Secure Mobile Payments - Protecting display data in TrustZone-enabled SoCs with the Evatronix PANTA Family of Display Processors
by Pawel Duc, Multimedia IP Software Designer at Evatronix and Robert Brown, Director of Marketing, Secure Services Division at ARM®
Android activations have surpassed 500 million, well over 300 million iPhones have shipped and when one adds the combined totals of Nokia, BlackBerry® and Windows 7 phones and tablets it is clear to see that billions of smart connected devices are already in use. With all of these smart devices deployed, many of which integrate touchscreen capability, weve not yet seen a dramatic change in the way we interact with the internet. Checkout pages on shopping websites still require massive amounts of user entered data to complete a transaction all of which is less convenient for the users of touchscreen devices. However, with strong security designed into these devices at the start, user experiences can be dramatically improved.
ARM® created TrustZone® technology to provide a separate secure environment for sensitive functions in mobile devices. Enabling execution of a separate Trusted Execution Environment (TEE) residing in memory next to Android or any other rich operating system, ARM® TrustZone technology protects secure operations on which its counterpart Rich OS has no visibility or influence. Over the past few years, the ARM® TrustZone® ecosystem of providers has grown to dozens of partners, among them Evatronix. The number of use cases and applications for TrustZone® is continually expanding, among them payments and enterprise use cases, both of which benefit from the ability to output confidential data on a devices display.
TrustZone®-enabled System-on-Chip Architecture
Secure System-on-Chips (SoCs) based on ARM® TrustZone® technology enable both hardware and software components to be isolated as a secure subsystem within a complex SoC and as such focus on processing protected, sensitive and valuable assets, such as payment credentials, whenever these might be endangered with an attack, modification or capture. At the same time the main system software may be an open Rich OS platform that enables downloading and use of arbitrary third-party and non-trusted applications which can gain access to almost all system hardware elements.
ARM® TrustZone® technology is a SoC hardware extension that extends from an ARM® Cortex-A CPU throughout the bus fabric and into SoC peripherals that require security, allowing the SoC to operate in two states; Normal and Secured. When applications require sensitive functions to be called (such as PIN capture or secure display of data) the Rich OS (Figure 1) calls on the TEE. Client applications running in the Rich OS are able to communicate with services executed in the Trusted Execution Environment (TEE) through the GlobalPlatform TEE Client API, a standardized software communication interface standardized by the GlobalPlatform standards body.
Fig. 1. TrustZone®-enabled SoC architecture example
The TEE itself provides a standardized access mechanism to protected hardware resources, such as protected-access available only through a trusted frame buffer for displaying data. The hardware isolation provided by TrustZone® ensures that valuable assets handled by the resources do not become visible or vulnerable to attack from software executing in the Rich OS.
The PANTA DP20 Display Processor delivered by Evatronix is capable of composing display frames from up to three independent layers. Each layer of frame data can be fetched from system memory through a normal frame buffer, placed in freely accessible system DRAM as well as from a trusted frame buffer, which is accessible only from the TEE through protected system interconnect data channels. All active layers are composed hierarchically using the alpha-blending operation (Figure 2). The PANTA DP20 enables two phase display data protection.
Fig. 2. Layers composition in the PANTA DP20.
First phase is based on a secure control register, accessible for writing only in the protected mode. Secured write only access to the register ensures that it will be modified only by software executed in the trusted environment. The secure control register configuration defines security level and an overlay protection for each particular layer.
Second phase of display data protection is based on partially secured layers settings and data protection. If a specified layer is secured, the layer control registers are accessible only from the TEE to prevent modification by unauthorized software. Secured layer frame data is fetched from the trusted frame buffer through protected AXI read transactions. Layers overlay protection is used to prevent layer frame being obscured by unprotected up level layers in the composition process.
Protection of mobile banking applications assets
In payment applications much of the display data is a valuable asset that should be protected against possible interception, modification or repudiation (the user denying that they made a payment). The principle of what you see is what you sign should be applied such that users can be assured that they are entering a confirmation of payment (whether with single click or PIN confirmation) to the correct payee for the correct amount and that financial institutions involved in the transaction process can have a level of confidence that the correct transaction data is displayed to the user.
Fig. 3. Mobile banking graphical assets protection
At the same time the privacy of the user should be protected such that rogue applications may not intercept payment data. The application display data protection need is a reason why Evatronixs PANTA DP20 is becoming a necessary element of TrustZone® based SoCs. Personal data, corporate data or payment credentials must not be visible for non-secured software as it is subject to malware, which might be unwittingly downloaded to the device by the user, or surreptitiously via a physical or a wireless connection.
These protected assets are generated in a secure layer (Figure 3A) where data is placed in a trusted frame buffer. The layer is configured as secure in the PANTA DP20 and its data is fetched from the trusted frame buffer with protected access. Money transfer amount presented for approval (Figure 3C) must not be obscured by a corrupted frame buffer content (Figure 3D). Since the application layout (Figure 3B) is generated in the regular OS as a non secure graphics, the money amount presentation should be created in a trusted frame buffer and composed as a secure layer with protection against overlay. Evatronix PANTA DP prevents the corrupted display layer from obstructing the secure layer, which is always displayed on top of all non-secure layers (Figure 3F).
ARM® TrustZone® along with Trusted Execution Environments provide a secure, integrated and convenient way to manage users sensitive and valuable assets on a mobile device. It adjusts the device to the user, not vice versa, and thus opens a whole new area of applications for providers of secure mobile applications. With the Evatronix PANTA DP20 display processor in the SoC, the data on the mobile display can be reliably protected and user experience is improved.
For more information about the ARM® TrustZone® ecosystem please visit ARMs website at www.arm.com, and for more information on the Evatronix PANTA family of display processors, visit Evatronix website at www.evatronix.com/ip
Contact Evatronix S.A