GlobalPlatform
Confidential ©
2016
Securing the Internet of Things:Privacy, Authentication, and Trust for billions of things
Hank Chavers
Technical Program Manager
IoT With the Best
29-30 October 2016
Agenda
• Introduction to GlobalPlatform
• IoT Security Use Cases
• Introduction to the Trusted Execution Environment
• Trusted Application Manager
• Question and Answer (Time Permitting)
2
Agenda
• Introduction to GlobalPlatform
• IoT Security Use Cases
• Introduction to the Trusted Execution Environment
• Trusted Application Manager
• Question and Answer (Time Permitting)
3
GlobalPlatform Overview
• GlobalPlatform is an international standards organization that provides a
comprehensive set of specifications, divided into three domains:
4
– Card
Focus on the Secure Element (SE), secure chip technology.
– Device
Include the complete set of specifications for the Trusted Execution Environment (TEE), and technology to integrate a secure element into a device such as over-the-air management or the access control specification.
– Systems (Cloud)
Cover the interactions between the managing systems of Secure Element Issuers (SEIs), Service Providers (SPs), the Controlling Authority (CA) and Trusted Service Managers (TSMs).
Membership
GlobalPlatform was created in 1999
to digitalize issuers services!
1999
2000 - 2007
2007 - 2015
2015+
Value of GlobalPlatform’s Solution
• GlobalPlatform’s Specifications offer:
– Interoperability
– Flexibility
– Multi-application management
– Security
• GlobalPlatform is not an all-or-nothing proposition. The Specifications:
– Can be used independently or all together
– Work together with proprietary models
– Support both single and multiple applications
7
Secure Element
• A secure element (SE) is a tamper-resistant platform capable of securely
hosting applications and their confidential and cryptographic data (e.g. key
management) in accordance with the rules and security requirements set forth
by a set of well-identified trusted authorities.
From 2013 to 2015, more than
17 billionGlobalPlatform cards or SEs have been
produced
• Introduction to GlobalPlatform
• IoT Security Use Cases
• Introduction to the Trusted Execution Environment
• Trusted Application Manager
• Question and Answer (Time Permitting)
Agenda
9
How media portrays the IoT market today
10
GlobalPlatform Members Involved
11
IoT security requirements
Device to device
communication:
Device identification
Send message securely to
cloud service: encrypt
Device lifecycle and
management
Identity (Identification,
access control, privacy):
configuration, operations
Deployment Example
• Some will adopt GlobalPlatform technologies (Secure Element) for
security purposes
– Smart Meters
– Medical Equipment
– Security Components
13
NXP Example of a Connected Automobile
14
Secure component in use
15
Device
• State of the art Root of Trust• Simplified key injection (keys are already inside the hardware to be
embedded
• Cost effective crypto processor
• Certified and reliable (no risk on crypto bugs from open source libraries)
• Enables Unique Identification
• Reliable Crypto Environment• Flexibility of services
• Same platform can be customized depending on the market
• Isolated environment• Crypto engine protected from other operation in the device
• Provides Remote Administration• Update of IOT device security features in a multi tenant
environment
Secure component in use
16
Device
Security services
for application
Security services
for device
• Introduction to GlobalPlatform
• IoT Security Use Cases
• Introduction to the Trusted Execution Environment
• Trusted Application Manager
• Question and Answer (Time Permitting)
Agenda
17
GlobalPlatform TEE
18
• GlobalPlatform defines a TEE
as a secure area in the main
processor in a connected
device
• Ensures sensitive data is
stored, processed, and
protected in an isolated, trusted
environment
• Offers isolated safe execution
of authorized security software,
known as 'trusted applications’
which enables end-to-end
security
Trusted Execution Environment Adoption
• Android 6.0 requires TEE to protect biometric readers and data
• FIDO Alliance and GlobalPlatform working together to ease development
• oneM2M refers to GlobalPlatform TEE to provide level 2 protection
19
20
Hack Example
› Waze Social Traffic hack› Attacker creates “ghost jam”
› Other users diverted
› Attacker clears road ahead
› “Sensors” spoofed using Android dev environments
› Fake user accounts made
› Big Data fooled
› Loss of trust in Service
The Rich Execution Environment
21
RICH OS APPLICATION ENVIRONMENT
Rich OS
Hardware Platform
GlobalPlatform TEE Architecture
22
RICH OS APPLICATION ENVIRONMENT
GlobalPlatform Published APIs
Rich OS Trusted OS Components
Hardware Platform
TRUSTED EXECUTION ENVIRONMENT
GlobalPlatform Published APIs
TEE
Comm.
Agent
Trusted
Drivers
Trusted
Core
Framework
HW Keys, Storage, TUI Peripherals
(Screen and Keyboard), Secure Element
HW Secure Resources
Message Passing Architecture
23
REE
Application
REE
Application
REE
Application Client
Application
Shared
Memory
Public
Device
Drivers
REE
Comms.
Agent
TEE Client API
Rich OS
ComponentsTrusted
Device
Drivers
TEE
Comms.
Agent
Trusted Kernel
Trusted Core
Framework
Trusted OS Components
TEE Internal Core API and extensions
Shared
Memory
View
Trusted
Application
REE
Application
REE
Application
Trusted
Application
Public Peripherals Trusted Peripherals
Switchable Peripherals
Messages
Isola
tion d
efined b
y T
EE
Pro
tection P
rofile
TEE Protocols
Platform Hardware
TEE Specification landscape
• Architecture
– TEE System Architecture v1.0
• Device TEE Access
– TEE Client API Specification v1.0
• APIs for Trusted Applications
– TEE Internal Core API Specification v1.1
– TEE Secure Element API Specification v1.0
– TEE Sockets API Specification v1.0
– Trusted User Interface API Specification v1.0
– TEE TA Debug Specification v1.0
• Security requirements
– TEE Protection Profile v1.2
• Compliance
– TEE Initial Configuration Test Suite 1.1.0.1
24 Download @ https://www.globalplatform.org/specificationsdevice.asp
Client application side
1. Create a context
– Client application with TEE
2. Open a session
Client application
and
Trusted Application
3. Exchange
command/operation with a
TA 25
result = TEEC_InitializeContext(
NULL,
&context);
if (result != TEEC_SUCCESS)
{ goto cleanup1;
}
result = TEEC_OpenSession(
&context,
&session,
&cryptoTEEApp, /*UUID of the app */
TEEC_LOGIN_USER,
NULL, /* No connection data */
NULL,/* No payload, no cancellation. */
NULL);
result = TEEC_InvokeCommand(
&session,
CMD_ENCRYPT_INIT,
&operation,
NULL);
Trusted Application = TA Interface
• TA_CreateEntryPoint
– This is the Trusted Application constructor.
• TA_DestroyEntryPoint
– Guess what? This is the Trusted Application destructor!
• TA_OpenSessionEntryPoint
– This function is called whenever a client attempts to connect to the Trusted
Application instance to open a new session
• TA_CloseSessionEntryPoint
– This function is called when the client closes a session and disconnects
from the Trusted Application instance.
• TA_InvokeCommandEntryPoint
– This function is called whenever a client invokes a Trusted Application
command. 26
Each Trusted Application MUST provide the Implementation with a number of functions,
collectively called the “TA interface”.
Trusted Application configuration
• Each application is Identified by a UUID gpd.ta.appID
• gpd.ta.singleInstance = create a single (if TRUE) TA instance for all the client sessions or create a separate instance for each client session
• gpd.ta.multiSession = Whether the Trusted Application instance supports multiple sessions
• gpd.ta.instanceKeepAlive = When this property is set to true, then the TA instance is terminated only when the TEE shuts down
• gpd.ta.dataSize = Maximum estimated amount of dynamic data in bytes configured for the Trusted Application
• gpd.ta.stackSize = Maximum stack size in bytes available to any task in the Trusted Application at any point in time
• gpd.ta.version
• and gpd.ta.description
27
Also
• Trusted Applications are able to retrieve properties – From the client application
• gpd.client.identity
– From the TEE
• gpd.tee.deviceID , gpd.tee.apiversion
– Also the current TA
• TAs are able to commit suicide
– When a Trusted Application calls the TEE_Panic function, the current instance MUST be destroyed and all the resources opened by the instance MUST be reclaimed
28
TEE_GetPropertyAsString
TEE_GetPropertyAsBool
TEE_GetPropertyAsU32
TEE_GetPropertyAsBinaryBlock
Trusted Storage
• A Trusted Storage Space contains Persistent Objects identified by an Object Identifier that can be
– a Cryptographic Key Object,
– a Cryptographic Key-Pair Object,
– or a Data Object
• gpd.tee.trustedStorage.rollbackDetection.protectionLevel gives to the application the level of protection against rollback attacks
– Typically, protection level is equal to 100 for REE and 1000 with hardware assets controlled by the TEE
• A TA can also allocate Transient Objects
– have no identifier
– Transient objects are held in memory and are automatically wiped and reclaimed when they are closed or when the TA instance is destroyed.
• Multiple APIs are available to manage Persistent and Transient objects through object handles
– Example : TEE_CreatePersistentObject, TEE_OpenPersistentObject, TEE_RenamePersistentObject , TEE_CloseAndDeletePersistentObject1, TEE_AllocateTransientObject
29
Trusted
Storage
Persistant
object
ID
Transient
object
More Internal Core APIs
Crypto API
• Based on Cryptographic operations - pre-allocated for a given operation type, algorithm, and key size
Time API
• 3 sources of Time
– TA Persistent Time, a real-time source of time
• The origin of this time is set individually by each Trusted Application and MUST persist across reboots.
– System Time
• the system time is not reset or rolled back during the life of a given TA instance
• The level of trust accessible via gpd.tee.systemTime.protectionLevel
• REE Time
Arithmetic API
• The specification offers a tool box for complex crypto functions not yet standardized
– Allow to Implement missing crypto function as plug in
– gives access to a Fast Modular Multiplication primitive
• The “only” limit is input and output are TEE_BigInt [-2M+1, 2M-1]
– M can be retrieved as the implementation property gpd.tee.arith.maxBigIntSize
30
TEE_ALG_SHA256
TEE_MODE_DIGEST
Between 192 and 1024 bits,
multiple of 8 bits
• Introduction to GlobalPlatform
• Trusted Execution Environment (TEE) Architecture
• Introduction to TEE APIs
• Trusted Application Manager
• Question and Answer
Agenda
31
Trusted Application Manager Overview
• Trusted Application Manager (TAM):
– Provides a scalable and remote means to manage the
• Trusted Execution Environment (TEE)
• Security Domains (SD)
• Trusted Applications (TA)
– Enforces the security policy of TA Providers, TEE Issuers, and TEE Implementers
– Ensures the security and the integrity of these entities
– Enables the confidentiality of the data
• Uses secure protocols and interfaces accessed either through the Client API or
via extensions to the Internal Core API
32
rSD
SD2
TA
SD3
TA
33
How does a TAM operate?
Service Provider
Create Security Domain
1) Install TA
2) TA personalization
Push the App and the TA on
the App Store1
AppTA
5
App
T
A 2
6
Request installation3
Verify Device Identity4
NOTE: This is only one of many
possible configurations
5
34
Trustonic Developer Tools
App Store
Google Play
TrustonicSoftwareProtection
TEE
TA
Ap
p
Ap
p
SW
TA
Ap
p
SW
TA
Main App
TEE TA SW TA
Main App
SW TA
Trustonic TEEProtection
• Introduction to GlobalPlatform
• Trusted Execution Environment (TEE) Architecture
• Introduction to TEE APIs
• Trusted Application Manager
• Question and Answer
Agenda
35