unearthing the trustedcore
play

Unearthing the TrustedCore A Critical Review on Huaweis Trusted - PowerPoint PPT Presentation

Jan 08, 2023 •334 likes •696 views

Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August 11, 2020 Marcel Busch , Johannes Westphal, Tilo Mller Friedrich-Alexander-University Erlangen-Nrnberg, Germany Motivation TEEs are the backbone

  1. Unearthing the TrustedCore A Critical Review on Huawei’s Trusted Execution Environment August 11, 2020 Marcel Busch , Johannes Westphal, Tilo Müller Friedrich-Alexander-University Erlangen-Nürnberg, Germany

  2. Motivation TEEs are the backbone of many security-critical services on Android devices. What to expect? Share (general) insights from analysis of proprietary TEE, TrustedCore Elaborate on inner workings of selected components Show design and implementation flaws 1

  3. Outline Background TrustedCore Architecture Secure Loader The Android Keystore System Memory Corruptions & Exploitation Conclusion 2

  4. Background

  5. Trusted Execution Environments (TEEs) Isolated execution context providing Integrity and Confidentiality TEE-enabling technologies AMD Platform Security Processor Intel Software Guard Extensions ARM TrustZone … 3

  6. ARM TrustZone on ARMv8-A Systems 4 Normal World Secure World Client Applications Trusted Applications EL0 Rich OS Trusted OS EL1 Hypervisor EL2 Secure Monitor EL3

  7. TEEs in the Field (on Android) 2019 [1] From Emotion UI 9 (e.g., Huawei P30 and P40) N/A iTrustee by Huawei Up to Emotion UI 8 (e.g., Huawei P9, P10, P20) 2015 [9], 2016 [10] TrustedCore by Huawei … Samsung Exynos devices from Samsung Galaxy S10 TEEGris by Samsung Qualcomm Secure Execution Environment … Samsung Exynos devices up to Samsung Galaxy S9 2017 [5], 2018 [7, 8], 2019 [2] Kinibi by Trustonic … Nexus devices Pixel devices 2016 [4, 3] 5

  8. Applications PIN/pattern/password authentication Biometric authentication Fingerprint FaceID Digital rights management Mobile payment Full-disk encryption … 6

  9. TrustedCore Architecture

  10. Overview 7 Normal World Secure World Android TrustedCore App App Userspace Userspace App Trusted Trusted Trusted Application Application Application globaltask System System (TA) System (TA) (TA) Service Service Service teecd HAL lib HAL lib HAL lib libteec libteec libteec N-EL0 S-EL0 N-EL1 S-EL1 Interrupt swi-Handler Handler TrustedCore Kernel TrustedCore S-EL3 Kernel Module SMC-Handler HiSilicon Android Custom ARM Trusted Firmware Linux Kernel

  11. TrustedCore – Normal World N-EL1 N-EL0 Linux Kernel Module 8 teecd Apps System Services Normal World Secure World Android TrustedCore App App Userspace Userspace App Trusted Trusted Trusted Application Application Application System globaltask System (TA) System (TA) (TA) Service Service Service teecd HAL lib HAL lib HAL lib libteec libteec libteec N-EL0 S-EL0 N-EL1 S-EL1 Interrupt swi-Handler Handler TrustedCore Kernel TrustedCore S-EL3 Kernel Module SMC-Handler HiSilicon Android Custom ARM Trusted Firmware Linux Kernel

  12. TrustedCore – Secure World S-EL3 S-EL0 Custom ARM TrustedFirmware 9 TrustedCore Kernel globaltask S-EL1 Trusted Applications Normal World Secure World Android TrustedCore App App Userspace Userspace App Trusted Trusted Trusted Application Application Application System globaltask System (TA) System (TA) (TA) Service Service Service teecd HAL lib HAL lib HAL lib libteec libteec libteec N-EL0 S-EL0 N-EL1 S-EL1 Interrupt swi-Handler Handler TrustedCore Kernel TrustedCore S-EL3 Kernel Module SMC-Handler HiSilicon Android Custom ARM Trusted Firmware Linux Kernel

  13. Secure Loader

  14. Loading Encrypted Trusted Applications root@HWVNS-H:/ # ls /system/bin/*.sec /system/bin/6c8cf255-ca98-439e-a98e-ade64022ecb6.sec /system/bin/79b77788-9789-4a7a-a2be-b60155eef5f4.sec /system/bin/868ccafb-794b-46c6-b5c4-9f1462de4e02.sec /system/bin/883890ba-3ef8-4f0b-9c02-f5874acbf2ff.sec /system/bin/9b17660b-8968-4eed-917e-dd32379bd548.sec /system/bin/b4b71581-add2-e89f-d536-f35436dc7973.sec /system/bin/fd1bbfb2-9a62-4b27-8fdb-a503529076af.sec /system/bin/fpc_1021_ta.sec /system/bin/fpc_1021_ta_venus.sec /system/bin/fpc_1022_ta.sec /system/bin/syna_109A0_ta.sec 10

  15. Loading Encrypted Trusted Applications (cont.) 11 Normal World Secure World Android TrustedCore App App Userspace Userspace App Trusted Huawei Trusted Encrypted TA Trusted Application Application Application System globaltask System (TA) encrypt manifest System (TA) (TA) pubkey x Service Service Service manifest enc teecd HAL lib HAL lib HAL lib sign ELF privkey y AES key libteec libteec libteec decrypt N-EL0 S-EL0 ELF data globaltask ELF N-EL1 S-EL1 decrypt signature manifest Interrupt swi-Handler privkey x Handler verify ELF ELF enc TrustedCore Kernel pubkey y signature TrustedCore S-EL3 Kernel Module SMC-Handler HiSilicon Android Custom ARM Trusted Firmware Linux Kernel

  16. Protection of Crypto Keys char * (*wb_aes) ( char *, char *, unsigned int ); } return 0; hexdump("privkey:", pubkey_dec, <privkey_sz>); wb_aes(privkey_enc, privkey_dec, <privkey_sz>); hexdump("privkey:", pubkey_dec, <pubkey_sz>); wb_aes(pubkey_enc, pubkey_dec, <pubkey_sz>); = globaltask + <wb_aes_off>; wb_aes privkey_enc = globaltask + <privkeyenc_off>; pubkey_enc = globaltask + <pubkeyenc_off>; PROT_READ|PROT_WRITE|PROT_EXEC); char *privkey_dec[0x1000] = { 0 }; char *pubkey_dec[0x1000] = { 0 }; int main(){ char globaltask[] = { ... }; // globaltask binary 12 globaltask .text ... wb_aes: mprotect(globaltask, sizeof (globaltask), ... .data ... privkey enc pubkey enc ...

  17. Scope & Consequences Analysis of 133 firmware images distributed from July 2015 until April 2018 119 images using white-box crypto scheme Decryption of “confidential” TAs on models from 2016 (P9 Lite) until 2018 (P20 Lite) TCB size 16 times bigger than reported by Cerdeira et al. [6] 13

  18. The Android Keystore System

  19. Export-Protected Crypto Keys kb - keyblob KEK - Key Encryption Key 14 App keystored keymaster TA gen_key(alias, ...) gen key gen key enc KEK (kb) kb enc store alias : keyblob enc enc(alias, data) enc(kb enc , data) dec KEK (kb enc ) enc kb (data) data enc data enc

  20. The Key Encryption Key (KEK) uint32_t key_params1_count_offset; } uint8_t blob[]; // C99 FAM uint32_t keyblob_size; uint32_t hidden_params_data_size; uint32_t hidden_params_data_offset; uint32_t hidden_params_count_offset; uint32_t key_params1_data_size; uint32_t key_params1_data_offset; uint32_t key_params2_count_offset; uint32_t keymaterial_size; blob contains encrypted key and hidden uint32_t keymaterial_offset; uint32_t unknown; uint8_t magic[4]; uint8_t iv[16]; uint8_t hmac[32]; struct keyblob { secret is a constant keyblob is protected by hmac secret is a constant params 15

  21. Scope & Consequences 133 firmware images (from July 2015 until April 2018) use contant KEK Extract export-protected crypto keys Spoof keyblob s Off-device brute-forcing of full-disk encryption 16

  22. Memory Corruptions & Exploitation

  23. Memory Corruption in keymaster TA Stack-based buffer overflow in RSA key pair export routine 1. Craft keyblob with exploit payload using constant secrets 2. Import crafted keyblob into keymaster TA 3. Export crafted keyblob (triggers overflow) 17

  24. Exploit Mitigations 𝑋 ⊕ 𝑌 Stack Canaries ASLR Stack canaries Constant values ASLR Low entropy Reloaded to same address after crash 18

  25. Escalating to S-EL1/S-EL3 ~174 system calls available from S-EL0 e.g., mapping of physical memory pages to TA virtual address space Flawed/ineffective range check for S-EL1 and S-EL3 19

  26. Conclusion

  27. Lessons Learned – Hardware-Protected Crypto Keys ARM TrustZone == TEE construction kit Confidentiality and integrity depend on hardware and software choices Severity of software-based protection designs Leakage of KEK disables device-binding for an entire generation of phones PIN/pattern/password can be brute-forced off-device 20

  28. Lessons Learned – Attack Surface Trusted Computing Base is huge Trusted Computing Base attack surface is wide TAs are written in C/C++ and prone to memory corruption bugs Risk of exploitation not effectively mitigated 21

  29. Summary Reviewed Huawei’s TrustedCore Examined and broke secure loader Examined and broke Android keystore system Found and exploited previously unknown memory corruption bug Escalated privileges to S-EL1/S-EL3 Shared lessons learned 22

  30. Questions? eMail: marcel.busch@fau.de Twitter: @0ddc0de

  31. References (1) T. Alexander. Reverse-engineering samsung exynos 9820 bootloader and tz. https://allsoftwaresucks.blogspot.com/2019/05/reverse-engineering-samsung- exynos-9820.html, 2019. Accessed: 2019-08-30. A. Alexandre, G. Joffrey, and P. Maxime. A deep dive into samsung’s trustzone (part 1). https://blog.quarkslab.com/a-deep-dive-into-samsungs-trustzone-part-1.html, 2019. Accessed: 2020-03-15. 24

  32. References (2) G. Beniamini. Extracting qualcomm’s keymaster keys - breaking android full disk encryption. https://bits-please.blogspot.com/2016/06/extracting-qualcomms-keymaster- keys.html, 2016. Accessed: 2019-12-28. G. Beniamini. Qsee privilege escalation vulnerability and exploit (cve-2015-6639). https://bits-please.blogspot.com/2016/05/qsee-privilege-escalation- vulnerability.html, 2016. Accessed: 2019-08-28. 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Who We Are Mission-Driven Leadership What We Do Why We Do It Survey Unearthing Fairness for

Who We Are Mission-Driven Leadership What We Do Why We Do It Survey Unearthing Fairness for

Who We Are Mission-Driven Leadership What We Do Why We Do It Survey Unearthing Fairness for Ohio Kids Ohios Most Pressing Challenge Kids who start behind often stay behind. Poverty is a persistent factor in kids learning and

347 views • 33 slides
CherryPick: Adaptively Unearthing the Best Cloud Configurations for Big Data Analytics O.

CherryPick: Adaptively Unearthing the Best Cloud Configurations for Big Data Analytics O.

CherryPick: Adaptively Unearthing the Best Cloud Configurations for Big Data Analytics O. Alipourfard et al. Presented by Dmitry Kazhdan Overview Background Prior work CherryPick Evaluation Criticism Recent work

279 views • 27 slides
Unearthing five key factors influencing workplace performance Eleanor Forster, Managing Director

Unearthing five key factors influencing workplace performance Eleanor Forster, Managing Director

Unearthing five key factors influencing workplace performance Eleanor Forster, Managing Director North America Copyr opyright LeesmanLtd d September 2017 | Who are Leesman? The worlds leading business intelligence tool that benchmarks how

1.02k views • 73 slides
Bulyanhulu Investor Site Tour 04.02.16 Unearthing Africas Potential Important Notice This

Bulyanhulu Investor Site Tour 04.02.16 Unearthing Africas Potential Important Notice This

LSE:ACA Bulyanhulu Investor Site Tour 04.02.16 Unearthing Africas Potential Important Notice This presentation includes forward - looking statements that express or imply Although Acacias management believes that the expectations

653 views • 32 slides
Acacia Mining plc Unearthing Africas Potential 03.09.2015 Africa Down Under Important Notice

Acacia Mining plc Unearthing Africas Potential 03.09.2015 Africa Down Under Important Notice

LSE:ACA Acacia Mining plc Unearthing Africas Potential 03.09.2015 Africa Down Under Important Notice This presentation includes forward - looking statements that express or imply Although Acacias management believes that the

409 views • 19 slides
Post-Colonial Security: Unearthing the Eurocentrism Week 13 - 20 December 2017 What is

Post-Colonial Security: Unearthing the Eurocentrism Week 13 - 20 December 2017 What is

PSI 330 International Security Post-Colonial Security: Unearthing the Eurocentrism Week 13 - 20 December 2017 What is Eurocentrism? Eurocentrism is a complex idea but at its core is the assumption of European centrality in the human past

135 views • 11 slides
Acacia Mining plc Unearthing Africas Potential 12.05.2015 BofAML Global Metals, Mining &amp;

Acacia Mining plc Unearthing Africas Potential 12.05.2015 BofAML Global Metals, Mining &amp;

LSE:ACA Acacia Mining plc Unearthing Africas Potential 12.05.2015 BofAML Global Metals, Mining &amp; Steel Conference 2015 Important Notice This presentation includes forward - looking statements that express or imply Although

266 views • 12 slides
Unearthing High Grade Lithium Brine Assets (Pocitos Salar, Argentina) Legal Le This

Unearthing High Grade Lithium Brine Assets (Pocitos Salar, Argentina) Legal Le This

TSX-V: LBY OTC: LRTTF XFRA: L1T On the Road to Success Unearthing High Grade Lithium Brine Assets (Pocitos Salar, Argentina) Legal Le This presentation includes certain statements that may be deemed forward looking statements. All

373 views • 19 slides
Mining Indaba Cape Town February 2018 Unearthing the minerals powering our future Why Cape

Mining Indaba Cape Town February 2018 Unearthing the minerals powering our future Why Cape

Mining Indaba Cape Town February 2018 Unearthing the minerals powering our future Why Cape Lambert Resources? Cape Lambert is a diversified mineral development and investment company well positioned to deliver shareholder value though our

694 views • 33 slides
Unearthing High Grade Lithium Brine Assets (Pocitos Salar, Argentina) Legal This presentation

Unearthing High Grade Lithium Brine Assets (Pocitos Salar, Argentina) Legal This presentation

TSX-V: LBY OTC: LRTTF XFRA: L1T On the Road to Success Unearthing High Grade Lithium Brine Assets (Pocitos Salar, Argentina) Legal This presentation includes certain statements that may be deemed forward looking statements. All statements

423 views • 19 slides
Strategy: Adding Value through De-risked Exploration De-risked exploration = increased likelihood

Strategy: Adding Value through De-risked Exploration De-risked exploration = increased likelihood

Unearthing GIANTS : exploring for high value copper porphyry deposits in emerging fields, in Peru and in Western Australia Platypus Minerals Ltd (ASX:PLP) Investor Presentation January 2015 Strategy: Adding Value through De-risked

538 views • 24 slides
Tra le sollecitudini (1903) A treasure of inestimable value SC 112 Nothing should have

Tra le sollecitudini (1903) A treasure of inestimable value SC 112 Nothing should have

Unearthing a treasure of inestimable value: Liturgical Music and the Ars Celebrandi Dr. Clare Johnson Australian Catholic University Tra le sollecitudini (1903) A treasure of inestimable value SC 112 Nothing should have place,

278 views • 5 slides
An Introduction to Archivepelago Corey D Clawson, Rutgers University Newark @CD_Clawson |

An Introduction to Archivepelago Corey D Clawson, Rutgers University Newark @CD_Clawson |

Unearthing Historical Networks Using Neo4j: An Introduction to Archivepelago Corey D Clawson, Rutgers University Newark @CD_Clawson | @Archivepelago coreyclawson.com/archivepelago Offer a means of considering/modeling artistic influence

501 views • 20 slides
July 2020 Arizona Metals Corp. (TSXV:AMC) Forward-Looking Statement Statements contained in

July 2020 Arizona Metals Corp. (TSXV:AMC) Forward-Looking Statement Statements contained in

TSX.V: AMC Unearthing a World-Class Gold-Copper-Zinc VMS Deposit July 2020 Arizona Metals Corp. (TSXV:AMC) Forward-Looking Statement Statements contained in this presentation that are not and Sugarloaf Peak projects will be obtained in

358 views • 22 slides
GIANTS Exploring for large copper-porphyry deposits in emerging fields in Western Australia and

GIANTS Exploring for large copper-porphyry deposits in emerging fields in Western Australia and

Unearthing GIANTS Exploring for large copper-porphyry deposits in emerging fields in Western Australia and in Peru Platypus Minerals Ltd (ASX:PLP) Investor Presentation 26 March 2015 1 An Introduction to Platypus Minerals Platypus

370 views • 25 slides
THE FUTURE 26 th Global Metals &amp; Mining Conference Hollywood, Florida | February 26 - March 1,

THE FUTURE 26 th Global Metals &amp; Mining Conference Hollywood, Florida | February 26 - March 1,

UNEARTHING THE FUTURE 26 th Global Metals &amp; Mining Conference Hollywood, Florida | February 26 - March 1, 2017 FORWARD-LOOKING STATEMENTS This presentation contains forward-looking statements. Forward-looking statements involve known and

722 views • 32 slides
Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel

Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel

Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel Busch , Kalle Dirsch 2020-02-23 Friedrich-Alexander-University Erlangen-Nrnberg, Germany BAR20 BAR20 Motivation How secure are

352 views • 16 slides
Updates from the RISC-V TEE Group Nick Kossifidis &lt;mick@ics.forth.gr&gt; Security-related

Updates from the RISC-V TEE Group Nick Kossifidis &lt;mick@ics.forth.gr&gt; Security-related

Updates from the RISC-V TEE Group Nick Kossifidis &lt;mick@ics.forth.gr&gt; Security-related RISC-V Task Groups 2 About the TEE Task Group One of the most popular groups (112 registered members) Regular conference calls / mailing list

675 views • 13 slides
OP-TEE Using TrustZone to Protect Our Own Secrets ROM-Code Bootloader OP-TEE Kernel Root File

OP-TEE Using TrustZone to Protect Our Own Secrets ROM-Code Bootloader OP-TEE Kernel Root File

OP-TEE Using TrustZone to Protect Our Own Secrets ROM-Code Bootloader OP-TEE Kernel Root File System ELC Europe 2017, 23.10.2017 Marc Kleine-Budde &lt;mkl@pengutronix.de&gt; Slide 1 - http://www.pengutronix.de - 2017-10-23 Overview ARM

1.06k views • 18 slides
Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric

Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric

Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric Gustafson, Chad Spensky, Chris Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna Sandia

1.1k views • 51 slides
https://ggle.io/3K3w McIntyre Tee Shirts For Is your childs McIntyre t-shirt too small,

https://ggle.io/3K3w McIntyre Tee Shirts For Is your childs McIntyre t-shirt too small,

https://ggle.io/3K3w McIntyre Tee Shirts For Is your childs McIntyre t-shirt too small, description: https://ggle.io/3DVI ripped, torn or missing? Would you like to show your McIntyre school spirit at school events or when volunteering?

527 views • 19 slides
Easy Generation and Efficient Validation of Proofs for SAT and QBF Marijn J.H. Heule 1/37

Easy Generation and Efficient Validation of Proofs for SAT and QBF Marijn J.H. Heule 1/37

Easy Generation and Efficient Validation of Proofs for SAT and QBF Marijn J.H. Heule 1/37 Introduction to SAT and QBF Clausal Proof Systems for SAT and QBF Abstract Proof System for SAT Inprocessing Clausal Proofs for QBF Preprocessing

919 views • 48 slides
Necessity of 45-day Transesophageal Echocardiography after WATCHMAN Procedure amid the COVID-19

Necessity of 45-day Transesophageal Echocardiography after WATCHMAN Procedure amid the COVID-19

Necessity of 45-day Transesophageal Echocardiography after WATCHMAN Procedure amid the COVID-19 Pandemic Bryan E-Xin Tan, M.D. PGY-3 Internal Medicine Rochester General Hospital No Conflict of Interest Necessity of 45-day Transesophageal RESULTS

250 views • 8 slides
&amp; Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

&amp; Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic

Hardware Security Trusted Execution Environments (TEEs) &amp; Trusted Computing Erik Poll Digital Security Radboud University Nijmegen Classic hardware-backed security solutions smartcard for users HSM (Hardware Security Module) in

774 views • 63 slides

More recommend