security [And Developers]

Introduction

Security of Motorola Droid-family phones based on two important technologies:

eFuse cells for one-time blowing to increment counter for security purposes
M-Shield protection, solution from Texas Instruments special for cellular networks (similar as SecureShield from Quallcomm)

This is an extended implementation of MTM (Mobile Trusted Module) of Trusted Computing Group, based on reference design of MTM, and embedded into OMAP chip. Also it support TrustZone ARM technology. It's located on it's own ROM/RAM and in M-Shield only software emulation - see TrustZone specification. Both, Secure and Insecure world are running on one core. From insecure world it's called by the SMC ARM instruction

Here is full TrustZone description - TrustZone white paper

In our target device, the native handset boot starts exe- cuting from an on-chip ROM, which in turns loads a signed bootloader and executes it on successful verification. The M-Shield architecture additionally includes on-chip RAM to be used by so-called protected applications. These can either persistently be present on an on-chip ROM, or be uploaded to on-chip RAM as signed binaries. The system implements a firewall/monitor entry point for executing these applica- tions, and this firewall takes care of disabling or clearing all security-critical processor features (interrupts, DMA, VM) for the duration of the TrEE invocation. In this manner the system provides hardware-enforced isolation for the pro- tected applications. The on-chip protected applications have access to a limited amount of persistent secret data (like a device-specific symmetric key) and to cryptographic accelerator primitives.

http://www.trusted-logic.com/spip.php?rubrique6&from=15

ROM to store the program code or a mechanism by which the integrity of code uploaded to the secure environment can be validated (code signing).
a shielded location (secure RAM) for the loaded state, as well as for run-time data.
an isolated execution environment (TrEE) for the program code with access to the shielded data location.
a device-specific, persistent secret to seed the RTS. The confidentiality (access control) of the secret can e.g. be bound to the secure environment itself.
a simple (I/O) library for use in the isolated environment, including cryptographic primitives and random number generation necessary for a MTM.1

Definitions

Abbreviation	Meaning
AKI	Attestation Identity Key
EK	Endorcement Key
DAA	Direct Anonymous Attestation
DRTM	Dynamic Root of Trust Management
MTM	Mobile Trusted Module
RIM	Reference Integrity Metric
RTE	Root of Trust for Enforcement
RTR	Root of Trust for Reporting
RTS	Root of Trust for Storage
RTV	Root of Trust for Verification
RVAI	Root Verification Authority Information
SRK	Storage Root Key, is used to protect local data (keys e.g)

Listing 1: Structure for symmetric SRK

// 128 bits key length                        
#define SRK KEYLENGTH 16  
                                                  
typedef struct tdTPM KEY SRK {
  TPM STRUCT VER ver;
  TPM KEY USAGE keyUsage;
  TPM KEY FLAGS keyFlags;
  TPM AUTH DATA USAGE authDataUsage;
  TPM KEY PARMS algorithmParms;
  TPM SECRET usageAuth;
  UINT32 PCRInfoSize;
  TPM PCR INFO pcrInfo;
  BYTE symKey[SRK KEYLENGTH];
} TPM KEY SRK;
// Size of TPM KEY SRK in bytes: 123

Listing 2: Structure for loaded asymmetric key

typedef struct tdTPM KEY LOADED {
TPM STRUCT VER ver;
TPM KEY USAGE keyUsage;
TPM KEY FLAGS keyFlags;
TPM AUTH DATA USAGE authDataUsage;
TPM KEY PARMS algorithmParms;
TPM KEY PARMS algorithmParms;
UINT32 PCRInfoSize;
UINT32 PCRInfoSize;
TPM PCR INFO pcrInfo;
TPM STORE ASYMKEY keyData;
} TPM KEY LOADED;
// Size of TPM KEY LOADED in bytes: 551

COMPRESSED STRUCTURES

typedef struct tdTPM PCR ATTRIBUTES {
  BOOL pcrReset;
} TPM PCR ATTRIBUTES;

// Size of TPM PCR ATTRIBUTES in bytes: 1
typedef struct tdTPM PERMANENT FLAGS {
  TPM STRUCTURE TAG tag;
  BOOL disable;
  BOOL FIPS;

  BOOL readSRKPub;
} TPM PERMANENT FLAGS;

// Size of TPM PERMANENT FLAGS in bytes: 5
typedef struct tdTPM STCLEAR FLAGS {
  TPM STRUCTURE TAG tag;
  BOOL deactivated;
} TPM STCLEAR FLAGS;

// Size of TPM STCLEAR FLAGS in bytes: 3
typedef struct tdTPM STANY FLAGS {
  TPM STRUCTURE TAG tag;
  BOOL postInitialise;
} TPM STANY FLAGS;

// Size of TPM STANY FLAGS in bytes: 3
#define TPM SESSIONS 2
typedef struct tdTPM STANY DATA {
  TPM STRUCTURE TAG tag;
  TPM SESSION DATA sessions[TPM SESSIONS];
} TPM STANY DATA;

// Size of TPM STANY DATA in bytes: 98
#define TPM NUM COUNTER 1
#define TPM NUM PCR 16

typedef struct tdTPM PERMANENT DATA {
  TPM STRUCTURE TAG tag;
  BYTE revMajor;
  BYTE revMinor;
  TPM NONCE tpmProof;
  TPM KEY srk;
  TPM COUNTER VALUE monotonicCounter[TPM NUM COUNTER];
  TPM PCR ATTRIBUTES pcrAttrib[TPM NUM PCR];
} TPM PERMANENT DATA;

// Size of TPM PERMANENT DATA in bytes: 173
typedef struct tdTPM STCLEAR DATA {
  TPM STRUCTURE TAG tag;
  TPM COUNT ID countID;
  TPM PCRVALUE PCR[TPM NUM PCR];
} TPM STCLEAR DATA;
// Size of TPM STCLEAR DATA in bytes: 326

We have SMC2.7 version of Secure Monitor OS

Software Emulators:

MTM Emulator - http://mtm.nrsec.com/
TroUserS http://trousers.sourceforge.net/ (http://sourceforge.net/projects/trousers/)
http://tpm-emulator.berlios.de/

We very need this files!

http://inderscience.metapress.com/app/home/contribution.asp?referrer=parent&backto=issue,1,6;journal,2,5;linkingpublicationresults,1:121008,1

Useful literarure

Patent description with nice graphics http://www.faqs.org/patents/app/20090320110

http://droid-developers.org/files/m-shield/NRCTR2007015.pdf

MCM Specification http://droid-developers.org/files/m-shield/87852F33-1D09-3519-AD0C0F141CC6B10D.pdf

Trusted Mobile Reference Architecture http://droid-developers.org/files/m-shield/644597BE-1D09-3519-AD5ADDAFA0B539D2.pdf

MTM Use cases http://droid-developers.org/files/m-shield/6443B207-1D09-3519-AD3180491A6DF1F5.pdf

Other Staff (needed to be cleared)

Work history Motorola June 2005 to the present Senior Software Engineer

tags: c • stracore • tms320c55x+ How would you describe your time at Motorola?

  1. Implementation of Alternate Linear Output Equalizer (ALOE) for GSM handsets.
  Tools: Code Composer Studio (CCS), Freescale code warrior simulation tool.
  Language: TMS320C55x+ Algebraic Assembly, STARCORE ASSEMBLY
  Description: The ALOE algorithm is aimed at improving co-channel performance of the handset over the conventional GSM equalizers. The new algorithm gives 13 dB improvements over the conventional MLSE method.
  The implementation of this algorithm involved the coding in TMS320C55x+ Algebraic Assembly using CCS tool. And implementation is targeted to have lesser MIPS and better precision results. The algorithm testing is done with legacy starcore reference code.

  2. Implementation of G728 speech codec with FIXED POINT, 32/16 bit data paths.
  Tools: Freescale code warrior simulation tool.
  Language: C, STARCORE ASSEMBLY
  Description: The G728 speech codec adhering to the ITUT standards is implemented using fixed point 16 bit and 32 bit data paths. The 16 bit fixed point data path is bit complaint with ITUT standard provided testvectors.The work involved is implementation, integration and Testing of entire G728 codec of 32 bit and 16 bit precisions and analysis with fixed point arithmetic using C language. And then porting the C code to the STARCORE architecture and also porting to starcore assembly to meet the MIPS criterion. The code is implemented in C and then star core assembly coded to meet MIPS criterion.

  3. Development and Testing of Sync Detection, AFC, and sensitivity improvement algorithms.
  Tools: Matlab Freescale code warrior simulation tool.
  Language: C, STARCORE ASSEMBLY
  Description: The IDEN (similar to GSM) system has RF modem part which has Transmitter and Receiver. The Receiver is to demodulate the received Quad QAM data into in-Phase and Quadrature symbols, by applying sub channel demodulation, time synchronization, automatic frequency control, pilot interpolation and data decoding algorithms.
  The work involved implementation of AFC using the 1st order loop and synchronization using WLS algorithm and sensitivity improvement algorithm using 4-F Doppler mutipath fading modeling .The implementation of all these algorithms are on C, and STARCORE ASSEMBLY using the freescale code warrior tools....

RNG, DES/3DESx2, SHA1/MD5x2, AESx2, Fast PKA (Safenet EIP-29), e-fuse

On-Chip Memory: 96 Kbytes ROM, 64 Kbytes SRAM

M-Shield Hardware Security Technology

Integrated into TI's OMAP and OMAP-Vox platforms, M-Shield hardware security technology is a complete infrastructure for mobile platform robustness that includes:

Hardware cryptographic accelerators and randon number generator
Public key infrastructure with secure on-chip keys (e-fuse)
Secure booting and flashing
Secure access/restriction to all chip peripherals and memories
Secure DMA transfers
Hardware-based countermeasures against software attacks and cloning
Secure protection of debug, trace, and test capabilities
Hardware-reinforced secure execution and storage environment (Secure Environment) embedding:

o A Secure State Machine

        o Secure RAM for sensitive authorized application execution and secure data storage
        o Secure ROM with 100+ accessible by authorized applications (Protected Applications) 
        o Secure storage mechanism

M-Shield hardware security technology is operating system-independent and not sensitive to software attacks. And once it is available, ARM® TrustZone™ hardware extensions will be incorporated and strengthened. M-Shield Software Security Technology

M-shield software security technology is the key software-based security element of OMAP Platforms and OMAP-Vox devices, built on top of and strengthened by M-Shield Hardware technology. This software security encompasses:

Secure signing and flashing tools
IMEI and SIMlock protection software on OMAP-Vox devices
Toolkits for development and signature of protected applications running in a secure environment
Security Middleware Component with associated Protected Applications and SDKs
Security packs to strengthen HLOS security

Additionally, the M-shield Security Middleware Component (SMC) provides sets of standard APIs that solve the problems of de-fragmentation and porting complexity:

Software reuse across platform generations as APIs on current platforms can continue to be utilized
SMC APIs are compatible with ARM® TrustZone™ software APIs

o Applications can call specific secure services ported on SMC using ARM TrustZone API

        o Applications can use secure storage and standard PKCS#11 APIs for cryptography
        o Native secure services can use standard PKCS#11 APIs
        o Interpreted secure services can use GlobalPlatform GPD/STIP mobile profile standard APIs
  * Applications developed on TI's M-shield mobile security technology today will run binary compatible on devices incorporating an ARM core with TrustZone hardware extensions
  * Services developed today using ARM TrustZone software API will run on TI devices with M-Shield mobile security technology

Some info about eFuse in OMAP - http://elinux.org/OMAP_Power_Management/SmartReflex

All Secure ROM soultion based on Synopsys products http://www.synopsys.com/Tools/SLD/CapsuleModule/vp_ti_ss.pdf

http://www.freepatentsonline.com/y2005/0228980.html