Written by: Christian Gehrmann and Per Ståhl

 Download PDF file

End-user expectations regarding features in mobile phones have increased dramatically in recent years, not the least where security functionality is concerned. End users, operators, and content providers take it for granted that the mobile platform will protect all vital information in and about a mobile phone. And Ericsson is proud to say that thanks to robust security mechanisms and rich, basic-platform-security functionality, its new generation of mobile platforms fully lives up to these expectations.

The authors describe the hardware and software security architecture and building blocks implemented in the new mobile platforms. In particular, they describe "core" security functionality such as secure boot, secure reprogramming, and the protection of critical parameters.

Introduction

The term security lacks meaning until one has defined what is to be secure and for whom.  Likewise, security is difficult to comprehend without a potential threat. Mobile phones for third-generation mobile systems (3G) have several security stakeholders for which the mobile platform must provide security services. Moreover, the potential threats may differ from stakeholder to stakeholder.
 
The first class of security stakeholders, users, expects that mobile phones will offer secure and reliable communication - that is, they assume their phones can be trusted to handle sensitive tasks, such as e-commerce transactions. The main threats to this class of stakeholders are malicious software, such as viruses and Trojans, or weak or misbehaving security mechanisms.

The second class of stakeholders, mobile network operators, relies on phone network identification mechanisms (related to billing capability) and network-related software. Users or hostile software must not be allowed to circumvent these mechanisms. Operators thus require that the integrity of software can be guaranteed when the mobile phone is in operation. They also want to be certain that users cannot break SIM lock mechanisms.

A third class of security stakeholders, content providers, wants to be paid for the content (music, pictures, videos and software) that users download. It also wants to know that users cannot (mis)use their phones to illegally copy or distribute content. This is where digital rights management (DRM) functions come into play. However, DRM mechanisms alone cannot provide all necessary security. To provide a DRM solution that meets content provider requirements, the mobile phone platform must contain security functions that guarantee secure execution and code integrity.

Security is usually measured in terms of a set of basic aspects: confidentiality, integrity, authentication and authorization. Confidentiality of data is achieved by cryptographically transforming original data, often called, plaintext, into cipher text, which hides the content of plaintext. This operation is realized as a parameterized transformation that keeps the controlling parameter secret. The controlling parameter is often called a key. The transformation is called encryption. With a key it is easy to perform the inverse transform or decryption. Without the key, decryption should be difficult.

Integrity is about ensuring that data has not been replaced or modified without authorization during transport or storage. This is achieved using cryptographic transforms and a key. Additional information must also be added to the plaintext to verify its integrity.
Authentication is the procedure by which a unit (the claimant) convinces another unit (the verifier) of its (correct) identity. Authentication is different from authorization, which is the process of giving a person or entity permission to do or have access to something.

There are two major classes of cryptographic mechanisms: symmetric and asymmetric. In symmetric mechanisms, the same key is used for encryption and decryption. Examples of symmetric confidentiality mechanisms are

• block ciphers, such as DES and AES; and
• stream ciphers, such as the GSM A1, A2 and A3 algorithms.

Integrity is often protected using symmetric mechanisms. Integrity-protection algorithms are also called message authentication codes (MAC). The most popular MAC is the HMAC algorithm.1 Because the key in symmetric mechanisms can be used to decrypt content, it must be kept secret from all but legitimate users of the encryption scheme.

Asymmetric mechanisms use separate pairs of keys for encryption transform and decryption transform. The public key can be made publicly available, but the private key must never be revealed. Asymmetric mechanisms are typically used for distributing keys (for example, a symmetric key) or for digital signing purposes. A public key can be used to encrypt a symmetric key, which in turn, can only be decrypted by the legitimate receiver using the corresponding private key. A private key may also be used to digitally sign data. The signature can be verified by anyone who knows the corresponding public key. The RSA scheme is widely known example of an asymmetric cryptographic algorithm.

Ericsson has designed the security architecture of its mobile platforms to meet the security requirements of different stakeholders. The architecture is built around a combination of hardware and software components that support the implementation of mechanisms that provide security. The main security functions are

• secure boot and software integrity;
• secure control of debug and trace capabilities;
• digital rights management;
• hardware cryptographic accelerators;
• hardware-based random number generator (RNG);
• cryptographic algorithm service;
• public key infrastructure (PKI) support; and
• secure communication protocols (GSM/
• GPRS/WCDMA security, TLS/SSL, IPsec, and Bluetooth/WLAN).

These functions either fulfill security expectations or have been included to accelerate cryptographic operations.