GlobalPlatform

Confidential ©

2016

Securing the Internet of Things:Privacy, Authentication, and Trust for billions of things

Hank Chavers

Technical Program Manager

IoT With the Best

29-30 October 2016

Agenda

• Introduction to GlobalPlatform

• IoT Security Use Cases

• Introduction to the Trusted Execution Environment

• Trusted Application Manager

• Question and Answer (Time Permitting)

2

Agenda

• Introduction to GlobalPlatform

• IoT Security Use Cases

• Introduction to the Trusted Execution Environment

• Trusted Application Manager

• Question and Answer (Time Permitting)

3

GlobalPlatform Overview

• GlobalPlatform is an international standards organization that provides a

comprehensive set of specifications, divided into three domains:

4

– Card

Focus on the Secure Element (SE), secure chip technology.

– Device

Include the complete set of specifications for the Trusted Execution Environment (TEE), and technology to integrate a secure element into a device such as over-the-air management or the access control specification.

– Systems (Cloud)

Cover the interactions between the managing systems of Secure Element Issuers (SEIs), Service Providers (SPs), the Controlling Authority (CA) and Trusted Service Managers (TSMs).

Membership

GlobalPlatform was created in 1999

to digitalize issuers services!

1999

2000 - 2007

2007 - 2015

2015+

Value of GlobalPlatform’s Solution

• GlobalPlatform’s Specifications offer:

– Interoperability

– Flexibility

– Multi-application management

– Security

• GlobalPlatform is not an all-or-nothing proposition. The Specifications:

– Can be used independently or all together

– Work together with proprietary models

– Support both single and multiple applications

7

Secure Element

• A secure element (SE) is a tamper-resistant platform capable of securely

hosting applications and their confidential and cryptographic data (e.g. key

management) in accordance with the rules and security requirements set forth

by a set of well-identified trusted authorities.

From 2013 to 2015, more than

17 billionGlobalPlatform cards or SEs have been

produced

• Introduction to GlobalPlatform

• IoT Security Use Cases

• Introduction to the Trusted Execution Environment

• Trusted Application Manager

• Question and Answer (Time Permitting)

Agenda

9

How media portrays the IoT market today

10

GlobalPlatform Members Involved

11

IoT security requirements

Device to device

communication:

Device identification

Send message securely to

cloud service: encrypt

Device lifecycle and

management

Identity (Identification,

access control, privacy):

configuration, operations

Deployment Example

• Some will adopt GlobalPlatform technologies (Secure Element) for

security purposes

– Smart Meters

– Medical Equipment

– Security Components

13

NXP Example of a Connected Automobile

14

Secure component in use

15

Device

• State of the art Root of Trust• Simplified key injection (keys are already inside the hardware to be

embedded

• Cost effective crypto processor

• Certified and reliable (no risk on crypto bugs from open source libraries)

• Enables Unique Identification

• Reliable Crypto Environment• Flexibility of services

• Same platform can be customized depending on the market

• Isolated environment• Crypto engine protected from other operation in the device

• Provides Remote Administration• Update of IOT device security features in a multi tenant

environment

Secure component in use

16

Device

Security services

for application

Security services

for device

• Introduction to GlobalPlatform

• IoT Security Use Cases

• Introduction to the Trusted Execution Environment

• Trusted Application Manager

• Question and Answer (Time Permitting)

Agenda

17

GlobalPlatform TEE

18

• GlobalPlatform defines a TEE

as a secure area in the main

processor in a connected

device

• Ensures sensitive data is

stored, processed, and

protected in an isolated, trusted

environment

• Offers isolated safe execution

of authorized security software,

known as 'trusted applications’

which enables end-to-end

security

Trusted Execution Environment Adoption

• Android 6.0 requires TEE to protect biometric readers and data

• FIDO Alliance and GlobalPlatform working together to ease development

• oneM2M refers to GlobalPlatform TEE to provide level 2 protection

19

20

Hack Example

› Waze Social Traffic hack› Attacker creates “ghost jam”

› Other users diverted

› Attacker clears road ahead

› “Sensors” spoofed using Android dev environments

› Fake user accounts made

› Big Data fooled

› Loss of trust in Service

The Rich Execution Environment

21

RICH OS APPLICATION ENVIRONMENT

Rich OS

Hardware Platform

GlobalPlatform TEE Architecture

22

RICH OS APPLICATION ENVIRONMENT

GlobalPlatform Published APIs

Rich OS Trusted OS Components

Hardware Platform

TRUSTED EXECUTION ENVIRONMENT

GlobalPlatform Published APIs

TEE

Comm.

Agent

Trusted

Drivers

Trusted

Core

Framework

HW Keys, Storage, TUI Peripherals

(Screen and Keyboard), Secure Element

HW Secure Resources

Message Passing Architecture

23

REE

Application

REE

Application

REE

Application Client

Application

Shared

Memory

Public

Device

Drivers

REE

Comms.

Agent

TEE Client API

Rich OS

ComponentsTrusted

Device

Drivers

TEE

Comms.

Agent

Trusted Kernel

Trusted Core

Framework

Trusted OS Components

TEE Internal Core API and extensions

Shared

Memory

View

Trusted

Application

REE

Application

REE

Application

Trusted

Application

Public Peripherals Trusted Peripherals

Switchable Peripherals

Messages

Isola

tion d

efined b

y T

EE

Pro

tection P

rofile

TEE Protocols

Platform Hardware

TEE Specification landscape

• Architecture

– TEE System Architecture v1.0

• Device TEE Access

– TEE Client API Specification v1.0

• APIs for Trusted Applications

– TEE Internal Core API Specification v1.1

– TEE Secure Element API Specification v1.0

– TEE Sockets API Specification v1.0

– Trusted User Interface API Specification v1.0

– TEE TA Debug Specification v1.0

• Security requirements

– TEE Protection Profile v1.2

• Compliance

– TEE Initial Configuration Test Suite 1.1.0.1

24 Download @ https://www.globalplatform.org/specificationsdevice.asp

Client application side

1. Create a context

– Client application with TEE

2. Open a session

Client application

and

Trusted Application

3. Exchange

command/operation with a

TA 25

result = TEEC_InitializeContext(

NULL,

&context);

if (result != TEEC_SUCCESS)

{ goto cleanup1;

}

result = TEEC_OpenSession(

&context,

&session,

&cryptoTEEApp, /*UUID of the app */

TEEC_LOGIN_USER,

NULL, /* No connection data */

NULL,/* No payload, no cancellation. */

NULL);

result = TEEC_InvokeCommand(

&session,

CMD_ENCRYPT_INIT,

&operation,

NULL);

Trusted Application = TA Interface

• TA_CreateEntryPoint

– This is the Trusted Application constructor.

• TA_DestroyEntryPoint

– Guess what? This is the Trusted Application destructor!

• TA_OpenSessionEntryPoint

– This function is called whenever a client attempts to connect to the Trusted

Application instance to open a new session

• TA_CloseSessionEntryPoint

– This function is called when the client closes a session and disconnects

from the Trusted Application instance.

• TA_InvokeCommandEntryPoint

– This function is called whenever a client invokes a Trusted Application

command. 26

Each Trusted Application MUST provide the Implementation with a number of functions,

collectively called the “TA interface”.

Trusted Application configuration

• Each application is Identified by a UUID gpd.ta.appID

• gpd.ta.singleInstance = create a single (if TRUE) TA instance for all the client sessions or create a separate instance for each client session

• gpd.ta.multiSession = Whether the Trusted Application instance supports multiple sessions

• gpd.ta.instanceKeepAlive = When this property is set to true, then the TA instance is terminated only when the TEE shuts down

• gpd.ta.dataSize = Maximum estimated amount of dynamic data in bytes configured for the Trusted Application

• gpd.ta.stackSize = Maximum stack size in bytes available to any task in the Trusted Application at any point in time

• gpd.ta.version

• and gpd.ta.description

27

Also

• Trusted Applications are able to retrieve properties – From the client application

• gpd.client.identity

– From the TEE

• gpd.tee.deviceID , gpd.tee.apiversion

– Also the current TA

• TAs are able to commit suicide

– When a Trusted Application calls the TEE_Panic function, the current instance MUST be destroyed and all the resources opened by the instance MUST be reclaimed

28

TEE_GetPropertyAsString

TEE_GetPropertyAsBool

TEE_GetPropertyAsU32

TEE_GetPropertyAsBinaryBlock

Trusted Storage

• A Trusted Storage Space contains Persistent Objects identified by an Object Identifier that can be

– a Cryptographic Key Object,

– a Cryptographic Key-Pair Object,

– or a Data Object

• gpd.tee.trustedStorage.rollbackDetection.protectionLevel gives to the application the level of protection against rollback attacks

– Typically, protection level is equal to 100 for REE and 1000 with hardware assets controlled by the TEE

• A TA can also allocate Transient Objects

– have no identifier

– Transient objects are held in memory and are automatically wiped and reclaimed when they are closed or when the TA instance is destroyed.

• Multiple APIs are available to manage Persistent and Transient objects through object handles

– Example : TEE_CreatePersistentObject, TEE_OpenPersistentObject, TEE_RenamePersistentObject , TEE_CloseAndDeletePersistentObject1, TEE_AllocateTransientObject

29

Trusted

Storage

Persistant

object

ID

Transient

object

More Internal Core APIs

Crypto API

• Based on Cryptographic operations - pre-allocated for a given operation type, algorithm, and key size

Time API

• 3 sources of Time

– TA Persistent Time, a real-time source of time

• The origin of this time is set individually by each Trusted Application and MUST persist across reboots.

– System Time

• the system time is not reset or rolled back during the life of a given TA instance

• The level of trust accessible via gpd.tee.systemTime.protectionLevel

• REE Time

Arithmetic API

• The specification offers a tool box for complex crypto functions not yet standardized

– Allow to Implement missing crypto function as plug in

– gives access to a Fast Modular Multiplication primitive

• The “only” limit is input and output are TEE_BigInt [-2M+1, 2M-1]

– M can be retrieved as the implementation property gpd.tee.arith.maxBigIntSize

30

TEE_ALG_SHA256

TEE_MODE_DIGEST

Between 192 and 1024 bits,

multiple of 8 bits

• Introduction to GlobalPlatform

• Trusted Execution Environment (TEE) Architecture

• Introduction to TEE APIs

• Trusted Application Manager

• Question and Answer

Agenda

31

Trusted Application Manager Overview

• Trusted Application Manager (TAM):

– Provides a scalable and remote means to manage the

• Trusted Execution Environment (TEE)

• Security Domains (SD)

• Trusted Applications (TA)

– Enforces the security policy of TA Providers, TEE Issuers, and TEE Implementers

– Ensures the security and the integrity of these entities

– Enables the confidentiality of the data

• Uses secure protocols and interfaces accessed either through the Client API or

via extensions to the Internal Core API

32

rSD

SD2

TA

SD3

TA

33

How does a TAM operate?

Service Provider

Create Security Domain

1) Install TA

2) TA personalization

Push the App and the TA on

the App Store1

AppTA

5

App

T

A 2

6

Request installation3

Verify Device Identity4

NOTE: This is only one of many

possible configurations

5

34

Trustonic Developer Tools

App Store

Google Play

TrustonicSoftwareProtection

TEE

TA

Ap

p

Ap

p

SW

TA

Ap

p

SW

TA

Main App

TEE TA SW TA

Main App

SW TA

Trustonic TEEProtection

• Introduction to GlobalPlatform

• Trusted Execution Environment (TEE) Architecture

• Introduction to TEE APIs

• Trusted Application Manager

• Question and Answer

Agenda

35