ARM Security Technology Building a Secure System using ...
ARM Security Technology Building a Secure System using ...
ARM Security Technology Building a Secure System using ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Introduction<br />
1.3 What are the threats?<br />
1.3.1 Market sector overview<br />
Before exploring the details of the TrustZone hardware architecture it is important to<br />
understand what is meant by security in this context and how the risks posed by the<br />
attacks compare with the cost of prevention. Only with this information can a system<br />
designer make justified design choices regarding what to protect and how much to<br />
invest in hardware or software defenses.<br />
There are many examples, spanning multiple applications and industries, of the costs<br />
associated with the failure of embedded systems to resist attack. Some attacks, such as<br />
payment fraud, cause a direct cost which has to be covered by the service provider,<br />
while others, such as the addition of a modified hardware chip to a set-top box, can<br />
cause a prolonged loss of revenues over the lifetime of the device.<br />
The sensitive assets that each market sector tries to protect against attack are diverse.<br />
For example, mobile handsets aim to protect the integrity of the radio network, while<br />
television set-top boxes prevent unauthorized access to subscription channels. The<br />
varied type and value of the assets being protected, combined with the different<br />
underlying system implementations, mean that the attacks experienced by each are also<br />
diverse. This section aims to outline a small part of the security history in some of the<br />
market sectors where TrustZone technology might be deployed.<br />
Mobile sector<br />
Two critical parts of a GSM handset are the International Mobile Equipment Identity<br />
(IMEI) code, a unique 15-digit code used to identify an individual handset when it<br />
connects to the network, and the low level SIMLock protocol which is used to bind a<br />
particular device to SIM cards of a particular network operator.<br />
Both of these components are used to provide a security feature: the IMEI is used to<br />
block stolen handsets from accessing the network, and the SIMLock protocol is used to<br />
tie the device to the operator for the duration of a contract. On many handsets both of<br />
these protection mechanisms can be bypassed with little effort, typically <strong>using</strong> a USB<br />
cable and a reprogramming tool running on a desktop workstation.<br />
The result of these insecurities in the implementation is an opportunity for fraud to be<br />
committed on such a large scale that statistics reported by Reuters UK suggest it is<br />
driving half of all street crime through mobile phone thefts, and costs the industry<br />
billions of dollars every year.<br />
1-6 Copyright © 2005-2009 <strong>ARM</strong> Limited. All rights reserved. PRD29-GENC-009492C<br />
Non-Confidential Unrestricted Access