Advertisement

Navigating the Samsung TrustZone and Cache-Attacks on the Keymaster Trustlet

  • Ben Lapid
  • Avishai Wool
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11098)

Abstract

The ARM TrustZone is a security extension helping to move the “root of trust” further away from the attacker, which is used in recent Samsung flagship smartphones. These devices use the TrustZone to create a Trusted Execution Environment (TEE) called a Secure World, which runs secure processes called Trustlets. The Samsung TEE is based on the Kinibi OS and includes cryptographic key storage and functions inside the Keymaster trustlet.

Using static and dynamic reverse engineering techniques, we present a critical review of Samsung’s proprietary TrustZone architecture. We describe the major components and their interconnections, focusing on their security aspects. During this review we identified some design weaknesses, including one actual vulnerability. Next, we identify that the ARM32 assembly-language AES implementation used by the Keymaster trustlet is vulnerable to cache side-channel attacks. Finally, we demonstrate realistic cache attack artifacts on the Keymaster cryptographic functions, despite the recently discovered Autolock feature on ARM CPUs.

References

  1. 1.
  2. 2.
  3. 3.
  4. 4.
  5. 5.
    Bernstein, D.J.: Cache-timing attacks on AES (2005). https://cr.yp.to/antiforgery/cachetiming-20050414.pdf
  6. 6.
    freddierice. Trident - temporary root for the Galaxy S7 active. https://github.com/freddierice/trident
  7. 7.
    Beniamini, G.: Trust issues: exploiting TrustZone TEEs (2017). https://googleprojectzero.blogspot.co.il/2017/07/trust-issues-exploiting-trustzone-tees.html
  8. 8.
    Ge0n0sis. How to lock the Samsung download mode using an undocumented feature of aboot (2016). https://ge0n0sis.github.io/posts/2016/05/how-to-lock-the-samsung-download-mode-using-an-undocumented-feature-of-aboot/
  9. 9.
  10. 10.
  11. 11.
  12. 12.
  13. 13.
  14. 14.
    Green, M., Rodrigues-Lima, L., Zankl, A., Irazoqui, G., Heyszl, J., Eisenbarth, T: Autolock: why cache attacks on ARM are harder than you think. In: 26th USENIX Security Symposium (2017)Google Scholar
  15. 15.
    Lapid, B., Wool, A.: Cache-attacks on the ARM TrustZone implementations of AES-256 and AES-256-GCM via GPU-based analysis. Cryptology ePrint Archive, Report 2018/621 (2018). http://eprint.iacr.org/2018/621
  16. 16.
    Lipp, M., Gruss, D., Spreitzer, R., Maurice, C., Mangard, S.: ARMageddon: cache attacks on mobile devices. In: USENIX Security Conference (2016). https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_lipp.pdf
  17. 17.
    Moghimi, A., Irazoqui, G., Eisenbarth, T.: CacheZoom: how SGX amplifies the power of cache attacks. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 69–90. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-66787-4_4CrossRefGoogle Scholar
  18. 18.
  19. 19.
    Neve, M., Seifert, J.-P.: Advances on access-driven cache attacks on AES. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 147–162. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74462-7_11CrossRefGoogle Scholar
  20. 20.
    Neve, M., Tiri, K.: On the complexity of side-channel attacks on AES-256 - methodology and quantitative results on cache attacks. Technical report (2007). https://eprint.iacr.org/2007/318
  21. 21.
    Artenstein, N., Goldman, G.: Exploiting android s-boot: getting arbitrary code exec in the Samsung bootloader (2017). http://hexdetective.blogspot.co.il/2017/02/exploiting-android-s-boot-getting.html
  22. 22.
    OpenSSL. ARM AES implementation using cryptographic extensions. https://github.com/openssl/openssl/blob/master/crypto/aes/asm/aesv8-armx.pl
  23. 23.
  24. 24.
  25. 25.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006).  https://doi.org/10.1007/11605805_1CrossRefGoogle Scholar
  26. 26.
    Oliva, P.: ldpreloadhook. https://github.com/poliva/ldpreloadhook
  27. 27.
  28. 28.
  29. 29.
  30. 30.
    Samsung. Android security updates, June 2018. https://security.samsungmobile.com/securityUpdate.smsb
  31. 31.
    Spreitzer, R., Plos, T.: Cache-access pattern attack on disaligned AES T-tables. In: Prouff, E. (ed.) COSADE 2013. LNCS, vol. 7864, pp. 200–214. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40026-1_13CrossRefGoogle Scholar
  32. 32.
    Trustonic. Trustonic Kinibi technology. https://developer.trustonic.com/discover/technology
  33. 33.
    Trustonic. Trustonic mobicore driver daemon - client library. https://github.com/Trustonic/trustonic-tee-user-space/tree/master/MobiCoreDriverLib/ClientLib
  34. 34.
  35. 35.
  36. 36.
  37. 37.
    Xinjie, Z., Tao, W., Dong, M., Yuanyuan, Z., Zhaoyang, L.: Robust first two rounds access driven cache timing attack on AES. In: 2008 International Conference on Computer Science and Software Engineering, vol. 3, pp. 785–788. IEEE (2008)Google Scholar
  38. 38.
    Zhang, N., Sun, K., Shands, D., Lou, W., Thomas Hou, Y.: TruSpy: cache side-channel information leakage from the secure world on ARM devices. IACR Cryptology ePrint Archive, 2016(980) (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.School of Electrical EngineeringTel Aviv UniversityTel AvivIsrael

Personalised recommendations