EU approves push to get the unknown security in ARM chips into use
Chipmaker must promise to let others join the TEE party
The European Commission has approved the creation of a new secure-element company backed by ARM, Gemalto and Giesecke & Devrient, just as long as ARM promises to keep its hardware open.
The new company will develop and sell products running software from G&D and Gemalto on the TrustZone element embedded in ARM chips, complete with management software, but the EU required promises from ARM that it wouldn't unfairly lock out competitive offerings.
"ARM will provide the necessary hardware information to competitors at the same conditions as to the joint venture to enable them to develop alternative TEE [Trusted Execution Environment] solutions. Moreover, ARM will not design its IP in a way that would degrade the performance of alternative TEE solutions."
That restriction lasts eight years, after which all bets are off.
ARM will own 40 of cent of the new venture, which builds on the growing need for better security on smartphones and other mobile devices, with Gemalto and G&D splitting the remaining 60 per cent between them. However, as the two software companies currently have different business models for their code (Gemalto licenses while G&D gives it away, making money on the servers) the model to be adopted by the new venture is a still work in progress.
TrustZone is built into ARM's chip designs, which are licensed out to processor manufacturers which have put the technology into around 90 per cent of mobile phones, though very few have the software to take advantage of it. Neither can that software easily be downloaded, as downloaded software can't be trusted, but the facility can easily be utilised in new handsets where the software can be securely preloaded.
Such apps run with the TrustZone, isolating them from the operating system and malware which could be lurking there. The process is not as secure as putting the secure element in the SIM, according to the SIM manufacturers at least, but it’s a good deal more secure than the phone's architecture.
But despite the ubiquity of TrustZone, and its ability to secure the OS, verify downloads, authenticate users and prevent man-in-the-middle attacks, almost no one is using it, which is what's promoting this new collaboration. The three companies will promote a single trusted execution environment making it much easier for banks, and other people interested in secure tokens, to create applications, and competing with the operator-owned secure element in the SIM.
NFC Times has more details, and points out that GlobalPlatform has been busy creating a standard API for communicating with an embedded secure element which could be important as phones with Intel chips inside use that company's Secure Element instead.
So soon we won't have to trust our mobile phone OS at all, we'll just have to trust the Secure Element supplier instead, which is (probably) good news for all concerned. ®
COMMENTS
I don't see being forced to trust anyone as particularly good news.
Who's security are we talking about ?
Is it the security of: the user; the smartphone manufacturer; the telco; the government or the record labels ?
The only valid one of the above is: the user.
I somehow doubt that this is the intention.
In choices we trust ...
Oh, you are forced to trust a lot of people already, they are just so ubiquitous you don't notice. Unless you live in a box.
You probably have some trust in your ISP (all those non-https sites you use). You trust merchants you spend money with online, or at least you trust their payment provider. You also probably trust the merchant with lots of personal details. You trust websites you give your password to (if you are like most of the world and use the same password for multiple sites, tut tut).
In most of these cases you have no "choice" other than to spend your money elsewhere. I suspect most security schemes fall in much the same boat, because as soon as you give "average users" choice over security they just start clicking "yes" to get the functionality they want. i.e. choice is only useful if the user understands the choice they are making.
Re: In choices we trust ...
yes but i would rather choose who I want to trust. I don't want to be told I must trust company X and am not allowed to run anything from company Y.
I run a custom rom on my phone currently, i'm assuming this would make it hard to do things like that.
Re: In choices we trust ...
Worse yet, some systems (*cough* redmond's *cough*) will silently "fix" your fixes back to a them-approved state behind your back. So much for distrusting anyone of the 600-odd parties they say you can trust, honest.
As for not being able to meddle with passports and such, that's largely security-by-obscurity. I say there shouldn't be any chippery in there, moreso chippery with specs that specify not-random-enough encryption keys. Besides, the whole thing is to last five or ten years so that means at least ten or twenty years minus a day before all valid passports are updated, should they be proven weak (as they were shown to be on dutch national television, and the government shrugged apologetially, said it was indeed the spec, and did nothing).
In that sense, people not being allowed with their own passports leaves them vulnerable to people who don't care about not being allowed, but can anyway. The sad thing is that too many rule makers believe too much of their own bullshit to come up with effective solutions. Hint: Merely saying you cannot is no solution. Not even if you saying so is called "the law". Hence the doom of privacy. If we want to fix it, we'll need to enforce our views of what may and may not done with our data.
And we could build technology to do it, too. The key is to separate mechanism from policy (now where did I hear that one before?) and provide a system in which every actor is a first-class citizen, and one that is open for anyone to check for integrity. If that means I can issue --in theory and actual fact-- an electronic passport for my pet cactus, well, I can. But nobody'll accept it without that electronic passport being signed-as-trusted by someone they also trust, like a government or something.
Of course with the trouble PKI's roots-of-trust brought us, this is going to be a hard sell. So we're not going to list a long string of commercial parties that a few of us force all of us to trust. How instead? I'm sure we can think of something once we do away with the old hierarchical tree model. Something with multiple dimensions at least; your banking relations are a different dimension, a different trust-universe if you will, than say what sort of trust pc plod expects your passport to inspire.
Support for different dimensions and identities in such dimensions is the key. It does away with "exactly one identity per person" requirements that make you vulnerable to identity theft and all sorts of social/work mixup trouble. And law enforcement? They'll have to do some good old fashioned police work to connect points in the various dimension as and when needed. That's what we have them for--and a mentally lazy cop is worse than no cop.
Especially because all this is in such a sorry shape, I don't even shop "online". Instead I use the various sites to sort what I'd like, find the cheapest place to get it in reach, and go there to fetch it. This is still better than without the www because I might find places that carry what I want that I'd otherwise never would've found, and likewise might find things I'd otherwise wouldn't've known existed. And paying cash leaves no name attached to the paper trail. Which is always better than promises they won't use it, honest. Someone else who gets their hands on it --legally or less so-- still might.
