Posts Tagged ‘mobile embedded security’

Hardware Assisted DRM

Tuesday, November 16th, 2010

Hardware and software working in tandem to create effective content protection for connected devices
Tandem Racer
There was never any doubt about a mobile device’s ability to display video, however the large screens and powerful processors of the new generation mobile devices (smartphones and tablets) offer the consumer a more compelling viewing experience than ever. Moreover, home entertainment devices (TVs, set-top boxes (STB) and DVRs) are increasingly connected to the Internet, opening up a host of new viewing options for TV viewers, outside of the cable operator’s walled garden.

These trends are disrupting the traditional relationships existing between subscribers and service providers. This so-called disintermediation is being felt in the market, with cable operators offering video services to mobile subscribers and mobile operators offering video-on-demand to TV subscribers. Content owners and studios are also modifying their approach by offering services directly to consumers, circumventing the incumbent service providers.

These changes in the market have created new content service providers who must now “prove” their ability to securely deploy premium content in order to gain the approval of the major studios. Content protection – or Digital Rights Management (DRM) as it is more commonly known – is most effective when deployed in conjunction with hardware-based security elements. Principally, the objective of the hardware assets is to hinder scalable attacks, i.e., attacks that allow distribution in the form of exploit code, allowing the service provider to achieve a level of security similar to STBs.

In particular, the hardware-based embedded security is used to protect key elements in the DRM, as follows:

Permanent key material and other permanent sensitive data, including group private keys, device keys, security management keys, metering data
This type of data can be classified as long-term, sensitive data that must be stored permanently in the device. The solution takes the form of an encrypted, integrity-protected secure storage facility. A hardware-based secure storage mechanism is based on an embedded root key that is unique per each device. In order to obtain the Root Key and access the sensitive data, the attacker must physically probe the main processor chip which often results in its destruction. In addition, any information obtained by the attacker is relevant only for that specific device. Physical probing must be repeated to access the sensitive data of another device. This endeavor is both expensive and impractical, and certainly not scalable.

Title related and short term keys (content keys, session keys)
Mobile devices are open systems that run applications from many sources, some of them untrustworthy. The main processor in a mobile device must be deemed part of the threat model since it may be executing malicious code – malware – and attempting to access the content and session keys during run time. This threat is mitigated by running the security critical code that handles these keys in a secure execution environment – a secure subsystem that is inaccessible to the main processor. This hardware-based subsystem cannot be compromised by software-based attacks.

Compressed content (plaintext content before decoding)
Compressed content is output by the DRM client that runs in a secure execution environment and is sent to a codec for decoding and rendering on the output display and audio devices. As noted above, the main processor is deemed part of the threat model, so the compressed content cannot simply be copied from the secure execution environment to the main memory to the codec. In order to secure this interface, the DRM client must be tightly integrated with the codec. The hardware-based solution is to send the compressed content in an encrypted form to the codec. The codec decrypts and then decodes the content.

Thus the combination of hardware-based security working in tandem with a software client creates a robust and effective content protection solution.

No Comments

Encrypted Backup

Wednesday, October 6th, 2010

BlackberryThe information people store  securely on their mobile devices (e.g. passwords and PIN codes) not only needs to be stored confidentially, its availability must be protected as well. The confidentiality benefits if the data is not replicated. For example,  even if your password is weak, but an attacker has no access to data encrypted with the password, the password weakness does not assist him.

On the other hand, the availability benefits from replication: if you store the only copy of your data on a device and the device is broken, the data is no longer available. To harmonize the confidentiality and the availability can be a challenge that is easy to fail. Consider the recent case of the extremely popular BlackBerry device.

According to ElcomSoft CEO Vladimir Katalov: All data transmitted between a BlackBerry Enterprise Server and BlackBerry smartphones is encrypted with a highly secure AES or Triple DES algorithm. Unique private encryption keys are generated in a secure, two-way authenticated environment and are assigned to each BlackBerry smartphone user. Even more, to secure information stored on BlackBerry smartphones, password authentication can be made mandatory through the policies of a BlackBerry Enterprise Server (default, password authentication is limited to ten attempts, after which the smartphone’s wiped clean with all its contents erased).

Backup encryption uses AES with a 256-bit key. So far, so good. An AES key is derived from the user-supplied password, and this is where the problem arises.

In short, standard key-derivation function, PBKDF2, is used in a very strange way, to say the least.  Where Apple has used 2,000 iterations in iOS 3.x, and 10,000 iterations in iOS 4.x, BlackBerry uses only one. Another significant shortcoming is that it’s BlackBerry Desktop Software that encrypts data, not the BlackBerry device itself. This means that the data is passed from the device to the computer in a plain, unencrypted form.

There are two problems: the small iteration counter and the exporting of unencrypted data. The main purpose of PBKDF is to slow down the bruteforce attacks by using a large iteration counter and thus by using only one iteration the protection is effectively defeated.

The second problem is probably even more severe while its effect is not that obvious. The usual network security model is that the network is insecure while the endpoints are secure. Historically this was the case, but currently the security situation on the most the most commonly used desktop OS is so bad, that an antivirus is considered a must. In the modern world a security-cautious user knows that he cannot be sure who really “0wns” his desktop, and may decide to keep his the most confidential data on a mobile device.

Apparently, the BlackBerry’s backup procedure renders this strategy ineffective – an attacker who “0wns” user’s desktop gets all the mobile device secrets as well.

No Comments

Perils of Provisioning

Monday, July 5th, 2010

In order to securely access high-value services (such as high-definition video content or e-commerce), devices need a so-called “root of trust”—most commonly a key pair for a public-key cryptography scheme. Furthermore, the devices also need an internal root of trust for securing their internal databases; most commonly, this will be a secret key (RKEK, or root key-encryption key) unique to the device and unknown outside it.

The challenge with all of these secrets is that they have to get to the device, usually at some point during its manufacturing (or when it is activated). But to get a secret from one place to another, we need a secure channel; and the only two ways known to establish such a channel are either physical security or cryptographic security. In this case, physical security implies a secure assembly plant, which raises costs. Cryptographic security, on the other hand, requires a secret key to be shared between the sender and recipient—which then becomes a chicken-and-egg problem.

The Discretix solution to provisioning the device RKEK involves use of the digital random-bit generator (DRBG) built into CryptoCell. The DRBG is built according to NIST cryptographic standards (NIST SP800-90), and produces truly random, cryptographic-strength random bit vectors. Discretix’ provisioning tools use this DRBG on the manufacturing line in order to produce the per-device key and program it securely into the device’s non-volatile memory.

Discretix’ solution to provisioning OEM-supplied assets (such as key pairs for enabling high-value services) is more complicated. The foundation for Discretix’ solution is a 128-bit secret embedded in every CryptoCell; this secret is combined with an OEM public key in order to produce a per-OEM provisioning key. Since the secret is not itself known to OEMs, these provisioning keys can only be computed by the manufacturer of the CryptoCell-enabled chip (or by the CryptoCell device itself); since the same key is used for code signing, one OEM cannot reproduce another OEM’s key. Even more importantly, no-one else—including any eavesdroppers on communication lines, or untrustworthy assembly-plant employees—can compute these keys. These keys are then used by the OEM to encrypt and sign their secure assets; the encrypted assets are recorded in the device’s memory, and the embedded CryptoCell can verify their authenticity and decrypt them when access to the services is required.

The end result from all these mechanisms is a secure solution for provisioning a device with all the secrets it needs for high-value services.

No Comments

The Rise of the Smartphone & Need for Secure Open OS

Tuesday, May 4th, 2010

The smartphone segment of the mobile phone market is growing rapidly. Smartphones use a number of different mobile operating systems, known collectively as “open operating systems.” Initially dominated by Symbian and Windows Mobile, the latest figures give a significant share of the market to Apple’s iPhone OS, Android and Research In Motion (RIM). New open mobile operating systems such as LiMo, MeeGo – based on the Linux kernel, are also expected to gain significant traction. These operating systems differ in their user experience and feature set, yet they all enable the phone’s owner to install applications on the device. While the ability to download applications allows the end-user to use the device in ways he never believed possible, it comes with huge security risks. These risks are not limited to the individual subscribers, but extend to service providers and enterprises as well.

Click here to read about the risks posed to smartphones and the need for security in open operating systems: http://wirelessweek.com/Articles/2010/03/Devices-Secure-Open-OS-Smartphones/

No Comments

iPhone doesn’t neither does Droid

Monday, November 9th, 2009

Verizon are doing level best to expose the weaknesses of the iPhone in the current “droiddoes” campain. Both the Apple iPhone and Motorola Droid devices are packed full of features, but both do not do security. The ability to install applications on the device – something common to all smartphones – comes with huge security risks, for individual subscribers, service providers and enterprises.

Limiting subscribers to downloading applications from approved app stores, certainly mitigates some of the risk. However there are several well known and freely available cracks online that will effectively bypass almost any restrictions and protection mechanisms.

Just in case the simple man on the street felt he had nothing to lose, vulnerabilities of the operating system pose other threats, placing the end-user at risk. Viruses and the trojan horse can reveal and/or modify personal information. These viruses can grab personal payment information such as credit card numbers, illegally obtain contact information from our private phone book stored on the mobile phone, and access our home network using a mobile device’s WiFi capabilities.

As smartphones become more prevalent and entrenched in our work and home lives, their security requirements increase as well. Without such safeguards in place, people will never feel safe using smartphones, thereby preventing these powerful innovations from ever reaching their full potential.

No Comments

Welcome to Discretix’ Blog dedicated to embedded security

Tuesday, October 27th, 2009

Since Discretix was founded the world of embedded security has evolved and grown in ways that few thought possible. Embedded security cuts across a wide spectrum of markets, playing a critical role in their development.  As the market continues to evolve at a rapid pace, this blog will allow us to share relevant information, news and announcements with our customers and partners. We welcome your feedback and comments and look forward to being part of a productive dialog about the issues facing our industry.

No Comments