|
Today's mobile phones are used for a myriad of new applications that involve storing sensitive data and providing such secure services as mobile payments. With phones storing more critical information than ever before, it is increasingly important to keep them safe from rogue software that can steal or abuse credit card numbers or encryption keys associated with valuable digital content.
Mobile phones require a trusted execution environment (EE) to guarantee that sensitive data is stored and processed without abuse. A trusted EE is a computing environment where execution takes place as expected. The Trusted Computing Group (TCG) uses the notion of behavioral reputation when it refers to "trusted computing" in its documents Trusted behavior is an essential element of security since it allows one to reason about the behavior of an EE with confidence, which in turn allows one to analyze the security aspects of the environment. Having a complete understanding of how to create and maintain a trusted EE will help make mobile phone applications like mobile payment more secure. Once customers, banks and businesses can fully trust that these applications are protected, adoption will increase.1
In the book "Security for Mobility," Chris J. Mitchell refers to the following as the main security services related to mobile computing: authentication, data integrity, data confidentiality and non-repudiation2. This paper will show how secure memory plays a critical role in offering these services as part of a trusted EE, including rich access control mechanism that supports multiple stakeholders.
Trusted Execution Environments
An EE is a collection of hardware and software components that defines a computing configuration. An EE can be a simple CPU with memory, or it could be a JAVA virtual machine running on top of an OS managing a processor and several peripherals. A trusted EE is a computing environment where execution takes place as expected. The TCG refers to this notion of behavioral reputation as trusted computing in its documents2, 3.
It is clear that behavioral reputation is required to provide secure services. The approach taken by TCG (Trusted Computing Group) and others to assess behavioral reputation is to define a secure boot process that verifies that a phone boots in a "trusted state." This trusted state is attained by checking the integrity of the code (OS and others) to be executed on the phone.
However, secure boot alone is not enough to provide a trusted EE, as the system may be attacked by rogue software after a secure boot. There are security holes in any large OS that rogue software can exploit. A runtime integrity check is recommended to confirm the integrity of the code [1]. These checks can take place periodically or before critical events in the system. However, runtime integrity checks can only detect attacks after they have taken place. This can reduce the damage, but it does not provide a trusted EE in the presence of rogue software.
Flash Memory-based Security
Many of the attacks on PCs and mobile phones can be traced to the attacker modifying data/code in the non-volatile memory. Flash memory-based security safeguards the memory against such attacks, preventing unauthorized modification to the Flash. Mobile phone devices using enhanced security in the base-band processor alone cannot prevent modification to the Flash. It can only detect modifications as part of integrity check. This detection may be too late in certain situations.
The TCG created the notion of a trusted platform module (TPM), that when integrated with a PC, provides improved hardware-based security in numerous applications1, 3. A TPM is a microcontroller that stores keys, passwords and digital certificates and is typically affixed to the motherboard of a PC. The Mobile Phone Working Group of the TCG extended this notion of TPM to the EE of a mobile device in its MTM standard. Unlike a TPM or MTM, Flash memory-based security does not just detect failure in integrity, but ensures that integrity is preserved under a reasonable threat model. This feature, called integrity protected memory, is very important to avert an attack on the phone's non-volatile memory. An MTM without Flash memory-based security can only detect the change to data/code, but cannot prevent it. The damage may be already done by the time the MTM detects the change in data/code.
Another important consequence of integrity-protected memory provided by Flash memory-based security is data availability. Other approaches to trusted EE focus on data confidentiality. For example, they make sure that a user's credit card number is not readable by rogue software. But they do not prevent a virus from deleting credit card numbers, resulting in thousands of customers not being able to use their phones to make mobile payments. Flash memory-based security provides both confidentiality and availability.
Flash memory-based security (See Figure 1), is a multichip package (MCP) that includes non-volatile memory (Flash memory) as well as a secure processor that provides hardware access control to the non-volatile memory. The secure processor also acts as a trusted EE for providing secure services in a mobile phone. The secure processor is ideal as a trusted EE since it is close to the non-volatile memory where all the assets like integrity-protected code, data and keys are stored. Since it is also an isolated environment that only executes software provided as part of Flash memory-based security, it is not subject to attacks like buffer overflow.
Figure 1. Flash memory-based security embedded in a mobile phone
|
