TY - GEN
T1 - Navigating the samsung trustzone and cache-attacks on the keymaster trustlet
AU - Lapid, Ben
AU - Wool, Avishai
N1 - Publisher Copyright:
© Springer Nature Switzerland AG 2018.
PY - 2018
Y1 - 2018
N2 - The ARM TrustZone is a security extension helping to move the “root of trust” further away from the attacker, which is used in recent Samsung flagship smartphones. These devices use the TrustZone to create a Trusted Execution Environment (TEE) called a Secure World, which runs secure processes called Trustlets. The Samsung TEE is based on the Kinibi OS and includes cryptographic key storage and functions inside the Keymaster trustlet. Using static and dynamic reverse engineering techniques, we present a critical review of Samsung’s proprietary TrustZone architecture. We describe the major components and their interconnections, focusing on their security aspects. During this review we identified some design weaknesses, including one actual vulnerability. Next, we identify that the ARM32 assembly-language AES implementation used by the Keymaster trustlet is vulnerable to cache side-channel attacks. Finally, we demonstrate realistic cache attack artifacts on the Keymaster cryptographic functions, despite the recently discovered Autolock feature on ARM CPUs.
AB - The ARM TrustZone is a security extension helping to move the “root of trust” further away from the attacker, which is used in recent Samsung flagship smartphones. These devices use the TrustZone to create a Trusted Execution Environment (TEE) called a Secure World, which runs secure processes called Trustlets. The Samsung TEE is based on the Kinibi OS and includes cryptographic key storage and functions inside the Keymaster trustlet. Using static and dynamic reverse engineering techniques, we present a critical review of Samsung’s proprietary TrustZone architecture. We describe the major components and their interconnections, focusing on their security aspects. During this review we identified some design weaknesses, including one actual vulnerability. Next, we identify that the ARM32 assembly-language AES implementation used by the Keymaster trustlet is vulnerable to cache side-channel attacks. Finally, we demonstrate realistic cache attack artifacts on the Keymaster cryptographic functions, despite the recently discovered Autolock feature on ARM CPUs.
UR - http://www.scopus.com/inward/record.url?scp=85052235846&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-99073-6_9
DO - 10.1007/978-3-319-99073-6_9
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85052235846
SN - 9783319990729
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 175
EP - 196
BT - Computer Security - 23rd European Symposium on Research in Computer Security, ESORICS 2018, Proceedings
A2 - Lopez, Javier
A2 - Zhou, Jianying
A2 - Soriano, Miguel
PB - Springer Verlag
T2 - 23rd European Symposium on Research in Computer Security, ESORICS 2018
Y2 - 3 September 2018 through 7 September 2018
ER -