M-Shield mobile security technology



Similar documents
M-Shield Mobile Security Technology: making wireless secure

OMAP platform security features

Embedded Java & Secure Element for high security in IoT systems

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Side Channel Analysis and Embedded Systems Impact and Countermeasures

BroadSAFE Enhanced IP Phone Networks

Deploying iphone and ipad Security Overview

Secure Network Communications FIPS Non Proprietary Security Policy

High-Performance, Highly Secure Networking for Industrial and IoT Applications

Trusted Platforms for Homeland Security

ipad in Business Security

iphone in Business Security Overview

Secure Data Exchange Solution

How To Understand And Understand The Security Of A Key Infrastructure

Texas Instruments OMAP platform optimized for Microsoft Windows Mobile -based devices

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

PrivyLink Cryptographic Key Server *

Hardware Security Modules for Protecting Embedded Systems

Threat Model for Software Reconfigurable Communications Systems

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Virtual Private Networks (VPN) Connectivity and Management Policy

Confidentio. Integrated security processing unit. Including key management module, encryption engine and random number generator

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Chapter 1: Introduction

Freescale Security Backgrounder Page 1

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Applying Cryptography as a Service to Mobile Applications

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

i.mx Trust Architecture Protects assets of multiple stakeholders Guards against sophisticated attacks Assures software measures TM 2

Certification Report

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

Introducing etoken. What is etoken?

Complying with PCI Data Security

Configuring Security Features of Session Recording

Cisco Advanced Services for Network Security

VoIP Security. Seminar: Cryptography and Security Michael Muncan

Secure USB Flash Drive. Biometric & Professional Drives

Security in ST : From Company to Products

BYOD Guidance: BlackBerry Secure Work Space

SoC: Security-on-chip!

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Security Technology for Smartphones

Certification Report

White Paper: An Overview of the Samsung KNOX TM 2.0 Platform

FIPS Security Policy 3Com Embedded Firewall PCI Cards

Windows Phone 8 Security Overview

SENSE Security overview 2014

ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback -

Intel Network Builders: Lanner and Intel Building the Best Network Security Platforms

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS security requirement

AppliedMicro Trusted Management Module

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

Cisco Trust Anchor Technologies

Chapter 7 Information System Security and Control

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

FIPS Security Policy LogRhythm or Windows System Monitor Agent

Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN

SecureDoc Disk Encryption Cryptographic Engine

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Using BroadSAFE TM Technology 07/18/05

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Overview. SSL Cryptography Overview CHAPTER 1

LAB FORWARD. WITH PROService RMS TECHNOLOGY, ARCHITECTURE AND SECURITY INFORMATION FOR IT PROFESSIONALS

OMAP3430 multimedia applications processor

Content Teaching Academy at James Madison University

DRAFT Standard Statement Encryption

MXMedia CipherStream. Preliminary Assessment. Copyright 2012 Farncombe 1.0. Author: T F

KeyStone Architecture Security Accelerator (SA) User Guide

Smart Nest Thermostat A Smart Spy in Your Home

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

UNCLASSIFIED Version 1.0 May 2012

That Point of Sale is a PoS

Ciphire Mail. Abstract

SkyRecon Cryptographic Module (SCM)

DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES

Building A Secure Microsoft Exchange Continuity Appliance

STM32 F-2 series High-performance Cortex-M3 MCUs

TI Linux and Open Source Initiative Backgrounder

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release corrections. ADYTON Release 2.12.

Security Policy for FIPS Validation

Samsung Mobile Security

Comprehensive Security for Internet-of-Things Devices With ARM TrustZone

Sync Security and Privacy Brief

SECURITY IN THE INTERNET OF THINGS

SMPTE Standards Transition Issues for NIST/FIPS Requirements v1.1

Managed Portable Security Devices

DesignWare IP for IoT SoC Designs

Application Note. Atmel CryptoAuthentication Product Uses. Atmel ATSHA204. Abstract. Overview

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Transcription:

Technology for Innovators TM M-Shield mobile security technology making wireless secure Overview As 3G networks are successfully deployed worldwide, opportunities are arising to deliver to end-users a multitude of services that satisfy their business, organizational and entertainment needs. Wireless operators have started to increase value-added services such as multimedia services, e-wallet functionality enabling financial transactions, gaming and messaging. Operators will also benefit from the increased pipe bandwidth of 3G by performing over-the-air services, applications provisioning and bug fixes, thus significantly reducing operational and support costs. The increased value and availability of the content and benefits of higher bandwidth dictate increased levels of handset security. As people start using mobile phones to tap into computer networks and to serve as payment devices, the potential damage could become severe as viruses spread from the mobile handset to the enterprise network. W H I T E P A P E R By Jay Srage Marketing Manager for Cellular Systems Jérôme Azema Security CTO for Cellular Systems Current security solutions are software-based and have proven to be vulnerable through hacking, viruses and other malicious attacks. This lack of adequate security affects the trust of content, service and financial providers as well as consumers. Financial service providers, banks and consumers alike will not feel comfortable with over-the-air processing and handset storage of payment credentials unless they are offered a high degree of security. Likewise, few content providers will deploy music, videos or games unless they can trust the terms and conditions of the content purchase and download are not violated. Another factor driving the need for wireless security technologies is an operator s desire to decrease operational and support costs with the ability to deploy over-the-air bug fixes and software patches, as well as flashing and application provisioning at purchase instead of production. Solving the security problem is essential for growth of 3G systems. The increased value and availability of the content and benefits of higher bandwidth are dictating increased security of the handset without violating the constraints of performance and power.

2 M-Shield mobile security technology solution Texas Instruments (TI s) M-Shield mobile security technology solution provides the highest level of terminal and content security in the industry as well as setting the benchmark for the level of security needed to allow financial applications. TI s M-Shield technology is a system-level approach that intimately interleaves hardware and software and provides several benefits over current software solutions, including: Much higher performance and security level for protection, detection and reaction against tampering through several hardware-based security mechanisms and hardware-accelerated cryptography A more difficult and expensive process to reverse-engineer and hack A more challenging phone cloning process Power optimization Transparent usage from the end-user M-Shield technology is the key security element of the widely used OMAP platform and recently announced OMAP-Vox family of scalable wireless solutions. The OMAP platform is a family of high-performance, low power consumption applications processors featuring an open, flexible architecture that is driving innovative solutions across the wireless industry. TI s new OMAP-Vox solutions are built on the industry-leading OMAP architecture. By integrating modem and application processing, OMAP-Vox solutions are optimized to efficiently run a dynamic mixture of applications and communications functions on the same hardware. Complete chipsets will also include analog components, power management and RF devices. M-Shield technology features in TI wireless chipsets Hardware Feature Set Secure Control of Platform Debug, Test and Trace Capabilities Secure Flashing/Booting Support Cryptographic Accelerators DES/3DES AES SHA-1 & MD5 PKA FIPS Compliant True Hardware RNG Secure On-Chip Keys Root Public Key Hash (RSA Authentication) Random Key (Binding, Secure Storage) Customer Key (OEM-Specific Use) Secure Environment Hardware Secure DMA Channels ROM Code Feature Set Secure Flashing Secure Booting Secure Environment Software Secure Environment entry and exit mechanism Secure Environment interrup handling Load manager to load and verify protected applications in Secure RAM prior to execution Storage manager to encrypt and store sensitive data belonging to protected applications in NoVo memory Secure run-time services for protected applications, including cryptographic libraries Expanded feature support in future generations, including ARM TrustZone support Secure Chip-Interconnect Expanded feature support in future generations, including ARM TrustZone support

3 M-Shield solution s infrastructure TI s M-Shield technology solution s infrastructure includes: Public-Key Infrastructure with secure on-chip keys (E-fuse) On-chip control of secure flashing and secure booting Secure Environment with hardware countermeasures against attacks for safe execution of sensitive authorized applications (called protected applications) and secure storage of their sensitive data Secure chip-interconnect Secure Direct Memory Access (DMA) Hardware cryptographic accelerators and Random Number Generator (RNG) This infrastructure allows M-Shield technology to offer a hardwareenforced Secure Environment. M-Shield technology also offers: Authentication of flashing and booting software 100+ services accessible by protected applications Accelerated cryptography Hardware-based protection against software attacks and cloning Secure access/restriction to all chip peripherals and memories Secure control of debug, test and trace capabilities M-Shield solution s infrastructure provides the highest level of security to reduce the unauthorized use of handsets and fraud while enabling the deployment of value-added secure services. M-Shield hardware implementation in TI wireless chipsets Products OMAP16xx OMAP17xx OMAP33x OMAP75x OMAP85x OMAPV1030 OMAP2420 Future OMAP and OMAP-Vox Devices True RNG DES/3DES, SHA-1/MD5 AES Public-Keys Accelerator (PKA) Secure Control of Platform Debug, Test and Trace Capabilities Secure Flashing/Booting Run-Time Secure Services (Secure ROM) Secure Environment (Secure ROM/RAM/SSM) Secure Chip-Interconnect Secure DMA ARM TrustZone Support

4 Secure environment TI s M-Shield technology s Secure Environment provides hardware countermeasures against attacks and is the industry s first hardware-based environment for secure execution and storage. The Secure Environment provides: Security via on-chip public key verification Secure execution of user-defined protected applications Secure storage (authenticated, encrypted data stored externally) Internal/external memory and peripheral access control due to secure chip-interconnect programming Privacy of data transfer on the platform due to Secure DMA programming Secure run-time services, including cryptographic libraries Access from/to the operating system through the Secure Environment driver Debug, test and trace secure control Secure watchdog timer The Secure Environment is built of three main components: the hardware Secure State Machine, the Secure ROM and the Secure RAM. The Secure State Machine applies and guarantees the security policy rules while entering, executing and exiting from the Secure Environment. Secure ROM embeds: Drivers for the hardware cryptography blocks Secure Environment manager to handle the entry, exit and interruption of the Secure Environment Load manager to load and verify the protected applications prior to execution Secure storage manager to handle the storage of data belonging to the protected application Remote procedure call to communicate with the operating system through the Secure Environment driver Secure run-time services, including cryptographic libraries Secure RAM is used for: Authentication and execution of protected applications Safe working space for execution of secure run-time services Key material generation Dynamic keys storage Certificate signature and verification Public-key infrastructure Secure on-chip keys (E-Fuse) are OEM-specific one-time programmable keys accessible only from inside the Secure Environment for authentication and encryption and include: Root public key for authentication Random key for binding and secure storage Customer key for OEM-specific use

5 Secure chip-interconnect and Secure DMA Hardware cryptographic accelerators TI s M-Shield technology provides the capability of the Secure Environment to qualify (DMA) transfers as secure to protect the confidentiality of sensitive high-value data, such as Digital Rights Management (DRM)-protected contents, during their processing and transfer throughout the platform. To further ensure protection against attacks, a secure chip-interconnect allows peripherals and memories to be accessible only by the Secure Environment and/or by the Secure DMA channels so that sensitive information confidentiality can be guaranteed in the entire data path, from origin to destination. Examples of peripherals and memories of the device that might be disabled include: MMI peripherals such as keyboard, LCD, fingerprint sensor Smartcard physical interface Crypto processors Serial interfaces involved in multimedia content rendering Internal memories External flashes and SDRAMs TI s M-Shield technology includes a Public-Key Infrastructure that along with the Secure Environment provides complete security. Cryptographic accelerators and a FIPS compliant are key elements of the Public-Key Infrastructure. The M-Shield security solution provides a hardware-based AES accelerator and Public-Key Accelerator (PKA), as well as DES/3DES, SHA-1 and MD5 hardware accelerators. By providing fast client authentication and signing, as well as fast content decryption and integrity checking, M-Shield technology accelerators save critical time and enhance the user experience by offsetting the degradation of software-based solutions. M-Shield secure environment use case User Application File System Secure Storage Secure Environment API Secure Environment Device Driver User Mode Kernel Mode SSM secret data Secure ROM Code Secure RAM Protected Application Root Public Key Random Key RNG SHA-1/MD5 DES/3DES AES PKA Secure Mode Secure DMA Secure Chip-Interconnect Other Security Features M-Shield mobile security technology

6 ARM TrustZone technology support TI will extend the scope of M-Shield technology in the future to support ARM s TrustZone technology. The resulting combination provides even higher performance and security levels to applications running in the Secure Environment. M-Shield software solution Conclusion For more information In addition to M-Shield mobile security solution s hardware, TI also offers a flexible software solution that includes device drivers as well as security software libraries and APIs to support third-party middleware software and applications. M-Shield solution s flexible API supports a wide range of cryptography functions and allows the cryptography engine to interface with higher levels of the system, such as operating systems, industrystandard security protocols (SSL, TLS, IPSec) and interfaces such as Public Key Cryptography Standards (PKCS). Third-party applications like DRM agents, VPN clients, anti-virus programs, firewalls and software filters are dictated by the requirements of 3G applications and are available from a wide variety of TI partners. For high-value services deployment to be successful, end-users, content providers and service providers must be confident the handset offers the right level of security. As the value and complexity of the applications and high-value content increases, the security level must also increase. Only a system-level solution can provide the highest level of security. With TI s M-Shield mobile security technology solution, along with an ecosystem of partnerships, 3G secure-sensitive applications will be successfully deployed. www.ti.com/m-shield Statements contained in this white paper regarding the growth of the 3G handset market, TI market penetration and qualification of TI products and other statements of management's beliefs, goals and expectations may be considered forward-looking statements as that term is defined in the Private Securities Litigation Reform Act of 1995, and are subject to risks and uncertainties that could cause actual results to differ materially from those expressed or implied by these statements. The following factors and the factors discussed in TI's most recent Form 10-K could cause actual results to differ materially from the statements contained in this white paper: actual market demand for 3G products in general and TI semiconductor products specifically, and actual certification test results relating to TI products. TI disclaims any intention or obligation to update any forward-looking statements as a result of developments occurring after the date of this white paper. Technology for Innovators, the black/red banner, M-Shield, OMAP and OMAP-Vox are trademarks of Texas Instruments. All other trademarks are the property of their respective owners. 2005 Texas Instruments Incorporated Printed in the U.S.A. Printed on recycled paper. SWPY014A

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information