‘gatekeeper’ for code on the device
Secure Interaction of UICC and Mobile
• What is it?– A mechanism for ensuring that data transmitted between the handset and
UICC is secure and has not been tampered with or changed.
• What does it protect?– Allows the UICC to ratify the trustworthiness of the device– Future applications such as:
© OMTP All rights reserved Slide 27
– Future applications such as:� Mobile ticketing� Broadcast� SIM-based DRM
• How does it work?– Handset and UICC are authenticated– Handset applications can securely access the facilities of UICC– Allows exchange of sensitive information between the handset and UICC– Enables use cases and facilitates other parts of TR1:
� Secure User Input / Output� M-Commerce
Contact Details and Links:David RogersDirector of External Relationsdavid.rogers@omtp.org
OMTP BONDI:http://www.omtp.org/bondi
OMTP Published Security Related Recommendations:Advanced Trusted Environment: OMTP TR1http://www.omtp.org/Publications/Display.aspx?Id=24ad518b-6dba-4155-ad51-3143bd43a234
Security Threats on Embedded Consumer Deviceshttp://www.omtp.org/Publications/Display.aspx?Id=c5a1758c-84fe-4ee1-a88d-dff9d6044175
UICC/(U)SIM
© OMTP All rights reserved Slide 28
UICC/(U)SIMhttp://www.omtp.org/Publications/Display.aspx?Id=4f9ec3d3-c0a7-4875-9458-0156cb9df3c9#
Application Security Frameworkhttp://www.omtp.org/Publications/Display.aspx?Id=c4ee46b6-36ae-46ae-95e2-cfb164b758b5
Signing Schemes Requirementshttp://www.omtp.org/Publications/Display.aspx?Id=f1db6eac-0cbc-4aea-9452-5da24076b198
Trusted Environment: OMTP TR0http://www.omtp.org/Publications/Display.aspx?Id=03f37406-be24-424b-b177-dd0cb9dbc719
Other OMTP Recommendations:http://www.omtp.org/Publications.aspx
OMTP Security Whitepaper:Mobile Handset Security: Securing Open Devices and Enabling Trust http://www.omtp.org/pdf/presentations_whitepapers/OMTP%20Security%20Whitepaper.pdf
top related