Browse Prior Art Database

Restricted Access Supervision using Access Counters

IP.com Disclosure Number: IPCOM000131977D
Original Publication Date: 2005-Dec-25
Included in the Prior Art Database: 2005-Dec-25
Document File: 7 page(s) / 106K

Publishing Venue

Siemens

Related People

Juergen Carstens: CONTACT

Abstract

Content protection such as OMA DRM (OMA, Open Mobile Alliance; DRM, Digital Rights Management), e-commerce or even legacy security demands such as SIM-lock/IMEI (SIM, Security Identity Module; IMEI, International Mobile Equipment Identification) can become challenging, especially in case of open-OS (Operating System). Often, only a few applications such as DRM player need to be protected, whereas most of the standard user applications are not security related. A protection scheme for critical runtime software components requires some kind of tamper resistant trusted execution environment (TEE). Apart from providing security-related services such as cryptographically signing data, a TEE can as well be used to supervise critical software components during runtime such as a DRM client. A few TEE concepts for example the "dedicated trusted processor core" in which critical HW (hardware) resources are accessible by a trusted core only. Also, concepts in which the same core implements secure and non-secure execution environment and "dedicated hardware-state machines in combination with ROM code" have been proposed to this point in time. For either of the mentioned options, problems remain to be solved with respect to hardware resources that need to be accessed from both, secure and non-secure environment. Some of the issues can be solved by using the dedicated trusted core concept. The handling of the hardware resources is not a problem in either concept. Still, the issues that occur are listed in the following:

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 16% of the total text.

Page 1 of 7

S

Restricted Access Supervision using Access Counters

Idea: Dr. Uwe Hildebrand, DE-Nuernberg; Eckhard Delfs, DE-Nuernberg

Content protection such as OMA DRM (OMA, Open Mobile Alliance; DRM, Digital Rights Management), e-commerce or even legacy security demands such as SIM-lock/IMEI (SIM, Security Identity Module; IMEI, International Mobile Equipment Identification) can become challenging, especially in case of open-OS (Operating System). Often, only a few applications such as DRM player need to be protected, whereas most of the standard user applications are not security related. A protection scheme for critical runtime software components requires some kind of tamper resistant trusted execution environment (TEE). Apart from providing security-related services such as cryptographically signing data, a TEE can as well be used to supervise critical software components during runtime such as a DRM client.

A few TEE concepts for example the "dedicated trusted processor core" in which critical HW (hardware) resources are accessible by a trusted core only. Also, concepts in which the same core implements secure and non-secure execution environment and "dedicated hardware-state machines in combination with ROM code" have been proposed to this point in time. For either of the mentioned options, problems remain to be solved with respect to hardware resources that need to be accessed from both, secure and non-secure environment. Some of the issues can be solved by using the dedicated trusted core concept. The handling of the hardware resources is not a problem in either concept. Still, the issues that occur are listed in the following:

- Software components in the non-secure environment which are legitimate clients must obviously be allowed to use services provided by the secure environment. Typically the integrity of such software components is verified at start-up or when they are loaded. This provides no proof that the software has not been manipulated during runtime in the non- secure environment.

- As a result of trusted processing, secure environment services may pass data to legitimate clients in the non-secure environment. Again, there is no way to check, if such sensitive data has been eavesdropped by unauthorized software in the non-secure environment while stored in RAM type of memory.

- In general there is no possibility to check, if the execution in a non-secure environment behaves correctly.

These problems become relevant in case of rendering DRM protected content on open-OS based mobile platforms. Although modifications of application software are usually restricted by deploying secure boot and secure update mechanisms, the robustness of a DRM solution running on an open- OS is generally endangered by the fact that open-OS are highly exposed to software attacks (i.e. buffer overflow due to a virus).

In addition to the known concepts for realizing a TEE the following methods are applied as solutions for issues arising from the...