Web Cryptography & Utilizing ARM TrustZone® based TEE for Authentication & Cryptography Ilhan Gurel September 10th & 11th, 2014.

Slides:

Advertisements

Similar presentations

Innovation Towards a next generation secure internet Private Application Ecosystems Sanjay Deshpande CEO and Chief Innovation Officer Center.

Advertisements

SafeNet Luna XML Hardware Security Module

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

9/11/2012Pomcor 1 Techniques for Implementing Derived Credentials Francisco Corella Karen Lewison Pomcor (

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.

1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems.

Hardware-Rooted Security in Mobile Devices Andrew Regenscheid Lead, Hardware-Rooted Security Computer Security Division.

Dongyan Wang GlobalPlatform Technical Program Manager

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.

FIT3105 Smart card based authentication and identity management Lecture 4.

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Your Mobile Device: Emerging Trends

Software Design Division 秘 CONFIDENTIAL Panther Content Security Mar. 14, 2014 Sony Corporation.

魂▪創▪通魂▪創▪通 Digital Certificate and Beyond Sangrae Cho Authentication Research Team.

Linux Cryptography overview and How-to’s using OpenSSL

Public Key Infrastructure from the Most Trusted Name in e-Security.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Institut Mines-Télécom “Digital Safe Client via HTML5 ” Mayssa JEMEL Ahmed SERHROUCHNI Journée: Cloud Coffre Fort Numérique 26 Février 2015.

Identity and Access IDGo Secure (ISE) for Android Didier Bonnet November 2014.

CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.

魂▪創▪通魂▪創▪通 Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team.

Information Security for Managers (Master MIS)

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

Leveraging UICC with Open Mobile API for Secure Applications and Services Ran Zhou.

Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.

Securing Applications With Firmware (Going Beyond TCPA Platform Security) Dr. Robert W. Baldwin Chief Scientist.

Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,

UICC UICC is a smart card used in mobile terminals in GSM and UMTS networks It provides the authentication with the networks secure storage crypto algorithms.

© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Advanced Windows 8 Apps Using JavaScript Jump Start Exam Prep M5: Data, Files, and Encryption Michael Palermo Microsoft Technical Evangelist Jeremy.

Leveraging UICC with Open Mobile API for Secure Applications and Services.

Initial Tiger Team Briefing New Dells with TPM Peter Leight Richard Hammer May 2006.

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .

Faster Implementation of Modular Exponentiation in JavaScript

Wireless and Mobile Security

TRUSTED FLOW: Why, How and Where??? Moti Yung Columbia University.

Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.

V /7 Mapping SKS into a TEE/SE "Combo" An SKS (Secure Key Store) may be self-contained like in a smart card, but it may also be architected.

GP Confidential GlobalPlatform’s Modular Approach to its Compliance and certification.

What is BitLocker and How Does It Work? Steve Lamb IT Pro Evangelist, Microsoft Ltd

Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”

Web Applications Security Cryptography 1

LAS16-203: Platform Security Architecture for embedded devices

Development of an Embedded Platform for Secure CPS Services

Hardware Cryptographic Coprocessor

Enhancing Web Application Security with Secure Hardware Tokens

Public Key Infrastructure from the Most Trusted Name in e-Security

SCONE: Secure Linux Containers Environments with Intel SGX

We secure the communication

Securing Android Apps using Trusted Execution Environment (TEE) - 07/08/14 Presented by: Mike Hendrick VP Product Sequitur Labs.

Presentation transcript:

Web Cryptography & Utilizing ARM TrustZone® based TEE for Authentication & Cryptography Ilhan Gurel September 10th & 11th, 2014

Why use a TEE? Key assets exposed Key assets protected SMART CONNECTED DEVICE Normal App TEE Enabled App (e.g. Web Apps) Isolated space for handling high value assets Trusted App Security Critical Assets API Call on Security critical Routine Trusted App - Secured Critical Assets OPERATING SYSTEM TEE ARM TrustZone® enabled SoC

HIGH to Software and Hardware Where does a TEE fit? Interfaces FULL FULL ACCESS AS NEEDED RESTRICTED Processing Power HIGH LIMITED Assurance LOW Attack Resistance MEDIUM HIGH to Software and Hardware HIGH to Physical Tampering Access Control SMART CONNECTED DEVICE OPERATING SYSTEM OPERATING SYSTEM + AV HYPERVISOR TEE SMART CARD OS SECURE ELEMENT ARM TrustZone® enabled SoC

TEE Uses Cases DRM (Digital Rights Management) Trusted UI Authentication Certificate based authentication, OTP,.. Handling biometric peripherals, storing and processing biometric data securely Integrity Protection & Measurement Crypto and key management Secure key derivation, random data generation. Secure access to crypto HW accelerator Crypto operations Encapsulation of key material as well as sensitive data to ensure confidentiality and integrity Secure storage, rollback protection and more..

Android KitKat Keymaster as an example Android KitKat keymaster utilizes TEE for crypto operations and key management RSA, DSA and ECDSA algorithms supported Key generation, sign, verify, import key data, get public key operations TEE specific HW module can be installed and it allows using TEE applications for the required functionality Abstract APIs Isolation of key material between client applications

Trustonic’s position ARM TrustZone® based TEE solutions allow easy and cost effective deployment of TEE applications already available on millions of devices (Trustonic TEE solutions is currently running on ~250 million device the number is growing) also spreading to desktops and laptops with the adoption of ARMv8 based SoCs and ARM based AMD platform security processor (PSP) technology already being used for various uses cases as described earlier

Trustonic’s position (cont’d) The solution to be adopted by W3C should be based on the use of standard JavaScript APIs and/or HTML tags have abstraction layer for low level implementations that allows the usage of TEE/SE modules allow Web applications to chose and use TEE/SE applications for crypto operations, key management as well as authentication allow checking and installing TEE/SE applications from Web applications