Jan-Erik Ekberg
ABSTRACT
In this paper we present a software-based implementation of a Mobile Remote Owner Trusted Module, using security extensions of contemporary System-On-Chip architectures. An explicit challenge are the constrained resources of such on-chip mechanisms. We expose a software architecture that minimizes the code and data size of the MRTM, applying some novel approaches proposed in recent research. Additionally, we explore alternatives within the specification to further optimize the size of MTMs. We present an analysis of specific new security issues induced by the architecture. Performance figures for an on-the-market mobile handset are provided. The results clearly indicate that a software-based MRTM is feasible on modern embedded hardware with legacy security environments.
- Embedded XEN. http://sourceforge.net/projects/embeddedxen/.Google Scholar
- Keylength.com -- Cryptographic Key Length Recommendation, http://www.keylength.com.Google Scholar
- XEN Hypervisor. http://xen.org/.Google Scholar
- ARM. TrustZone-enabled processor. http://www.arm.com/pdfs/DDI0301D_arm1176jzfs_r0p2_trm.pdf.Google Scholar
- Stefan Berger, Ramón Cáceres, Kenneth A. Goldman, Ronald Perez, Reiner Sailer, and Leendert van Doorn. vTPM: virtualizing the trusted platform module. In USENIX-SS'06: Proceedings of the 15th conference on USENIX Security Symposium, Berkeley, CA, USA, 2006. USENIX Association. Google ScholarDigital Library
- Kurt Dietrich. An integrated architecture for trusted computing for java enabled embedded devices. In STC'07: Proceedings of the 2007 ACM workshop on Scalable trusted computing, pages 2--6, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- Thomas Eisenbarth, Tim Güneysu, Christof Paar, Ahmad-Reza Sadeghi, Dries Schellekens, and Marko Wolf. Reconfigurable trusted computing in hardware. In STC'07: Proceedings of the 2007 ACM workshop on Scalable trusted computing, pages 15--20, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- Jan-Erik Ekberg and Markku Kylänpää. Mobile Trusted Module (MTM) -an introduction. http://research.nokia.com/files/NRCTR2007015.pdf.Google Scholar
- Jan-Erik Ekberg and Markku Kylänpää. MTM implementation on the TPM emulator. http://mtm.nrsec.com/.Google Scholar
- Joo-Young Hwang, Sang-Bum Suh, Sung-Kwan Heo, Chan-Ju Park, Jae-Min Ryu, Seong-Yeol Park, and Chul-Ryun Kim. Xen on ARM: System Virtualization Using Xen Hypervisor for ARM-Based Secure Mobile Phones. In Consumer Communications and Networking Conference, 2008. CCNC 2008. 5th IEEE, pages 257--261, January 2008.Google Scholar
- Klaus Kursawe and Dries Schellekens. Flexible μTPMs through disembedding. In ASIACCS'09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pages 116--124, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- Dries Schellekens, Pim Tuyls, and Bart Preneel. Embedded Trusted Computing with Authenticated Non-volatile Memory. In Trust '08: Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies, pages 60--74, Berlin, Heidelberg, 2008. Springer--Verlag. Google ScholarDigital Library
- Andreas U. Schmidt, Nicolai Kuntze, and Michael Kasper. On the deployment of Mobile Trusted Modules, 2007.Google Scholar
- Jay Srage and Jerome Azema. M-Shield Mobile Security Technology, 2005. TI White paper. http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf.Google Scholar
- Mario Strasser and Heiko Stamer. A Software-Based Trusted Platform Module Emulator. In Trust '08: Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies, pages 33--47, Berlin, Heidelberg, 2008. Springer-Verlag. Google ScholarDigital Library
- Harini Sundaresan. OMAP platform security features, July 2003. TI White paper. http://focus.ti.com/pdfs/vf/wireless/platformsecuritywp.pdf.Google Scholar
- Trusted Computing Group. Mobile Trusted Module (MTM) Specification. Version 1.0 Revision 6, 26 June 2008, http://www.trustedcomputinggroup.org/resources/mobile_phone_work_group_%mobile_trusted_module_specification_version_10.Google Scholar
- Trusted Computing Group. TCG Mobile Reference Architecture Specification. Version 1.0 Revision 1, 12 June 2007 http://www.trustedcomputinggroup.org/resources/mobile_phone_work_group_%mobile_reference_architecture.Google Scholar
- Trusted Computing Group. TCG Software Stack (TSS). Specification Version 1.2 Level 1 Errata A, 7 March 2007, http://www.trustedcomputinggroup.org/resources/tcg_software_stack_tss_s%pecification.Google Scholar
- Trusted Computing Group. Trusted Platform Module (TPM) Main Specification. Version 1.2 Revision 103, 9 July 2007, http://www.trustedcomputinggroup.org/resources/tpm_main_specification.Google Scholar
- Johannes Winter. Trusted computing building blocks for embedded linux-based ARM trustzone platforms. In STC'08: Proceedings of the 3rd ACM workshop on Scalable trusted computing, pages 21--30, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- Xinwen Zhang, Onur Acıiçmez, and Jean-Pierre Seifert. A trusted mobile phone reference architecturevia secure kernel. In STC'07: Proceedings of the 2007 ACM workshop on Scalable trusted computing, pages 7--14, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
Index Terms
- Trust in a small package: minimized MRTM software implementation for mobile secure environments
Recommendations
On-board credentials with open provisioning
ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications SecuritySecurely storing and using credentials is critical for ensuring the security of many modern distributed applications. Existing approaches to address this problem fall short. User memorizable passwords are flexible and cheap, but they suffer from bad ...
Compact and unified hardware architecture for SHA-1 and SHA-256 of trusted mobile computing
This paper presents a compact and unified hardware architecture implementing SHA-1 and SHA-256 algorithms that is suitable for the mobile trusted module (MTM), which should satisfy small area and low-power condition. The built-in hardware hash engine in ...
Breaking the Trust Dependence on Third Party Processes for Reconfigurable Secure Hardware
FPGA '19: Proceedings of the 2019 ACM/SIGDA International Symposium on Field-Programmable Gate ArraysModern CPU designs are beginning to incorporate secure hardware features, but leave developers with little control over both the set of features and when and whether updates are available. Reconfigurable logic (e.g., FPGAs) has been proposed as an ...
Comments