Some Use Cases and Discussion

Building Trust in Mobile Devices with BlueRiSC MRoT

467 310 BlueRiSC

The mobile device market has grown tremendously and affects every facet of human life. Mobile attacks can disrupt life-saving operations, endanger personnel, and expose government systems to exploitation. These threats will continue to grow and get increasingly more sophisticated.

Roots-of-Trust (RoTs), which are highly trustworthy tamper evident components, can provide a foundation to build security and trust. RoTs are usually provided as a specialized hardware chip (e.g., Trusted Platform Module) on desktop or laptop systems.   In a mobile device (especially BYOD) this is not available/feasible so the alternative is to provide RoTs via software. Unfortunately, this is challenging to realize given the sophistication of current threats and the ease in which a mobile device’s state and information can be extracted and altered. Moreover security specifications such as Trusted Computing Group’s Mobile Trusted Module do not address how to support mobile RoTs in software nor do they address dynamic verification of device and software behavior while applications are running.

To overcome the array of surface attacks designed against software-based systems, MRoT utilizes a new architecture for enabling transitive trust based on a Core Root of Trust for Measurement (CRTM).   The CRTM is hardened code that acts as the root-of-trust for reliable integrity measurements and is the foundation for additional trusted services. The MRoT architecture includes a layer of encrypted CRTM code that is tied to a cryptographic key generated at boot-time. With the CRTM established, the resulting system does not require any sensitive information to be stored persistently in an unprotected state, closely mimicking the level of security achievable via a dedicated hardware. A secure cryptographic sealing and unsealing procedure tied to the boot-time and runtime measurements performed by the solution enables application and data protection. Since all protected data and applications are sealed, they remain protected even in the case that an attacker attempts to alter or bypass the MRoT technology – which is fundamentally not excludable in a software approach. Even in the unlikely case of a successful attack to circumvent the solution, the software and data remain protected due to the fundamental nature of the approach.

Traditional solutions focus primarily on boot-time validation, establishing the validity of each component prior to a complete boot, while providing only minimal support for runtime activities. Unfortunately, it is widely known that sophisticated attacks can target applications that are already running and devices are nowadays rarely rebooted. To address the shortcomings of one-time static verification, MRoT includes dynamic verification and attestation through a unique concept. The employed runtime agents harden themselves from attack and modification by creating a self-validating network, which can instantly respond to a threat to the system or the protection technology itself.

BlueRiSC’s solution is complimentary to the user-land security solutions (such as MDM), which could take advantage of the RoTs provided by MRoT to harden their system/approach via the open trusted services API. The provided features are valuable to traditional (such as MDM) security companies because recent trends in security suggest that they are losing their value proposition as the attacks are becoming more sophisticated. MRoT is also a US-made alternative to any vendor specific technologies and is open to 3rd party developers. This is further expanding upon the protections, trusted services enabled while enabling great flexibility.