Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.19-10/0118r0 Submission September 2010 Alex Reznik (InterDigital)Slide 1 Device Security Overview Notice: This document has been prepared.

Similar presentations


Presentation on theme: "Doc.: IEEE 802.19-10/0118r0 Submission September 2010 Alex Reznik (InterDigital)Slide 1 Device Security Overview Notice: This document has been prepared."— Presentation transcript:

1 doc.: IEEE /0118r0 Submission September 2010 Alex Reznik (InterDigital)Slide 1 Device Security Overview Notice: This document has been prepared to assist IEEE It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Date: Authors:

2 doc.: IEEE /0118r0 Submission Abstract In response to group’s request to learn more about device security We present a high-level overview of what device security is We also show examples of how existing commercial standards and products implement it September 2010 Alex Reznik (InterDigital)Slide 2

3 doc.: IEEE /0118r0 Submission Outline Emerging Threats in the New Communication Network What is Device Security? Why is it Needed? Some solutions that have proved useful Adoption in Other Products and Standardization Examples: –3GPP R9 Femtocell Autonomous Validation –Commercial examples of mobile phone chipset device security Why Device Security for Communications Summary and Next Steps September 2010 Alex Reznik (InterDigital)Slide 3

4 doc.: IEEE /0118r0 Submission Sensors Tomorrow’s Network of Networks Cellular WiMax WiFi Mesh Ambience Femto Relays Billions of subscribers, trillions of connections Social networks Shopping, banking, secure transactions Healthcare Intelligent Highways & Vehicular Comms Education Smart Power Grid Smart Power Grid Entertainment and gaming Wireless home & Consumer electronics September 2010 Alex Reznik (InterDigital)Slide 4

5 doc.: IEEE /0118r0 Submission New Security Threats Will Emerge As wireless networks become more and more distributed, new security threats are emerging –Network edge components require stronger security e.g. Femto cells, relays and gateways –As the scale of connected devices grows the avenues of attack will also grow Some type of new attacks –Physical attacks on devices –Malicious attacks on software, data and credentials –Configuration attacks –Protocol attacks against the device –Attack on the core network –User data and identity privacy September 2010 Alex Reznik (InterDigital)Slide 5

6 doc.: IEEE /0118r0 Submission What is Device Security? Device Security addresses a core need: –To ensure devices will operate as trusted and expected, and not to operate in un- trusted or unexpected ways Commonly applied requirements include: –To perform security-sensitive functions (e.g. crypto key generation, authentication, access control, etc) and do so in a way that counters unauthorized access to, disclosure of, or compromise to such functions –To store and handle security-sensitive data (e.g. crypto keys, sensitive data, etc) without unauthorized access or compromise to the data while the data is in storage or being processed in the device –To detect, report or prevent attempts of attacks on the device itself –To report and remediate functionality when and if compromises do happen –To provide reliable and secure references for time and/or location, that help other requirements such as those listed above Device Security is related to but different from –Communication Security, which mostly concerns how data, while in transit from point A to point B, can be protected for confidentiality, integrity, freshness, etc. –Without Device Security, little trust can be given to communication security! September 2010 Alex Reznik (InterDigital)Slide 6

7 doc.: IEEE /0118r0 Submission Why device security? Devices can’t be inherently trusted or assumed to be secure –They use many components that integrators don’t fully know about –Complexity of modern computing or communication devices often makes it impossible for even its designer to know all vulnerabilities Rule of thumb is there is a security bug in every 1k line of code! –Fast changes (for the worse) in attack-cost vs. benefit equation that motivates prospective attackers to attempt more attacks Increasing use of open standards and platforms Ubiquitous availability of connectivity (e.g. Internet, USB, Bluetooth,etc) and resultant access for attackers to the devices Devices acting more and more like multi-app computers, and handling data or perform functions that are high-value or high-impact Trend for flattened network architectures, pushing sensitive network-based functions toward edge-network equipments such as routers, gateways, etc –Many compromising attacks and threats (e.g. viruses, malware, ID theft, remote high-jacking, etc) are finding ways to other devices (cell phones, gaming boxes, etc) September 2010 Alex Reznik (InterDigital)Slide 7

8 doc.: IEEE /0118r0 Submission Solutions that have proved useful for Device Security Use inherently trustable “secure environments” in devices –To perform the most fundamental or security-wise critical functions –To store and handle the most sensitive data –To build a ‘chain of trust’ to attest to the integrity of the rest of the device functionality –Requires appropriate hardware to build (e.g. secure ROM, RAM, Onetime Pads, E-Fuses, etc) Detect, report, and remediate deviations or compromises –To detect, use “secure environment” to measure behavior or metric (e.g. hashes) of integrity or trustworthiness, and compare them to trusted references –To report, use “secure environment” to assure validity of alarms or fault reports. –To remediate, use “secure environment” to assure integrity of remediation/update protocol handling and local updates procedures Balance local trust vs. remote enforcement –Something within the device has to be inherently trusted. Make it small and cost effective. –Everything else need to be monitored for deviation, and detected deviations need to be addressed by controlled enforcement (e.g. deny access to network) Protect the network from compromises in devices –Enable the network to become cognizant of compromised devices and be able to control access of devices suspected of compromises –Design network and end-point protocols that enable or help detection, reporting, access control and remediation –Make sure such protocols and mechanisms can handle shades of grey, gradations, and multiple scopes/contingencies September 2010 Alex Reznik (InterDigital)Slide 8

9 doc.: IEEE /0118r0 Submission Product Adoptions and Standardization Device Security has been adopted for many products, and are being standardized for other products too –Communication network equipments Femto-cell or Home (e)NB devices (3GPP stds Rel9/10, 2009 and onward) 3GPP eNodeBs (stds Rel8, 2008) and relay nodes (Rel10 /11– 2010+) ETSI M2M Gateway (Rel1, end of 2010) –Communication terminal devices, and chipsets & modules for them Smart cards / SIM / UICC modules (since 1990s and onward) Embedded security on commercial mobile phones (mid 2000s and onward) CableCARD™ or DCAS™ security for Cable STBs (early 2000s & on) ETSI TC M2M Devices (being standardized for Rel1 release in 2010) –Other devices – computers, laptops, gaming devices, etc Most current laptops have on-board Trusted Platform Modules (TPM™) Gaming boxes such as Xbox and PS-2/3 have built-in dev sec. September 2010 Alex Reznik (InterDigital)Slide 9

10 doc.: IEEE /0118r0 Submission Trusted Processing for Wireless Devices Wireless Device Perform chain of trust based integrity check of platform √ Integrity Self Check Pass/Fail Authentication and Access to Network Allowed Cert Credentials Meas. Data Measured Value Reference Metric Reference Metrics (RIM) protected by Trust Environment COMPARE September 2010 Alex Reznik (InterDigital)Slide 10

11 doc.: IEEE /0118r0 Submission Example: Autonomous Validation of 3GPP R9 Femtocell* Femto Cell Femto Cell X √ A.An internal Trusted Environment (TrE) of a Femto measures and verifies the integrity of software and configuration of the Femto. B.Femto is ONLY allowed to authenticate as a device with the Network after passing integrity check C.Network infers device trust in Femto by virtue of implication from successful device authentication X A B C * 3GPP TS H(e)NB Security Aspects sections 6, 7, and 8. September 2010 Alex Reznik (InterDigital)Slide 11

12 doc.: IEEE /0118r0 Submission Example: Open Mobile Terminal Platform (OMTP) Advanced Trusted Environment TR1 for Mobile Terminal Security (*) Overview of TR1 Recommendations Enhances the Basic Trusted Environment (TR0) specs New, expanded threat model Protects the Application Security Framework on a device Different profiles for different levels of security in the terminal Enables high security platforms and devices Grounding for future high-security services on mobile phones Source: * **http://docbox.etsi.org/Workshop/2009/200901_SECURITYWORKSHOP/OMTP_DavidRogers_OMTPSecu rityRecommendationsandtheAdvancedTrustedEnvironment_OMTP_TR1.pdf rityRecommendationsandtheAdvancedTrustedEnvironment_OMTP_TR1.pdf September 2010 Alex Reznik (InterDigital)Slide 12 **

13 doc.: IEEE /0118r0 Submission Example: Mobile Phone Security (Freescale product example) Secure ROM and RAM Hardware-based binding of DevID to crypto key Security Controller Onchip secure monitor Crypto engines Run-time integrity check (RTIC) Source: September 2010 Alex Reznik (InterDigital)Slide 13

14 doc.: IEEE /0118r0 Submission Example: Freescale i.MX-31 High-Assurance Boot (HAB) Source: September 2010 Alex Reznik (InterDigital)Slide 14

15 doc.: IEEE /0118r0 Submission Example: i.MX-31 Runtime Integrity Checker (RTIC) Source: September 2010 Alex Reznik (InterDigital)Slide 15

16 doc.: IEEE /0118r0 Submission Example: Qualcomm SecureMSM™ Software Architecture Source: September 2010 Alex Reznik (InterDigital)Slide 16

17 doc.: IEEE /0118r0 Submission Example: Texas Instruments M-Shield™ Embedded Security Source: September 2010 Alex Reznik (InterDigital)Slide 17

18 doc.: IEEE /0118r0 Submission Summary and Next Steps Cognitive Communication Systems and Network are particularly susceptible to device-oriented threats –Reliance on complex and dynamic policies to meet regulatory and standards compliance These increasingly need to be soft and updatable –Reliance on other devices to follow rules Device Security is Here –Technology is available –Already being used to secure communication systems And it is the right solution to this problem The proper role of a communications standard –Enable device security through support of required signaling –Incorporate device security into appropriate security procedures (e.g. network access) –When applicable require device security capability for access to certain services September 2010 Alex Reznik (InterDigital)Slide 18


Download ppt "Doc.: IEEE 802.19-10/0118r0 Submission September 2010 Alex Reznik (InterDigital)Slide 1 Device Security Overview Notice: This document has been prepared."

Similar presentations


Ads by Google