• No results found

<t base Trusted Application Development

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "<t base Trusted Application Development"

Copied!
27
0
0

Loading.... (view fulltext now)

Download now ( 27 Page )

Full text

(1)

<t base Trusted Application

Development

Prepared for:

Praxisforum “Anwender und Anbieter im Dialog

– Mobile Sicherheit im Unternehmen”

am 4.12.2014 in München

Markus Katzenberger

Project Manager

Trustonic GmbH

(2)

Agenda

Who we are

The Trusted Execution Environment TEE

<t-base OTA Ecosystem

Typical Use Cases for TEE

<t-base architecture and APIs

(3)

Trustonic

EXECUTIVE TEAM

Ben Cade

CEO EVP Sales & Marketing Olivier Leger Chris Jones COO EVP Engineering Stephan Spitz Jon Geater CTO

Seattle, Austin, San Francisco Cambridge, London, Maidenhead, Bath Helsinki Munich Sophia, Paris Tokyo Seoul Taipei

(4)

Trustonic

EXECUTIVE TEAM

Ben Cade

CEO EVP Sales & Marketing Olivier Leger Chris Jones COO EVP Engineering Stephan Spitz Jon Geater CTO

Seattle, Austin, San Francisco Cambridge, London, Maidenhead, Bath Helsinki Munich Sophia, Paris Tokyo Seoul Taipei

OVER 100 EMPLOYEES LOCATED BETWEEN

2 years of Trustonic

(Dec 2012 –Dec 2014)

What an amazing 2 years it’s been. Trustonic technology can already be found

in over 300 Million smart devices

and our growing ecosystem of service providers

stands at over 50 companies spanning enterprise, content protection, commerce and identity management segments.

So, thank you to our partners for helping to establish this common foundation of trust in devices

Now 2015 promises to be a year full of opportunity for those looking to deliver

(5)

Why use a TEE?

MAIN OPERATING SYSTEM TRUSTONIC TEE

TRUSTZONE™ SYSTEM-ON-CHIP

LOGO

LOGO IN BLACK

LOGO COLOR VERSIONS

LOGO ON BLACK

SMART CONNECTED DEVICE

Normal App Security Critical Assets TEE Enabled App API Call on Security critical Routine Secure Container Trusted App - Secured Critical Assets

Key assets

exposed

Key assets

protected

Isolated

space for

handling

high value

assets

(6)

Where does ‹t-base fit?

TRUSTZONE™ SYSTEM-ON-CHIP APPLICATIONS PROCESSOR LOGO LOGO IN BLACK

LOGO COLOR VERSIONS

LOGO ON BLACK

SMART CONNECTED DEVICE

TOUCHSCREEN

SENSOR BIOMETRIC SENSOR

NFC BLUETOOTH WI-FI RADIO SECURE ELEMENT BASEBAND RADIO A/V OUTPUT MASS STORAGE LOCATION SENSOR

(7)

TAM CHIP MAKER SILICON IP DEVICE MAKER APP DEVELOPERS APP STORE SERVICE PROVIDERS <t-base <t-kph <t-sdk LOGO LOGO IN BLACK

LOGO COLOR VERSIONS

LOGO ON BLACK

<t-dev

END USERS

<t-directory

(8)
(9)

Content Protection

Trustonic protects video path

from studio to user

MAIN OS

TRUSTZONE™ SYSTEM-ON-CHIP

SMART CONNECTED DEVICE

TEE Enabled Content Service App DRM and Media Framework APIs Secure Container TRUSTONIC TEE DRM Decryption Secure Playback

Secure Boot

Device Authentication

User Authentication

DRM Protection

Trusted time source

Secure Playback

Link Protection DTCP

Downloadable Scheme

LOGO

LOGO IN BLACK

LOGO COLOR VERSIONS

LOGO ON BLACK

DTCP/IP

Content Service

Link Protection

(10)

Signed Sealed User Input Data

Payments

MAIN OS TRUSTZONE™ SYSTEM-ON-CHIP LOGO LOGO IN BLACK

LOGO COLOR VERSIONS

LOGO ON BLACK

SMART CONNECTED DEVICE TEE Enabled Wallet App API Call to Authenticate User Secure Container Login/Password or Biometric Secure Input TRUSTONIC TEE

Trustonic protects PINs and Passwords

and access to Biometric sensors

(11)

Enterprise

LOGO

LOGO IN BLACK

LOGO COLOR VERSIONS

LOGO ON BLACK

APPLICATION LEVEL

• 2 Factor User Authentication • Identity Management

• Authorization and SSO

• Physical access control with HCE • Secure messaging: Voice and Data • Data loss prevention

SYSTEM LEVEL

• Secured dual persona • Secured MDM and MAM • Biometric matching

DEVICE LEVEL

• Secure boot and integrity checks • Bulk storage encryption

(12)

Automotive

Identity Management

PIN/Fingerprint Unlock

Remote Lock/Unlock

Car personalization

Performance and comfort

Insurance Interface

Driver risk profiled discounts

Location based payments

Parking

Fuel/recharging

Road tolls

Premium Traffic information

Entertainment

Movies

Apps

BLUETOOTH LE NFC

(13)

Internet of Things

User controls who can access what data

Authentication

Authorization

Energy suppliers bid for contracts

Smart meter

Appliances request service

Insurers discount on occupancy

User location

Temperature HOME GATEWAY SMART METER SMART DEVICE GATEWAY THERMO-

STAT CONNECTED APPLIANCES APPLIANCE

MAKER ADVERTISER

ENERGY

BROKERAGE INSURER HOME

CONNECTION REQUESTS

(14)

Healthcare

Health card

Identity/Authorization

Secure access to records

Sensors and monitoring

Privacy protected activity

logging

Secure connection to medical

equipment

Secure Storage of medical data

MEDICAL EQUIPMENT

(15)

Trusted Application

Development

(16)

Container

<t-base Architecture

ARM TrustZone® enabled SoC

<t-base driver

Trusted Application Connector

Application

<t-base OS

CO

M

Trusted Application API

Normal-World

Secure-World

kernel

Trusted Application

<t-base Client API

Sy

stem Crypto

Sec

urity

<t-base daemon

TCI

(17)

Development Tools

TA Development

<t-sdk

(header files, libs, sample code, scripts)

ARM DS-5 for compiling and debugging

GNU GCC for compiling

Secure Driver Development

<t-ddk

(header files, libs, sample code, scripts)

ARM DS-5 for compiling

debugging via JTAG according to SoC Tools

Normal-World Development

Existing Android driver is open-source

(18)

<t-base Normal world

<t-base driver

Trusted Application Connector

Application

Normal-World

Device Access

Session Management

Memory Mapping

kernel

<t-base Client API <t-base daemon Dev ice Ses sion Mem ory

(19)

Containers

<t-base Secure World

<t-base OS

CO M

Secure-World

Trusted Application Sy

stem Crypto

Sec

urity

COM

a set of functions for

inter-world communication

System

<t-base system

information and functions

Crypto

<t-base crypto

provider

Security

Secure object

functions for binary data

Trusted Application API

(20)
(21)

GlobalPlatform API

In addition to the <t-base-2xx APIs,

<t-base 300 introduced the key GP features

that are already standardized

TEE Client API for client applications

TEE Internal API for TA

Cryptography

Trusted Storage

Memory Management

Equivalent functionality of what is already available

(22)

TEE Client API

TEEC_InitializeContext

TEEC_FinalizeContext

TEEC_OpenSession

TEEC_CloseSession

TEEC_InvokeCommand

TEEC_AllocateSharedMemory

TEEC_RegisterSharedMemory

TEEC_ReleaseSharedMemory

(23)

TA_CreateEntryPoint

TA_DestroyEntryPoint

TA_OpenSessionEntryPoint

TA_CloseSessionEntryPoint

TA_InvokeCommandEntryPoint

Trusted Applications are multi-instance

TEE Internal API:

(24)

TEE Internal API:

Memory Mgmt.

Functions

TEE_CheckMemoryAccessRights

TEE_SetInstanceData

TEE_GetInstanceData

TEE_Malloc

TEE_Realloc

TEE_Free

TEE_MemMove

TEE_MemCompare

TEE_MemFill

(25)

TEE Internal API:

Object Functions

TEE_GetObjectInfo

TEE_GetObjectBufferAttribute

TEE_GetObjectValueAttribute

TEE_CloseObject

TEE_AllocateTransientObject

TEE_FreeTransientObject

TEE_ResetTransientObject

TEE_PopulateTransientObject

TEE_InitRefAttribute

TEE_InitValueAttribute

TEE_CopyObjectAttributes

TEE_GenerateKey

TEE_OpenPersistentObject

TEE_CreatePersistentObject

TEE_CloseAndDeletePersistentObject

TEE_ReadObjectData

TEE_WriteObjectData

TEE_TruncateObjectData

TEE_SeekObjectData
(26)

TEE Internal API:

Cryptographic

Functions

TEE_MACInit

TEE_MACUpdate

TEE_MACComputeFinal

TEE_MACCompareFinal

TEE_AsymmetricEncrypt

TEE_AsymmetricDecrypt

TEE_AsymmetricSignDigest

TEE_AsymmetricVerifyDigest

TEE_GenerateRandom

TEE_AllocateOperation

TEE_FreeOperation

TEE_GetOperationInfo

TEE_SetOperationKey

TEE_DigestUpdate

TEE_DigestDoFinal

TEE_CipherInit

TEE_CipherUpdate

TEE_CipherDoFinal
(27)

Arndale development board

http://www.arndaleboard.org

Exynos 5250 SoC

System or Service Provider TAs

Driver development

Commercial Devices

Each device must be added to Trustonic test

infrastructure

TA can be bundled in your APK in the /res folder

We will support demos and POCs

We can advise on suitable devices

http://www.arndaleboard.org

References

Download now ( PDF - 27 Page - 1.20 MB )

Related documents

The current status of laser applications in dentistry

Other than caries removal, this is a range of other well established laser hard tissue procedures include desensitization of cervical dentine (using Nd:YAG, Er:YAG, Er,Cr:YSGG CO2,

Tax Policy and the Economy: Volume 2

the tax on real rather than nominal interest income, tax payments fall relative to what was reported in Tables 3 4, since dividend and capital gains income has dropped for all

Hiring Algorithms: An Ethnography of Fairness in Practice

In sum, the HR team aimed to enroll stakeholder groups by emphasizing notions of fairness that linked most closely to their interaction with the AI application, including accuracy

Counter-intuitive moral judgement following traumatic brain injury

In sum then, the evidence suggests that the intuitiveness of a moral judgement, rather than its content, is the key factor in controlled versus automatic processing, and thus there

Chapter - B COMMINUTION & CLASSIFICATION BOYUT KÜÇÜLTME & SINIFLANDIRMA

This type of analysis leads to the optimization of the control parameters of an experimental microfluidic device with application in the separation of submicron particles..

Incidents During Out-of-Hospital Patient Transportation

Difficulty with patient transfer or loading 6 20 Problem with vehicle configuration for patient transport 6 20 Other problems relating to the vehicle 4 13 Delay in

Additional information >>> HERE

Music making app samsung, rap beat programm free download chip, cheap mac for music production, b flat music productions, hip hop orchestra songs, music production jobs