> The embedded SE (Security Element) featured in some Android phones could > make it easier but currently SEs seems to be locked by either Google or the > device vendors: > > http://nelenkov.blogspot.se/2012/08/android-secure-element-execution.html Nikolay always has some good stuff :)
Over the summer, I was asked to read a paper on SmartCard Applets and JCRE. I had to recuse myself since I lacked knowledge on the topic. I recall some interesting attacks were discussed. I hope Google (or other platform integrators) are fully testing those devices. Don't depend upon the payment processors since their business is to keep the payments and commissions flowing. Integrators like Google should ask if a PenTest has been performed, and insist on seeing the results. Get answers in writing for a rainy day later on down the road. Jeff On Tue, Dec 18, 2012 at 4:10 AM, Anders Rundgren <[email protected]> wrote: > On 2012-12-18 07:57, Jeffrey Walton wrote: >> On Tue, Dec 18, 2012 at 1:32 AM, Anders Rundgren >> <[email protected]> wrote: >>> I have only one problem with TPM or TPM-like technology: the desire to >>> kill rooting will hamper development. >> Agreed (I hope it does not hamper development and mod'ing). >> >> The SIM is a mini-HSM, and can probably be used as the basis for a >> trusted platform. So development should be available with the right >> architecture and a new SIM card :) > > As I see it: SIM "=" HSM, SIM <> TPM. > > SIMs suffer from a serious problem with respect to all kinds of > development: They are owned by *operators*. > > A 10Y+ ago Nokia phones supported SIM-based key-stores but since the > handset industry, SIM-vendors, banks and Telcos could never agree on a > "business model", this standard (WSIM) more or less died due to > "under-utilization". > > The embedded SE (Security Element) featured in some Android phones could > make it easier but currently SEs seems to be locked by either Google or the > device vendors: > > http://nelenkov.blogspot.se/2012/08/android-secure-element-execution.html > >> I'm not sure what is easiest for CDMA (SIMs cover GSM networks). We >> are seeing SIM like features for CDMA phones, but I suspect its more a >> software abstraction coupled with a more versatile baseband processor. >> >>> IMO, it should be technically possible to root devices but data encrypted >>> by the original OS should be useless due to a changed encryption key. >>> The same should be valid for keys enrolled through the original OS. >> Under some Android phones I have, you can unlock the boot loader and >> it will wipe the device. For example, my EVO 4G. >> >> The same Android phones do *not* wipe data if the phone is re-SIM'd, though. >> >>> This is probably only feasible if the "TPM" is a part of the main CPU >>> which I also think is what is going to happen. >> I would expect to see it moved to the baseband processor, and not a >> general purpose CPU. What is Qualcomm doing in this area? Is anyone up >> to date? > > http://www.theregister.co.uk/2012/11/13/trustzone_company > > The advantage with having TPM functionality in the main CPU is that "trusted > boot" becomes easy, all you need to have is a trust anchor verifying the > boot loader's authenticity. Then the CPU can keep a flag internally saying > rooted or "original". The CPU may also maintain separate encryption keys > for different mod(e)s. > > Anders > >> >>> The TPM enables organizations to *optionally* reject connecting devices >>> not running "legitimate" OSes. That's OK; they already do that to some >>> extent. >>> >>> Related: Microsoft's TPM-based VSD (Virtual Smart Card) scheme: >>> http://www.microsoft.com/en-us/download/details.aspx?id=29076 >> Ah, thanks. >> >> Jeff >> >>> On 2012-12-18 05:10, Jeffrey Walton wrote: >>>> http://www.networkworld.com/news/2012/121712-nist-tia-265172.html >>>> >>>> A mobile security technology proposal drafted by the National >>>> Institute of Standards and Technology (NIST) is being soundly rejected >>>> by one of the main trade groups representing a broad cross-section of >>>> industry. >>>> >>>> NIST's "Guidelines on Hardware-Rooted Security in Mobile Devices," >>>> issued in draft form in October and out for public comment until last >>>> Friday, has drawn sharp criticism from the Telecommunications Industry >>>> Association, which labeled NIST's proposal as "over-prescriptive" >>>> because it "suggests that security in mobile devices can only be >>>> realized using a specific architectural implementation of secure or >>>> trustworthy environment, namely the Trusted Platform Module (TPM) >>>> architecture specified by the Trusted Computing Group (TCG). >>>> >>>> TPM is "one way to implement security in mobile devices but it's isn't >>>> the only way," said Brian Scarpelli, senior manager of government >>>> affairs at Arlington, Va.-based TIA, adding that software-based >>>> security can also be relied on. He indicated the TIA membership of >>>> carriers and software vendors would prefer not to have to adhere to a >>>> specific implementation to meet new federal guidelines for mobile >>>> devices, and TIA is reaching out to NIST to voice its objections. TIA >>>> industry membership includes carriers such as Verizon Communications >>>> and Sprint Nextel, as well as Apple, Dell and Vare. >>>> >>>> The TPM specification from the TCG is a hardware-based >>>> cryptographic-processing technology that can be used for several >>>> security purposes, primarily device integrity. TPM is used in desktops >>>> and servers but not mobile devices at present. The National Security >>>> Agency, for example, which influences technology decisions made at the >>>> U.S. Department of Defense, has been an enthusiastic proponent of TPM. >>>> >>>> TPM exists in much internal computer hardware today, though it appears >>>> to suffer from lack of widespread deployment in part due to lack of >>>> applications making it easy to deploy. >>>> >>>> NIST argues for TPM by saying that "many mobile devices are not >>>> capable of providing strong security assurances to end users and >>>> organizations. Current mobile devices lack the hardware-based roots of >>>> trust that are increasingly built into laptops and other types of >>>> hosts." >>>> >>>> NIST says it wants to "accelerate industry efforts" to use >>>> hardware-rooted trust technologies, and specifically TPM, in mobile >>>> devices such as smartphones and tablets that the federal government >>>> would acquire. NIST criticizes today's mobile devices, saying they are >>>> "vulnerable to 'jailbreaking' and 'rooting,' which provide device >>>> owners with greater flexibility and control over the devices, but also >>>> bypass important security features which may introduce >>>> vulnerabilities." >>>> >>>> NIST asserts in its guidelines proposal that TPM and hardware-based >>>> root of trust is the model the federal government would like to see >>>> for use in assuring device integrity and verification, and that this >>>> would also help the government in adopting a bring-your-own-device >>>> approach where government employees could use their personally owned >>>> devices for work as well. >>>> ... -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
