On 2012-12-18 07:57, Jeffrey Walton wrote: > On Tue, Dec 18, 2012 at 1:32 AM, Anders Rundgren > <anders.rundg...@telia.com> wrote: >> I have only one problem with TPM or TPM-like technology: the desire to >> kill rooting will hamper development. > Agreed (I hope it does not hamper development and mod'ing). > > The SIM is a mini-HSM, and can probably be used as the basis for a > trusted platform. So development should be available with the right > architecture and a new SIM card :)
As I see it: SIM "=" HSM, SIM <> TPM. SIMs suffer from a serious problem with respect to all kinds of development: They are owned by *operators*. A 10Y+ ago Nokia phones supported SIM-based key-stores but since the handset industry, SIM-vendors, banks and Telcos could never agree on a "business model", this standard (WSIM) more or less died due to "under-utilization". The embedded SE (Security Element) featured in some Android phones could make it easier but currently SEs seems to be locked by either Google or the device vendors: http://nelenkov.blogspot.se/2012/08/android-secure-element-execution.html > > I'm not sure what is easiest for CDMA (SIMs cover GSM networks). We > are seeing SIM like features for CDMA phones, but I suspect its more a > software abstraction coupled with a more versatile baseband processor. > >> IMO, it should be technically possible to root devices but data encrypted >> by the original OS should be useless due to a changed encryption key. >> The same should be valid for keys enrolled through the original OS. > Under some Android phones I have, you can unlock the boot loader and > it will wipe the device. For example, my EVO 4G. > > The same Android phones do *not* wipe data if the phone is re-SIM'd, though. > >> This is probably only feasible if the "TPM" is a part of the main CPU >> which I also think is what is going to happen. > I would expect to see it moved to the baseband processor, and not a > general purpose CPU. What is Qualcomm doing in this area? Is anyone up > to date? http://www.theregister.co.uk/2012/11/13/trustzone_company The advantage with having TPM functionality in the main CPU is that "trusted boot" becomes easy, all you need to have is a trust anchor verifying the boot loader's authenticity. Then the CPU can keep a flag internally saying rooted or "original". The CPU may also maintain separate encryption keys for different mod(e)s. Anders > >> The TPM enables organizations to *optionally* reject connecting devices >> not running "legitimate" OSes. That's OK; they already do that to some >> extent. >> >> Related: Microsoft's TPM-based VSD (Virtual Smart Card) scheme: >> http://www.microsoft.com/en-us/download/details.aspx?id=29076 > Ah, thanks. > > Jeff > >> On 2012-12-18 05:10, Jeffrey Walton wrote: >>> http://www.networkworld.com/news/2012/121712-nist-tia-265172.html >>> >>> A mobile security technology proposal drafted by the National >>> Institute of Standards and Technology (NIST) is being soundly rejected >>> by one of the main trade groups representing a broad cross-section of >>> industry. >>> >>> NIST's "Guidelines on Hardware-Rooted Security in Mobile Devices," >>> issued in draft form in October and out for public comment until last >>> Friday, has drawn sharp criticism from the Telecommunications Industry >>> Association, which labeled NIST's proposal as "over-prescriptive" >>> because it "suggests that security in mobile devices can only be >>> realized using a specific architectural implementation of secure or >>> trustworthy environment, namely the Trusted Platform Module (TPM) >>> architecture specified by the Trusted Computing Group (TCG). >>> >>> TPM is "one way to implement security in mobile devices but it's isn't >>> the only way," said Brian Scarpelli, senior manager of government >>> affairs at Arlington, Va.-based TIA, adding that software-based >>> security can also be relied on. He indicated the TIA membership of >>> carriers and software vendors would prefer not to have to adhere to a >>> specific implementation to meet new federal guidelines for mobile >>> devices, and TIA is reaching out to NIST to voice its objections. TIA >>> industry membership includes carriers such as Verizon Communications >>> and Sprint Nextel, as well as Apple, Dell and Vare. >>> >>> The TPM specification from the TCG is a hardware-based >>> cryptographic-processing technology that can be used for several >>> security purposes, primarily device integrity. TPM is used in desktops >>> and servers but not mobile devices at present. The National Security >>> Agency, for example, which influences technology decisions made at the >>> U.S. Department of Defense, has been an enthusiastic proponent of TPM. >>> >>> TPM exists in much internal computer hardware today, though it appears >>> to suffer from lack of widespread deployment in part due to lack of >>> applications making it easy to deploy. >>> >>> NIST argues for TPM by saying that "many mobile devices are not >>> capable of providing strong security assurances to end users and >>> organizations. Current mobile devices lack the hardware-based roots of >>> trust that are increasingly built into laptops and other types of >>> hosts." >>> >>> NIST says it wants to "accelerate industry efforts" to use >>> hardware-rooted trust technologies, and specifically TPM, in mobile >>> devices such as smartphones and tablets that the federal government >>> would acquire. NIST criticizes today's mobile devices, saying they are >>> "vulnerable to 'jailbreaking' and 'rooting,' which provide device >>> owners with greater flexibility and control over the devices, but also >>> bypass important security features which may introduce >>> vulnerabilities." >>> >>> NIST asserts in its guidelines proposal that TPM and hardware-based >>> root of trust is the model the federal government would like to see >>> for use in assuring device integrity and verification, and that this >>> would also help the government in adopting a bring-your-own-device >>> approach where government employees could use their personally owned >>> devices for work as well. >>> ... > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to android-security-discuss@googlegroups.com. To unsubscribe from this group, send email to android-security-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
