Navigating the samsung trustzone and cache-attacks on the keymaster trustlet

Ben Lapid, Avishai Wool*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The ARM TrustZone is a security extension helping to move the “root of trust” further away from the attacker, which is used in recent Samsung flagship smartphones. These devices use the TrustZone to create a Trusted Execution Environment (TEE) called a Secure World, which runs secure processes called Trustlets. The Samsung TEE is based on the Kinibi OS and includes cryptographic key storage and functions inside the Keymaster trustlet. Using static and dynamic reverse engineering techniques, we present a critical review of Samsung’s proprietary TrustZone architecture. We describe the major components and their interconnections, focusing on their security aspects. During this review we identified some design weaknesses, including one actual vulnerability. Next, we identify that the ARM32 assembly-language AES implementation used by the Keymaster trustlet is vulnerable to cache side-channel attacks. Finally, we demonstrate realistic cache attack artifacts on the Keymaster cryptographic functions, despite the recently discovered Autolock feature on ARM CPUs.

Original languageEnglish
Title of host publicationComputer Security - 23rd European Symposium on Research in Computer Security, ESORICS 2018, Proceedings
EditorsJavier Lopez, Jianying Zhou, Miguel Soriano
PublisherSpringer Verlag
Pages175-196
Number of pages22
ISBN (Print)9783319990729
DOIs
StatePublished - 2018
Event23rd European Symposium on Research in Computer Security, ESORICS 2018 - Barcelona, Spain
Duration: 3 Sep 20187 Sep 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11098 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference23rd European Symposium on Research in Computer Security, ESORICS 2018
Country/TerritorySpain
CityBarcelona
Period3/09/187/09/18

Fingerprint

Dive into the research topics of 'Navigating the samsung trustzone and cache-attacks on the keymaster trustlet'. Together they form a unique fingerprint.

Cite this