Security-Related Hardware Adaptation
Input to SHAI Working Group
January 2010
Craig Heath, Symbian Foundation
Recap of Proposals from October
cryptography
hardware accelerators, hardware random number generation
use of embedded device keys
hardware “root of trust”
software and data integrity checking
potentially including IMEI protection and subsidy lock
secure execution environment
e.g. TrustZone, SIM Application Tool Kit
biometric authentication
e.g. fingerprint matching
debug / service state functions
e.g. JTAG access, reflashing
Copyright © 2010 Symbian Foundation 2
Cryptography – Candidate APIs
Some APIs already exist, although at perhaps too high a level:
Crypto Token Framework for hardware certificate and key stores
well established (introduced in Symbian OS v7.0?)
standardise interfaces to specific token types?
CryptoSPI for algorithm acceleration (in S^3)
further details provided in this slide set
DRM device key abstraction (in S^2)
possible refactor in terms of Crypto Token Framework or CryptoSPI?
Some APIs are potential contributions “on the radar”:
Improved random number generation (not currently in backlog)
better management of the entropy pool
Copyright © 2010 Symbian Foundation 3
Integrity Checking – Phased Approach
Today: boot loader responsible for checking Core OS image and ROFS
S^2: ESTART includes (software) checks on TCB / DRM executables
Future: enable hardware checking of TCB / DRM executables
Future: extend “root of trust” to verify critical data files with secure store
Future: verification of paged executables (any hardware impact?)
Copyright © 2010 Symbian Foundation 4
Biometric Hardware
S^3 includes framework for authentication plug-ins
Are there classes of peripheral, such as fingerprint scanners,
that should have a defined adaptation interface under this?
operations such as template registration and fuzzy matching
Copyright © 2010 Symbian Foundation 5
Other Areas
Are there any potential candidate APIs for these areas:
secure execution environment?
debug / service state access?
Are there any other areas in which we should aim to provide
hardware adaptation interfaces?
Copyright © 2010 Symbian Foundation 6
CryptoSPI – Design Overview
A unified way to integrate additional crypto algorithm
implementations into the OS using a plug-in mechanism. The
caller can select between implementations based on their
properties (e.g. speed, latency).
Maintains backward compatibility with the legacy crypto APIs
using shim classes which use the CryptoSPI to perform the
cryptographic operations.
Use Cases:
Crypto acceleration can be used automatically by applications
Alternate implementations of existing algorithms can be provided
Implementations of new algorithms can be provided
Copyright © 2010 Symbian Foundation 7
CryptoSPI – Plug-in Architecture
CryptoSPI CryptoSPI Setup
Plug-in Selector
Configuration
Plug-in Plug-in Plug-in Plug-in
Copyright © 2010 Symbian Foundation 8
CryptoSPI – Component Diagram
Legacy Application
Application
Generic crypto factories
hash.dll
plug-in module configuration file
random.dll cryptospi.dll
strong/weak
cryptography.dll
strong/weak hardwarecrypto.dll any number of plug-ins
softwarecrypto.dll can be implemented
Big Integer and here
Padding Support
randsvr.exe
Copyright © 2010 Symbian Foundation 9
CryptoSPI – Next Steps
If this is seen as useful, a formal proposal can be made to
adopt the CryptoSPI as part of SHAI:
use case justification
high level design
detailed API documentation (from Doxygen tags)
Subsequent review and voting on “fit for purpose”
bearing in mind this is already implemented, tested and
contributed so there are considerable practical advantages in
keeping the APIs as they are
Proposals for future enhancements to CryptoSPI
SHAI v2?
Copyright © 2010 Symbian Foundation 10
Other Areas – Next Steps
What are the priorities among the following:
hardware random number generation
use of embedded device keys
software and data integrity checking
secure execution environment
biometric authentication
debug / service state functions
anything else?
Copyright © 2010 Symbian Foundation 11
You might also like
- The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeFrom EverandThe Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good LifeRating: 4 out of 5 stars4/5 (5794)
- LPL BasiccDocument1 pageLPL BasiccRkn MidiNo ratings yet
- The Little Book of Hygge: Danish Secrets to Happy LivingFrom EverandThe Little Book of Hygge: Danish Secrets to Happy LivingRating: 3.5 out of 5 stars3.5/5 (399)
- Hands-On With VNXe 3300Document58 pagesHands-On With VNXe 3300Brijith VBNo ratings yet
- A Heartbreaking Work Of Staggering Genius: A Memoir Based on a True StoryFrom EverandA Heartbreaking Work Of Staggering Genius: A Memoir Based on a True StoryRating: 3.5 out of 5 stars3.5/5 (231)
- Meaghan Smith: Bachelor of Science Business Analytics and Information TechnologyDocument1 pageMeaghan Smith: Bachelor of Science Business Analytics and Information TechnologyMeaghan SmithNo ratings yet
- Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space RaceFrom EverandHidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space RaceRating: 4 out of 5 stars4/5 (894)
- Installation Cheat Sheet 1 - OpenCV 3 and C++Document2 pagesInstallation Cheat Sheet 1 - OpenCV 3 and C++Raphael BaltarNo ratings yet
- The Yellow House: A Memoir (2019 National Book Award Winner)From EverandThe Yellow House: A Memoir (2019 National Book Award Winner)Rating: 4 out of 5 stars4/5 (98)
- Digital Literacy Skills in The 21st Century EdtechlDocument24 pagesDigital Literacy Skills in The 21st Century Edtechlroselle portudoNo ratings yet
- Shoe Dog: A Memoir by the Creator of NikeFrom EverandShoe Dog: A Memoir by the Creator of NikeRating: 4.5 out of 5 stars4.5/5 (537)
- SWE2008 - Android Programming: Dr. J. Christy JacksonDocument87 pagesSWE2008 - Android Programming: Dr. J. Christy JacksonKasireddy Nikhil Kumar ReddyNo ratings yet
- Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic FutureFrom EverandElon Musk: Tesla, SpaceX, and the Quest for a Fantastic FutureRating: 4.5 out of 5 stars4.5/5 (474)
- Tkinter ExamplesDocument13 pagesTkinter ExamplesradebpNo ratings yet
- Never Split the Difference: Negotiating As If Your Life Depended On ItFrom EverandNever Split the Difference: Negotiating As If Your Life Depended On ItRating: 4.5 out of 5 stars4.5/5 (838)
- Awash Valley CollegeDocument2 pagesAwash Valley CollegeHaccee TubeNo ratings yet
- Grit: The Power of Passion and PerseveranceFrom EverandGrit: The Power of Passion and PerseveranceRating: 4 out of 5 stars4/5 (587)
- Change LogzxxxxxxxxxxxxxxxDocument8 pagesChange LogzxxxxxxxxxxxxxxxLatheesh V M VillaNo ratings yet
- Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New AmericaFrom EverandDevil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New AmericaRating: 4.5 out of 5 stars4.5/5 (265)
- Trust Manuals Usermanuals Va 1.0Document95 pagesTrust Manuals Usermanuals Va 1.0adi033No ratings yet
- Setting Up (35D) : Core Data Services-Based Extraction With SAP S/4HANA CloudDocument28 pagesSetting Up (35D) : Core Data Services-Based Extraction With SAP S/4HANA CloudsreeNo ratings yet
- Overview of Calculation View Modeling In: Sap Hana Using Sap Web IdeDocument48 pagesOverview of Calculation View Modeling In: Sap Hana Using Sap Web IdeRami KandimallaNo ratings yet
- The Emperor of All Maladies: A Biography of CancerFrom EverandThe Emperor of All Maladies: A Biography of CancerRating: 4.5 out of 5 stars4.5/5 (271)
- RHEL Tuning GuideDocument118 pagesRHEL Tuning Guideshanukumkumar100% (1)
- On Fire: The (Burning) Case for a Green New DealFrom EverandOn Fire: The (Burning) Case for a Green New DealRating: 4 out of 5 stars4/5 (73)
- 2012 - WSRR Quick Start-FinalDocument67 pages2012 - WSRR Quick Start-FinalVenkateshwaran JayaramanNo ratings yet
- The Hard Thing About Hard Things: Building a Business When There Are No Easy AnswersFrom EverandThe Hard Thing About Hard Things: Building a Business When There Are No Easy AnswersRating: 4.5 out of 5 stars4.5/5 (344)
- Itunes U User'S Guide: Apple EducationDocument20 pagesItunes U User'S Guide: Apple EducationRoberto Báez MoralesNo ratings yet
- Team of Rivals: The Political Genius of Abraham LincolnFrom EverandTeam of Rivals: The Political Genius of Abraham LincolnRating: 4.5 out of 5 stars4.5/5 (234)
- Data Interoperability Extension TutorialDocument65 pagesData Interoperability Extension TutorialAbim RegarNo ratings yet
- Windows Server and Active Directory - PenTestDocument42 pagesWindows Server and Active Directory - PenTestJepra0% (1)
- Kalsi Engineering, Inc.: The Leading AOV/MOV Software..Document37 pagesKalsi Engineering, Inc.: The Leading AOV/MOV Software..Ahmed KhairiNo ratings yet
- Beginners Python Cheat Sheet PCC Matplotlib PDFDocument2 pagesBeginners Python Cheat Sheet PCC Matplotlib PDFbooklover2100% (1)
- APO Imp Transaction CodesDocument3 pagesAPO Imp Transaction CodesVallela Jagan MohanNo ratings yet
- The Unwinding: An Inner History of the New AmericaFrom EverandThe Unwinding: An Inner History of the New AmericaRating: 4 out of 5 stars4/5 (45)
- Software Installation: Connect Connect Connect Connect With With With With PC PC PC PCDocument5 pagesSoftware Installation: Connect Connect Connect Connect With With With With PC PC PC PCDaniel NituNo ratings yet
- The World Is Flat 3.0: A Brief History of the Twenty-first CenturyFrom EverandThe World Is Flat 3.0: A Brief History of the Twenty-first CenturyRating: 3.5 out of 5 stars3.5/5 (2219)
- Sample Questions For C9510-418: Ibm Websphere Application Server V9.0 Network Deployment Core Server AdministrationDocument3 pagesSample Questions For C9510-418: Ibm Websphere Application Server V9.0 Network Deployment Core Server AdministrationJose DominguezNo ratings yet
- Game Scripting 101Document5 pagesGame Scripting 101nnoopNo ratings yet
- Project CSC253Document2 pagesProject CSC253adelina0% (1)
- The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You AreFrom EverandThe Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You AreRating: 4 out of 5 stars4/5 (1090)
- Database System Concepts and ArchitectureDocument50 pagesDatabase System Concepts and ArchitectureZemariyam BizuayehuNo ratings yet
- MS Access FundamentalsDocument373 pagesMS Access Fundamentalskggan8678No ratings yet
- Import - SAP2000 MS Excel Spreadsheet .Xls File: New ModelDocument1 pageImport - SAP2000 MS Excel Spreadsheet .Xls File: New ModelBunkun15No ratings yet
- Enovia Schema Agent Spinner BrochureDocument2 pagesEnovia Schema Agent Spinner Brochurekundan singhNo ratings yet
- The Sympathizer: A Novel (Pulitzer Prize for Fiction)From EverandThe Sympathizer: A Novel (Pulitzer Prize for Fiction)Rating: 4.5 out of 5 stars4.5/5 (119)
- SPDB - Azure Stack Hci Poc Sow v1.0 (20210416 - Clear)Document16 pagesSPDB - Azure Stack Hci Poc Sow v1.0 (20210416 - Clear)abidouNo ratings yet
- Libero HRDocument48 pagesLibero HRedayNo ratings yet
- Her Body and Other Parties: StoriesFrom EverandHer Body and Other Parties: StoriesRating: 4 out of 5 stars4/5 (821)
