Random Things

Posts on anything and everything

Labels

Airlines Amazon Auto Electronics Entertainment Faith FB Finance Fix Things Food Gaming Geography Google HaHa's Health Information Mac Microsoft Military Movies Music News Personal Photography Politics Recalls Reviews Riddle Science Security SM Space Sports Tech Terms Thoughts Tools Travel Trivia Videos VR World News

Thursday, October 25, 2018

Special Security Chip


Your Smartphone Has a Special Security Chip. Here’s How It Works

CHRIS HOFFMAN  @chrisbhoffman 


Google’s new Pixel 3 phones have a “Titan M” security chip. Apple has something similar with its “Secure Enclave” on iPhones. Samsung’s Galaxy phones and other Android phones often use ARM’s TrustZone technology. Here’s how they help protect your phone.

The Basics

These chips are basically separate little computers inside your phone. They have different processors and memory, and they run their own tiny operating systems.
Your phone’s regular operating system and the applications running on it can’t see inside the secure area. This protects the secure area from tampering and lets the secure area do a variety of useful things.

It’s a Separate Processor


The Secure Enclave is part of Apple’s A-series system-on-a-chip hardware.

All these chips work in slightly different ways. In Google’s new Pixel phones, Titan M is an actual physical chip that’s separate from the phone’s normal CPU.
With Apple’s Secure Enclave and ARM’s TrustZone, the Secure Enclave or TrustZone is not technically a different “chip.” Instead, it’s a separate, isolated processor built into the device’s main system-on-a-chip. While it’s built-in, it still has a separate processor and area of memory. Think of it as a chip inside the main chip.
Either way—whether it’s Titan M, Secure Enclave, or TrustZone—the chip is a separate “coprocessor.” It has its own special area of memory and runs its own operating system. It’s completely isolated from everything else.
In other words, even if your entire Android or iOS operating system was compromised by malware and that malware had access to everything, it wouldn’t be able to access the contents of the secure area.

How It Protects Your Phone


Apple’s Secure Enclave holds the keys to your Face ID biometric data.

The data on your phone is stored encrypted on disk. The key that unlocks the data is stored in the secure area. When you unlock your phone with your PIN, password, Face ID, or Touch ID, the processor inside the secure area authenticates you and uses your key to decrypt your data in memory.
This encryption key never leaves the security chip’s secure area. If an attacker is attempting to sign in by guessing multiple PINs or passwords, the secure chip can slow them down and enforce a delay between attempts. Even if that person had compromised your device’s main operating system, the secure chip would limit their attempts to access your security keys.
On an iPhone or iPad, the Secure Enclave stores encryption keys that protect your face (for Face ID) or fingerprint (for Touch ID) information. Even someone who stole your phone and somehow compromised the main iOS operating system wouldn’t be able to view information about your fingerprint.
Google’s Titan M chip can also protect sensitive transactions in Android apps. Apps can use Android 9’s new “StrongBox KeyStore API” to generate and store their own private keys in Titan M. Google Pay will be testing this out soon. It could also be used for other types of sensitive transactions, from voting to sending money.
iPhones work similarly. Apple Pay uses the Secure Enclave, so the details of your payment card are stored and transmitted securely. Apple also lets apps on your phone store their keysin the Secure Enclave for additional security. The Secure Enclave ensures its own software is signed by Apple before booting, so it can’t be replaced with modified software.
ARM’s TrustZone works very similarly to the Secure Enclave. It uses a secure area of the main processor to run critical software. Security keys can be stored here. Samsung’s KNOXsecurity software runs in the ARM TrustZone area, so it’s isolated from the rest of the system. Samsung Pay also uses ARM TrustZone to handle payment card information securely.
On a new Pixel phone, the Titan M chip also secures the bootloader. When you start your phone, Titan M ensures you’re running the “last known safe Android version.” Anyone with access to your phone can’t downgrade you to an older version of Android with known security holes. And the firmware on Titan M can’t be updated unless you enter your passcode, so an attacker couldn’t even create a malicious replacement for Titan M’s firmware.

Why Your Phone Needs a Secure Processor


Samsung Pay uses ARM TrustZone and Samsung KNOX.

Without a secure processor and isolated memory area, your device is much more open to attack. The secure chip isolates critical data like encryption keys and payment information. Even if your device is compromised, malware couldn’t access this information.
The secure area also throttles access to your device. Even if someone has your device and replaces its operating system with a compromised one, the secure chip won’t let them guess a million PINs or passcodes a second. It will slow them down and lock them out of your device.
When you’re using a mobile wallet like Apple Pay, Samsung Pay, or Google Pay, your payment details can be stored securely to ensure that no malicious software running on your device can access them.
Google is also doing some interesting new things with the Titan M chip, such as authenticating your bootloader and ensuring no attacker can downgrade your operating system or replace your Titan M firmware.
Even a Spectre-style attack that lets an application read memory that doesn’t belong to it wouldn’t be able to crack these chips, as the chips use memory that’s completely separate from the main system memory.

It Protects Your Phone in the Background

No smartphone user really needs to know about this hardware, although it should make you feel more secure when keeping sensitive data like credit cards and online-banking details on your phone.
This is just cool technology that works silently to protect your phone and data, keeping you more secure. A lot of smart people are putting a lot of work into securing modern smartphones and protecting them against all kinds of possible attacks. And lots of work goes into making that security so effortless that you’ll never even have to think about it, too.
Image Credit: Google, Poravute Siriphiroon/Shutterstock.com, Hadrian/Shutterstock.com, Samsung
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest

No comments:

Post a Comment

Newer Post Older Post Home
Subscribe to: Post Comments (Atom)

Facebook Badge

Jim White

Create Your Badge

Followers

Subscribe To Random Things

Posts
Atom
Posts
Comments
Atom
Comments

Blog Archive

  • ►  2019 (697)
    • ►  April (23)
    • ►  March (166)
    • ►  February (188)
    • ►  January (320)
  • ▼  2018 (4481)
    • ►  December (343)
    • ►  November (346)
    • ▼  October (385)
      • Newest Apple Products
      • Halloween Spending
      • 700-HP Electric Car
      • Rockets to Move Cargo
      • Next Version of Windows 10
      • Make Water From Thin Air
      • Amazon Charity
      • Entertainment News
      • Movie Preview - Bohemian Rhapsody
      • Not a Zombie
      • Today's Encouragement
      • Wed Devotional
      • Earn Rewards
      • Plastic Waste Elimination
      • Japanese Princess is a Commoner
      • Couple 'Flabbergasted'
      • Is the résumé dead?
      • Long Goodbye for Merkel
      • Sports
      • Conversation Clean Up Tool
      • Movie Preview - Nobody's Fool (2018)
      • 'Whys' of Life
      • Today's Encouragement
      • Tues Devotional
      • Tiniest House in the World
      • Winterize Your Pool
      • January 2019 Lunar Eclipse
      • Robots to make Robots
      • IBM Buying Red Hat
      • New Vaccine & Drug Combo
      • Lyft Autonomous Initiative
      • Entertainment News
      • Weekend Box Office Results
      • Honoring All Souls
      • Today's Encouragemnt
      • Mon Devotional
      • Movie Review - Johnny English Strikes Again
      • SpaceX Seeks Loan
      • What Passengers Really Want
      • In-flight Meditation
      • Car Salesperson
      • Inserting Microchips
      • What is WiGig
      • Entertainment News
      • Give a Little
      • The Work
      • Power in Prayer
      • Trust His Heart
      • Infamous 'Death Comet'
      • Most Miserable Airport
      • Fit for Life
      • Strange Rectangular Iceberg
      • Sports News
      • eBay launches Instant Selling
      • Nuclear-Armed Submarines
      • Tesla Model Y
      • Change Halloween
      • Entertainment News
      • Are You My Leader?
      • Stop the Sun
      • A Dog's Color
      • the Fine Print
      • Messenger Gets a Makeover
      • Tesla Turns a Profit
      • New Flu Treatment
      • Highest-Paid TV Actors
      • Google Sexual Harassment
      • Historic Find
      • Khashoggi Murder
      • Four Ways
      • Today's Encouragement
      • Fri Devotional
      • Special Security Chip
      • Windows Registry Demystified
      • Navy’s Next Attack Sub
      • Best Android Phones
      • 2019 Electric Motorcycles
      • Super Typhoon
      • Financial News
      • Khashoggi Death Brutal
      • Titanic II
      • Movie Preview - Hunter Killer
      • Our Weaknesses
      • Today's Encouragement
      • Thur Devotional
      • Travel over Sex
      • Google Translate
      • U.S. in the Arctic Circle
      • Longest Life Expectancy
      • 2019 Ford Mustang Shelby GT500
      • Kleenex Rename
      • Death Race
      • Most Destructive Species
      • Movie Preview - Indivisible
      • Hurricane Willa Latest
      • Give No Quarter
      • Today's Encouragement
      • The Only God
      • Mad Scratch Machine
      • Golden Girls Cereal
    • ►  September (373)
    • ►  August (386)
    • ►  July (385)
    • ►  June (359)
    • ►  May (378)
    • ►  April (384)
    • ►  March (396)
    • ►  February (353)
    • ►  January (393)
  • ►  2017 (4506)
    • ►  December (389)
    • ►  November (382)
    • ►  October (399)
    • ►  September (368)
    • ►  August (406)
    • ►  July (386)
    • ►  June (378)
    • ►  May (383)
    • ►  April (354)
    • ►  March (374)
    • ►  February (337)
    • ►  January (350)
  • ►  2016 (3443)
    • ►  December (353)
    • ►  November (360)
    • ►  October (365)
    • ►  September (338)
    • ►  August (329)
    • ►  July (331)
    • ►  June (332)
    • ►  May (356)
    • ►  April (342)
    • ►  March (316)
    • ►  February (21)

Who I B

Dubs
View my complete profile
Picture Window theme. Powered by Blogger.

Translate