Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Presented by
Date
Event
SFO15-503: Secure storage
in OP-TEE
James Kung, SY ChiuJames Kung, Sheng-Yu Chiu
Friday 25 Septemb...
Agenda
● Overview
● Key Manager
● Atomic Operations
● Future Work
Secure Storage System Architecture
REE File Operation Interface
TEE Supplicant
TEE DriverREE
FileSystem TEE FileSystem Key...
GP Trusted Storage Requirement
From GlobalPlatform TEE Internal Core API v1.1:
(section 2.5 and section 5.2)
● Must be bou...
TEE File Operation Interface
int (*open)(const char *file, int flags, ...);
int (*close)(int fd);
int (*read)(int fd, void...
TEE Storage And File Structure In REE
File System
block 0
block 1
block N
● Provide separate folder for each TA
● TEE file...
● Overview
● Key Manager
● Atomic Operations
● Future Work
Key Manager
● Provide file encryption/decryption functions
● Key management
○ Secure Storage Key (SSK)
■ Per-device key
■ ...
Key Derivation
● Secure Storage Key (SSK)
○ SSK = HMACSHA256
(HUK, Chip ID || “static string”)
○ HUK: Hardware Unique Key
...
Meta Data Encryption
Meta IV Tag Encrypted Meta Data
AESECB
SSK
FEK
AESGCM
Meta DataMeta IVEncrypted FEK
Encrypted FEK
Gen...
Block Data Encryption
Block IV Tag Encrypted Block Data
AESECB
SSK
FEK
AESGCM
Block DataBlock IV
Generated by PRNG, and de...
● Overview
● Key Manager
● Atomic Operations
● Future Work
What is Atomic Update
● Each update can only have two results
○ Update succeed
○ Update failed, rollback to old version
● ...
Changes to Support Out-of-place Update
data.0 data.1
write datawrite data
● Both Meta and Block file has an
additional att...
How to Keep Track Backup Version
Meta.0 Block0.0
Block1.1
BlockN.0
0 1 1 0
version table
● Introduce a version table in me...
GP Internal Core API Says...
● The following operations should be atomic
○ Write
○ Truncate
○ Rename
○ Create/Delete
Ensure Atomic Operation
Commit stage
Write new meta file to storage (commit the change).
Remove old meta file
Out-of-place...
Atomic Write Operation
block0.0
block1.1
block0.1
(in memory)
meta.0
0 1
meta.1
0 11
Assume block size is 1KB, we want to ...
Atomic Truncate Operation
meta.0
block0.0
block1.1
meta.1
(in memory)
Assume block size is 1KB, file length is 1.5 KB, we ...
REE path: .../bar/REE path: .../foo/
Atomic Rename Operation
meta.0
block0.0
block1.1
meta.0
block0.0
block1.1
hard link
A...
Atomic Create/Delete Operation
● Create
○ If the meta file is successfully encrypted and stored,
we are done.
○ If any fai...
● Overview
● Key Manager
● Atomic Operations
● Future Work
Binding TEE File to TA
● TEE file folder can be copied or moved into other TA’s
folder in normal world
● We do not have a ...
Rollback Attack Detection
● TEE file content can be backed up and then restored
without any error. TEE should be able to d...
Thank you~
Nächste SlideShare
Wird geladen in …5
×

SFO15-503: Secure storage in OP-TEE

6.360 Aufrufe

Veröffentlicht am

SFO15-503: Secure storage in OP-TEE
Speaker: James Kung, Sheng-Yu Chiu
Date: September 25, 2015

★ Session Description ★
Linaro has been refining the secure storage solution in OP-TEE and in this session the audience will get an update about the current status and also will get to know about the implementation details, design decisions and what algorithms that has been used.

★ Resources ★
Video: https://www.youtube.com/watch?v=pChEdObYLRM
Presentation: http://www.slideshare.net/linaroorg/sfo15503-secure-storage-in-optee
Etherpad: pad.linaro.org/p/sfo15-503
Pathable: https://sfo15.pathable.com/meetings/303094

★ Event Details ★
Linaro Connect San Francisco 2015 - #SFO15
September 21-25, 2015
Hyatt Regency Hotel
http://www.linaro.org
http://connect.linaro.org

Veröffentlicht in: Technologie
  • Real Money Streams ~ Create multiple streams of wealth from your home! ●●● http://scamcb.com/ezpayjobs/pdf
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

SFO15-503: Secure storage in OP-TEE

  1. 1. Presented by Date Event SFO15-503: Secure storage in OP-TEE James Kung, SY ChiuJames Kung, Sheng-Yu Chiu Friday 25 September 2015 SFO15
  2. 2. Agenda ● Overview ● Key Manager ● Atomic Operations ● Future Work
  3. 3. Secure Storage System Architecture REE File Operation Interface TEE Supplicant TEE DriverREE FileSystem TEE FileSystem Key Manager TEE File Operation Interface TEE Trusted Storage Service TATATA GP Trusted Storage API Support Atomic Operations Normal World Secure World UserSpaceKernelSpace
  4. 4. GP Trusted Storage Requirement From GlobalPlatform TEE Internal Core API v1.1: (section 2.5 and section 5.2) ● Must be bound to a particular device ● Guarantees on the confidentiality and integrity of the data ● Guarantees on the atomicity of the operations that modify the storage ● Ability to hide sensitive key material from the TA itself ● Separation of storage among different TAs ● Provide protection against rollback attacks (future work)
  5. 5. TEE File Operation Interface int (*open)(const char *file, int flags, ...); int (*close)(int fd); int (*read)(int fd, void *buf, size_t len); int (*write)(int fd, const void *buf, size_t len); tee_fs_off_t (*lseek)(int fd, tee_fs_off_t offset, int whence); int (*rename)(const char *old, const char *new); int (*unlink)(const char *file); int (*ftruncate)(int fd, tee_fs_off_t length); int (*access)(const char *name, int mode); int (*mkdir)(const char *path, tee_fs_mode_t mode); tee_fs_dir *(*opendir)(const char *name); int (*closedir)(tee_fs_dir *d); struct tee_fs_dirent *(*readdir)(tee_fs_dir *d); int (*rmdir)(const char *pathname);
  6. 6. TEE Storage And File Structure In REE File System block 0 block 1 block N ● Provide separate folder for each TA ● TEE filename == object id (provided by TA) ● TEE file == a folder contains a meta file and several block files (folder name is object id) ● Meta file ○ Storing info. of a TEE file. e.g. file length. ○ Always encrypted ● block file ○ Storing TEE file data ○ Optionally encrypted depends on the compile time flag - CFG_ENC_FS /data/tee/ <obj-id>/ <ta-uuid>/ meta * default max. data size in block file is 4KB * default max. number of blocks is 1024 * default max TEE file size = 4MB (4KB * 1024)
  7. 7. ● Overview ● Key Manager ● Atomic Operations ● Future Work
  8. 8. Key Manager ● Provide file encryption/decryption functions ● Key management ○ Secure Storage Key (SSK) ■ Per-device key ■ Used by secure storage subsystem for FEK encryption/decryption ■ Generated and stored in secure memory at boot time ○ File Encryption Key (FEK) ■ Per-file key ■ Used for TEE file encryption/decryption ■ Generated, encrypted and stored in meta file when a new TEE file is created
  9. 9. Key Derivation ● Secure Storage Key (SSK) ○ SSK = HMACSHA256 (HUK, Chip ID || “static string”) ○ HUK: Hardware Unique Key ● File Encryption Key (FEK) ○ By default, generated by Fortuna (PRNG*) ○ Default key length: 128 bits * It is better to leverage platform H/W RNG(TRNG) if your platform supports that * Can be implemented in platform porting layer * To avoid other subsystems to generate the same per-device key
  10. 10. Meta Data Encryption Meta IV Tag Encrypted Meta Data AESECB SSK FEK AESGCM Meta DataMeta IVEncrypted FEK Encrypted FEK Generated by PRNG, and default length is 96 bits Meta Data = { TEE_file_data_length; backup_version_table[number of blocks]; } Meta File: AAD
  11. 11. Block Data Encryption Block IV Tag Encrypted Block Data AESECB SSK FEK AESGCM Block DataBlock IV Generated by PRNG, and default length is 96 bits ...Encrypted FEKMeta File: Block File: Decryption
  12. 12. ● Overview ● Key Manager ● Atomic Operations ● Future Work
  13. 13. What is Atomic Update ● Each update can only have two results ○ Update succeed ○ Update failed, rollback to old version ● We cannot modify the file contents directly ○ Out-of-place update ○ Modify a copy of file content instead
  14. 14. Changes to Support Out-of-place Update data.0 data.1 write datawrite data ● Both Meta and Block file has an additional attribute called backup version, backup version is 0 or 1 ● We toggle the backup version each time when we want to update something ● We should follow the step to update meta or block file
  15. 15. How to Keep Track Backup Version Meta.0 Block0.0 Block1.1 BlockN.0 0 1 1 0 version table ● Introduce a version table in meta data, which stores the backup version of each Block file. This is used to keep track of the backup version of each block file. Block2.1
  16. 16. GP Internal Core API Says... ● The following operations should be atomic ○ Write ○ Truncate ○ Rename ○ Create/Delete
  17. 17. Ensure Atomic Operation Commit stage Write new meta file to storage (commit the change). Remove old meta file Out-of-place update stage Any fault here would cause a failed update (no changes has been made) Clean-up stage Any fault here was ignored (changes has been made) * should having a tool to do garbage collection to clean up invalid block or meta. The idea is similar to fsck for Linux file system.
  18. 18. Atomic Write Operation block0.0 block1.1 block0.1 (in memory) meta.0 0 1 meta.1 0 11 Assume block size is 1KB, we want to write 20 Bytes at position 0 write data
  19. 19. Atomic Truncate Operation meta.0 block0.0 block1.1 meta.1 (in memory) Assume block size is 1KB, file length is 1.5 KB, we want to truncate it to 500 Bytes len:1.5KB len:1.5KBlen:500B
  20. 20. REE path: .../bar/REE path: .../foo/ Atomic Rename Operation meta.0 block0.0 block1.1 meta.0 block0.0 block1.1 hard link Assume we want to rename foo to bar * ISO C requires rename to be atomic. We are considering to use it. ** Atomic override is not supported yet.
  21. 21. Atomic Create/Delete Operation ● Create ○ If the meta file is successfully encrypted and stored, we are done. ○ If any failure occurs during meta file creation, no file is created. ● Delete ○ Rename <filename> to <filename>.trash ○ Then remove <filename>.trash * unlink is not need to be atomic. Thus we can’t simply unlink(‘meta’)
  22. 22. ● Overview ● Key Manager ● Atomic Operations ● Future Work
  23. 23. Binding TEE File to TA ● TEE file folder can be copied or moved into other TA’s folder in normal world ● We do not have a mechanism to prevent TA’s from opening other TA’s TEE file(s) ● A simple way to bind TEE file to TA is adding TA’s UUID to meta file
  24. 24. Rollback Attack Detection ● TEE file content can be backed up and then restored without any error. TEE should be able to detect this kind of actions. ● The solution is to add a file version number in meta file and store it in another safe place. ● The safe place can be ○ normal world file system (Protection Level = 100) ○ RPMB (Protection Level = 1000)
  25. 25. Thank you~

×