190 likes | 310 Views
Device Security Overview. Authors:. Date: 2010-09-16.
E N D
Device Security Overview Authors: Date: 2010-09-16 Notice:This document has been prepared to assist IEEE 802.19. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Alex Reznik (InterDigital)
Abstract • In response to group’s request to learn more about device security • We present a high-level overview of what device security is • We also show examples of how existing commercial standards and products implement it Alex Reznik (InterDigital)
Outline • Emerging Threats in the New Communication Network • What is Device Security? • Why is it Needed? • Some solutions that have proved useful • Adoption in Other Products and Standardization • Examples: • 3GPP R9 Femtocell Autonomous Validation • Commercial examples of mobile phone chipset device security • Why Device Security for Communications • Summary and Next Steps Alex Reznik (InterDigital)
Tomorrow’s Network of Networks Intelligent Highways & Vehicular Comms Smart Power Grid Shopping, banking,secure transactions Socialnetworks WiMax Sensors Relays Cellular WiFi Ambience Wireless home & Consumer electronics Healthcare Entertainment and gaming Femto Education Mesh Billions of subscribers, trillions of connections Alex Reznik (InterDigital)
New Security Threats Will Emerge • As wireless networks become more and more distributed, new security threats are emerging • Network edge components require stronger security e.g. Femto cells, relays and gateways • As the scale of connected devices grows the avenues of attack will also grow • Some type of new attacks • Physical attacks on devices • Malicious attacks on software, data and credentials • Configuration attacks • Protocol attacks against the device • Attack on the core network • User data and identity privacy Alex Reznik (InterDigital)
What is Device Security? • Device Security addresses a core need: • To ensure devices will operate as trusted and expected, and not to operate in un-trusted or unexpected ways • Commonly applied requirements include: • To perform security-sensitive functions (e.g. crypto key generation, authentication, access control, etc) and do so in a way that counters unauthorized access to, disclosure of, or compromise to such functions • To store and handle security-sensitive data (e.g. crypto keys, sensitive data, etc) without unauthorized access or compromise to the data while the data is in storage or being processed in the device • To detect, report or prevent attempts of attacks on the device itself • To report and remediate functionality when and if compromises do happen • To provide reliable and secure references for time and/or location, that help other requirements such as those listed above • Device Security is related to but different from • Communication Security, which mostly concerns how data, while in transit from point A to point B, can be protected for confidentiality, integrity, freshness, etc. • Without Device Security, little trust can be given to communication security! Alex Reznik (InterDigital)
Why device security? • Devices can’t be inherently trusted or assumed to be secure • They use many components that integrators don’t fully know about • Complexity of modern computing or communication devices often makes it impossible for even its designer to know all vulnerabilities • Rule of thumb is there is a security bug in every 1k line of code! • Fast changes (for the worse) in attack-cost vs. benefit equation that motivates prospective attackers to attempt more attacks • Increasing use of open standards and platforms • Ubiquitous availability of connectivity (e.g. Internet, USB, Bluetooth,etc) and resultant access for attackers to the devices • Devices acting more and more like multi-app computers, and handling data or perform functions that are high-value or high-impact • Trend for flattened network architectures, pushing sensitive network-based functions toward edge-network equipments such as routers, gateways, etc • Many compromising attacks and threats (e.g. viruses, malware, ID theft, remote high-jacking, etc) are finding ways to other devices (cell phones, gaming boxes, etc) Alex Reznik (InterDigital)
Solutions that have proved useful for Device Security • Use inherently trustable “secure environments” in devices • To perform the most fundamental or security-wise critical functions • To store and handle the most sensitive data • To build a ‘chain of trust’ to attest to the integrity of the rest of the device functionality • Requires appropriate hardware to build (e.g. secure ROM, RAM, Onetime Pads, E-Fuses, etc) • Detect, report, and remediate deviations or compromises • To detect, use “secure environment” to measure behavior or metric (e.g. hashes) of integrity or trustworthiness, and compare them to trusted references • To report, use “secure environment” to assure validity of alarms or fault reports. • To remediate, use “secure environment” to assure integrity of remediation/update protocol handling and local updates procedures • Balance local trust vs. remote enforcement • Something within the device has to be inherently trusted. Make it small and cost effective. • Everything else need to be monitored for deviation, and detected deviations need to be addressed by controlled enforcement (e.g. deny access to network) • Protect the network from compromises in devices • Enable the network to become cognizant of compromised devices and be able to control access of devices suspected of compromises • Design network and end-point protocols that enable or help detection, reporting, access control and remediation • Make sure such protocols and mechanisms can handle shades of grey, gradations, and multiple scopes/contingencies Alex Reznik (InterDigital)
Product Adoptions and Standardization • Device Security has been adopted for many products, and are being standardized for other products too • Communication network equipments • Femto-cell or Home (e)NB devices (3GPP stds Rel9/10, 2009 and onward) • 3GPP eNodeBs (stds Rel8, 2008) and relay nodes (Rel10 /11– 2010+) • ETSI M2M Gateway (Rel1, end of 2010) • Communication terminal devices, and chipsets & modules for them • Smart cards / SIM / UICC modules (since 1990s and onward) • Embedded security on commercial mobile phones (mid 2000s and onward) • CableCARD™ or DCAS™ security for Cable STBs (early 2000s & on) • ETSI TC M2M Devices (being standardized for Rel1 release in 2010) • Other devices – computers, laptops, gaming devices, etc • Most current laptops have on-board Trusted Platform Modules (TPM™) • Gaming boxes such as Xbox and PS-2/3 have built-in dev sec. Alex Reznik (InterDigital)
Perform chain of trust based integrity check of platform Authentication and Access to Network Allowed Reference Metrics (RIM) protected by Trust Environment Integrity Self Check Pass/Fail Trusted Processing for Wireless Devices Wireless Device Cert Cert COMPARE Measured Value √ ReferenceMetric Credentials Meas. Data Alex Reznik (InterDigital)
September 2010 Example: Autonomous Validation of 3GPP R9 Femtocell* • An internal Trusted Environment (TrE) of a Femto measures and verifies the integrity of software and configuration of the Femto. • Femto is ONLY allowed to authenticate as a device with the Network after passing integrity check • Network infers device trust in Femto by virtue of implication from successful device authentication √ Femto Cell Femto Cell X X C A B * 3GPP TS 33.320 H(e)NB Security Aspects sections 6, 7, and 8. Alex Reznik (InterDigital)
September 2010 Example: Open Mobile Terminal Platform (OMTP) Advanced Trusted Environment TR1 for Mobile Terminal Security (*) • Overview of TR1 Recommendations • Enhances the Basic Trusted Environment (TR0) specs • New, expanded threat model • Protects the Application Security Framework on a device • Different profiles for different levels of security in the terminal • Enables high security platforms and devices • Grounding for future high-security services on mobile phones ** Source: * http://www.omtp.org/Publications/Display.aspx?Id=3531a022-c606-42ad-bf02-4c8d10dc253e#**http://docbox.etsi.org/Workshop/2009/200901_SECURITYWORKSHOP/OMTP_DavidRogers_OMTPSecurityRecommendationsandtheAdvancedTrustedEnvironment_OMTP_TR1.pdf Alex Reznik (InterDigital)
September 2010 Example: Mobile Phone Security (Freescale product example) • Secure ROM and RAM • Hardware-based binding of DevID to crypto key • Security Controller • Onchip secure monitor • Crypto engines • Run-time integrity check (RTIC) Source: http://www.freescale.com/files/training_pdf/WBT_27207_IMX31_SECURITY.pdf Alex Reznik (InterDigital)
September 2010 Example: Freescale i.MX-31 High-Assurance Boot (HAB) Source: http://cache.freescale.com/files/32bit/doc/white_paper/IMX31SECURITYWP.pdf? Alex Reznik (InterDigital)
September 2010 Example: i.MX-31 Runtime Integrity Checker (RTIC) Source: http://www.freescale.com/files/training_pdf/WBT_27207_IMX31_SECURITY.pdf Alex Reznik (InterDigital)
September 2010 Example: Qualcomm SecureMSM™ Software Architecture Source: http://www.writefayewrite.com/images/pdfs/DatasheetII.pdf Alex Reznik (InterDigital)
September 2010 Example: Texas Instruments M-Shield™ Embedded Security Source: http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf Alex Reznik (InterDigital)
Summary and Next Steps • Cognitive Communication Systems and Network are particularly susceptible to device-oriented threats • Reliance on complex and dynamic policies to meet regulatory and standards compliance • These increasingly need to be soft and updatable • Reliance on other devices to follow rules • Device Security is Here • Technology is available • Already being used to secure communication systems • And it is the right solution to this problem • The proper role of a communications standard • Enable device security through support of required signaling • Incorporate device security into appropriate security procedures (e.g. network access) • When applicable require device security capability for access to certain services Alex Reznik (InterDigital)