InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
Subscribe Login/Register
S&P 500
5,481.08
(
0.91%
)
US TECH 100
19,445.20
(
1.45%
)
Dow Jones
38,776.80
(
0.49%
)
Brent Oil
83.87
(
2.12%
)
Bitcoin
66,875.83
(
0.36%
)
Post# of 249096
Next 10
Reply Private New
Public Reply Private Reply New Post
Keep Last Read
Keep Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Genz2

Send PM Follow Ignore
Followers 5
Posts 2755
Boards Moderated 0
Alias Born 09/06/2006

Genz2

Re: None

Tuesday, 06/04/2019 5:59:19 PM

Tuesday, June 04, 2019 5:59:19 PM

Post# of 249096
Breaking Samsung's ARM TrustZone

https://www.blackhat.com/us-19/briefings/schedule/#breaking-samsungs-arm-trustzone-14932

The increasing popularity of connected devices in recent years has led manufacturers to put a greater emphasis on security, finding themselves in need of robust designs that would protect their users.

From these requirements emerged the ARM TrustZone, a system-wide hardware isolation technology. It introduces a trusted Secure World that can process code and data while ensuring their integrity and confidentiality. This Secure World can also watch over the user-controlled (and therefore untrusted) Normal World to verify its integrity, similarly to the mechanism implemented in Samsung's TIMA.

It can also access hardware peripherals, such as keyboards, screens, or crypto-processors in a secure and isolated manner to create trusted UIs, implement DRMs, etc. All the sensitive data and the critical interruptions are directly handled by the Secure World without ever passing through the Normal World.

However, the usage of this technology comes at a cost. By widening the attack surface and exposing privileged components, TrustZone can potentially introduce a single point of failure that allows the compromission of the entire system.

Using Samsung's TrustZone implementation as a target, this presentation explains and demonstrates how this new attack surface can be leveraged to hijack and exploit trusted components. After explaining the internals and interactions of these components developed by Samsung, different vulnerabilities will be detailed and exploited to execute code at EL3, the highest privilege level on an ARM-based system.
==================================================================
A TPM Mobile could enhance the security of Trustzone (TEE)! Wave had a 15 year agreement with Samsung to license Wave's software with a TPM. This could be an opportunity for Samsung to improve its smartphone security and for Wave to be in millions of devices and manage those devices!! See Samsung/Wave agreement below!!
==================================================================
White Paper: TPM Mobile with Trusted Execution Environment for Comprehensive mobile device security

https://trustedcomputinggroup.org/wp-content/uploads/TPM-MOBILE-with-Trusted-Execution-Environment-for-Comprehensive-Mobile-Device-Security.pdf

Excerpt: The whitepaper introduces how Global Platform TEE and Trusted Computing Group Mobile Trust Module (TPM Mobile) can work together in mobile devices to provide security, peace of mind and enhanced services to users.

Samsung is a TCG member.
==================================================================
https://www.wavesys.com/buzz/news/wave-systems-signs-15-year-license-agreement-samsung

Wave Systems Signs 15-year License Agreement with Samsung

https://www.securityweek.com/wave-systems-signs-15-year-license-agreement-samsung

Wave Systems has signed a 15-year software license and distribution agreement with Samsung, enabling Samsung to bundle Wave’s EMBASSY Security Center (ESC) and TCG Software Stack (TSS) technology with devices that include a Trusted Platform Module (TPM), an industry standard security chip embedded in the motherboard of a computer or other electronic device.

In an SEC filing, Wave said it would receive a per-unit royalty based on Samsung’s sales of products that include its technology, but did not provide estimates in terms of expected revenue derived as a result.

While the contract does not provide for guaranteed minimum or maximum shipped quantities or royalties, the long-term deal with the electronics giant is a big win for the Massachusetts-based security firm. “Samsung is a significant market maker and technology category leader,” Brian Berger, EVP Marketing & Sales at Wave Systems told SecurityWeek. “For Wave to have been selected and qualified to have a 15-year agreement is a very important message to the market of Wave's value to the computing ecosystem.”

In terms of Samsung products that could benefit from Wave’s technology, Trusted Platform Modules can be used in device types including mobile, consumer electronic products such as Set-top-boxes and printers, and other applicable products. Personal computers are the first and biggest market currently, as government requirements are starting to require higher levels of security including hardware-level protections such as TPM and encryption.

Wave Systems' EMBASSY Security Center delivers advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today. ESC offers a variety of secure business productivity benefits including self-encrypting drive management, and is compatible with all TCG-Compliant hardware platforms.

Wave’s software will be bundled with devices manufactured by Samsung within the 2012 calendar year, Berger said.















Public Reply Private Reply New Post
Keep Last Read
Keep Last Read Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.

Sign Up