1. Technical Field
The present inventions relate to secure communications and, more particularly, relate to secure inter-processor communications.
2. Description of the Related Art
There are many cellular radio telephones whose architectures now include dual processors. In a typical cellular phone architecture, a baseband or modem processor handles radio telephony tasks; while an application processor handles user interface and personal digital assistance (PDA) like tasks, and other 3rd party vendor applications. Frequent communication and data passes between these processors. The link between them can be referred to as the inter-processor communication (IPC) link.
Security is a growing concern for many kinds of products, especially those that communicate with other devices or networks. Implementing strong security generally requires hardware support. Typical features of baseband and application processors are that they are trusted and secure processors. That is, they are architected and provisioned in such a way that they boot & run in a secure manner. For example, some security elements in secure processors may include a tamper-proof unique identifier and secret key storage capability. When used independently, a security-based processor allows for the design of a trusted device, where the processor forms the root core of trust, and uses its abilities to allow for all critical software on the device to be verified and trusted.
However, one area of concern in a dual-processor architecture, with respect to security, is the inter-processor communication (IPC) link. Since inter-processor messages are passed over this link, which in turn cause each processor to respond and behave in a certain manner, there is some risk that an adversary or hacker can exploit this link. Often times, the physical link between the processors is an easy-to-monitor serial port. Although the baseband and application processors may be individually trusted, the overall device “trustedness” depends on both processors authenticating each other and protecting the information on the inter-processor communication link.
The inter-processor communication link may be a vulnerable point for exploiting security. Messages between such processors have been sent openly and without authentication. A hacker could take advantage of this weakness by injecting messages directly on the link, or perhaps by replacing a processor.
The proposed inventions describe how two processors establish a secure inter-processor communication link with mutual authentication. The value of this is to prevent unauthorized messages from being passed from one processor to another. Only authorized processors that have been setup for a secure inter-processor communication link will process messages from each other. The processors must be provisioned with appropriate security measures before they can establish a secure inter-processor communication link. Some important goals in protecting the inter-processor communication link are that it should not impact performance, should not be difficult to provision, should not require large infrastructure support, and should not introduce noticeable overhead to the device (e.g., code size). This is because the processor communication link must be kept “lean and mean” as it is a critical communications path for the device. As a result of these requirements, a public key protocol such as SSL is unsuitable in this environment.
A goal of the embodiments of the present inventions described herein is to establish the inter-processor communication link as a secure inter-processor communication link. A secure inter-processor communication link is one where the two processors have authenticated each other (i.e., each processor is convinced they are talking to the processor they are supposed to be talking to) and are using encryption to protect the data on the link. In other secure communication channels (e.g. SSL, IPsec, WTLS), this is known as a secure authenticated channel (SAC). However, a protocol such as SSL is too large and unwieldy to implement for this use case. For example, a secure authenticated channel with two-way authentication requires that each processor be provisioned with its own public/private key pair. Generally, a manufacturer would not provision multiple processors with their own public/private key pair. Doing so would also take considerable overhead to establish such a PKI (public key infrastructure). Since the challenge is to minimize overhead and reduce performance issues, a different method, one that can meet overhead and performance criteria, is highly desirable.
The embodiments of the present inventions take advantage of known conditions about secure processors and their architecture. At a minimum, it is assumed that each processor can have a unique identifier (UID) that is tamper proof, and has a secret key. The secret key must not be available (i.e., readable) to unauthorized users.
The first and second processors 120 and 130 also enable communications on a communication bus 160 between the user interface portion 140 and the radio portion 150 of the portable electronic device 110. Communications need to be trusted over the communication bus 160 between these portions 140 and 150.
The portable electronic device platform, which employs more than one processor, becomes trusted when the communications link between trusted processors is itself secured for privacy and authentication. The present inventions allows the communication link over the communication bus 160 to be secured for privacy and authentication using a low overhead method. It is desired to choose a low overhead method that that does not rely on public key or PKI technology, in order to improve performance and reduce code size. This also greatly simplifies factory provisioning and the system infrastructure to support it.
Before a secure inter-processor communication link can be established, each pair of processors must be provisioned with a shared secret and the unique identifiers of both processors. The shared secret is for privacy, so that the data across the channel remains encrypted during the secure inter-processor communication link setup. The unique identifiers are for authentication, providing evidence for each processor during authentication. Provisioning is done only once and ideally in a secure area of a factory process. Provisioning requires that the shared secret be transmitted as plaintext to both processors. Once this is accomplished, the shared secret and the unique identifier of the each processor will be encrypted using the processor's secret key, and all accesses to the encrypted information will be restricted. Thus, access to the information that is encrypted will be restricted to only authorized processes such as, for example, some kind of boot process that is trusted for instance by way of a secure boot-up. If a processor has already been provisioned with a shared secret, any future provisioning sequence attempt should be disallowed by the processor. As an additional optional step, the processors may have a counter value (stored encrypted with the processor's secret key), initially set to zero (0), to thwart replay attacks.
The provisioning is a protocol for secure inter-processor communication link establishment that begins with a first processor randomly generating a session key. The session key and the first processor's unique identifier, along with the optional counter value incremented by one, are encrypted using the first processor's shared secret and sent to the second processor. The second processor recovers the session key, unique identifier, and optional counter, using the first processor's shared secret, and optionally checks that the first processor's counter value is one greater than its own counter value. It authenticates the first processor by checking that the unique identity received is the one that was stored during provisioning. In return, the second processor encrypts its unique identity (and optionally its counter value incremented by one) with the session key, to prove to the first processor that it has succeeded in establishing the session key and to present its own unique identification or “credentials.” The first processor authenticates that the received unique identifier is the same one that was stored during provisioning and optionally checks that the second processor counter value is the same as its processor counter value. The first processor responds with an acknowledgement. At this point the inter-processor communication link is now available for use as a secure authenticated link and the session key will be used to encrypt messages between the two processors.
At step 351 a session key return data set is encrypted by the second processor using the session key 343 and sent to the first processor. The session key return data set contains the second processor device identifier and optionally the second processor's counter value incremented by one. At step 353 the first processor decrypts the received session key return data set to retrieve the session key and the second processor device identifier. Finally, at step 355 the first processor compares the received second processor device identifier obtained from the decryption against the expected second processor device identifier (stored by the first processor during provisioning) to verify authenticity of the second processor.
In accordance with embodiments of the present inventions, secure inter-processor communication between processors within a portable electronic device is achieved with particular messages and identifiers. In these embodiments, each processor has a device identifier that is unique and unalterable. Each processor also has a secret key that is not accessible by unauthorized processes. The first processor has a shared secret (SS) and the second processor has a shared secret (SS2). Each processor is provisioned with both shared secrets (SS and SS2), encrypted with their respective secret key. Each processor is provisioned with the other's unique identifier, encrypted with its respective secret key.
Then, to initiate establishment of a secure inter-processor communication link, a session key data set (M1) comprising the session key (SK) and a first processor device identifier is encrypted using a first shared secret (SS) at the first processor.
At the second processor, the session key data set (M1) is decrypted using the first shared secret (SS) to retrieve the session key (SK) and the first processor device identifier. Then at the second processor the decrypted first processor device identifier is compared against a known first processor device identifier to verify authenticity of the first processor.
Using a second shared secret (SS2), the second processor encrypts a session key return data set (M2) that comprises a second processor device identifier. Then using the second shared secret (SS2), the first processor decrypts the session key return data set (M2). In some alternative embodiments, the second processor encrypts a session key return data set (M2) that comprises a second processor device identifier using the session key (SK). Then using the session key (SK), the first processor decrypts the session key return data set (M2). Then at the first processor the decrypted second processor device identifier is compared against a known second processor device identifier to verify authenticity of the second processor.
In other alternative embodiments, encrypting a session key return data set comprises encrypting at the second processor, using the second shared secret (SS2), a session key return data set M2 that comprises a second processor device identifier and the session key (SK).
The first shared secret (SS) and the second shared secret (SS2) can be the same shared secret (SS) whereby the encrypting and decrypting for the first processor device identifier uses the same shared secret (SS) as the encrypting and decrypting for the second processor device identifier.
The session key (SK) is preferably generated by a pseudorandom generator algorithm.
The encryption and decryption by the processors are preferably performed by a symmetrical algorithm such as the Data Encryption Standard DES, Triple-DES, or the Advanced Encryption Standard AES. Even though a symmetrical algorithm is optimum, alternatively, encryption by public key or PKI can be used but is more processor intensive. The shared secret (SS) is securely stored in memory internal to each processor.
These embodiments of the inventions take advantage of both the unique unalterable identifier of the processors and the ability to keep a secret key in secure memory. This allows a key exchange to be performed using a symmetric key algorithm, which is quicker and more efficient than a public key algorithm. Thus the code size is less, the key size is less, and the performance is better.
At power-up or initiation of secure communications link protocol to establish the secure inter-processor communications, the first and second processors are initialized. Upon initialization of the first processor, a first processor counter value may be initialized and, upon initialization of the second processor, a second processor counter value may be initialized. The encryption may use such counter values for enhanced security. Encrypting the session key data set may then use the first shared secret (SS) to encrypt at the first processor the session key data set comprising the session key (SK), a first processor device identifier and the first processor counter value incremented by one. Comparing to verify authenticity of the processors comprises comparing the first processor counter value to the second processor counter value where the first processor counter value should be one greater than the second processor counter value. Encrypting a session key return data set may then use the second shared secret (SS) to encrypt at the second processor the session key return data set comprising the second processor device identifier and the second processor counter value incremented by one. Encrypting a session key return data set may use the second shared secret (SS) to encrypt at the second processor the session key return data set comprising the second processor device identifier, the second processor counter value and a session key. Comparing to verify authenticity of the second processor compares that the second processor counter value is the same as the first processor counter value.
At the factory before sale of a portable electronic device, the processors may be provisioned. Alternatively the processors may be provisioned at the point of sale. Provisioning is needed prior to initiation of secure inter-processor communications. Provisioning sets each processor with at least its shared secret SS and both of their respective device identifiers.
In some embodiments, a check is made prior to provisioning to determine whether or not the processors have already been provisioned, and if so, to not allow the re-provisioning of a processor. This is to prevent a hacker from replacing one of the processor's and attempting to subvert the other processor by forcing a provisioning of the hacker's processor. This can be accomplished by checking for a provisioning flag in permanent memory such as a One-Time-Programming (OTP) location, or merely looking for the presence of a shared secret (SS) securely stored in the processor.
Specifically, prior to establishing the secure inter-processor communication link, the following substeps can be performed to provision the processors: (a) generating a pseudorandom, shared secret (SS) by the first processor. The SS must remain secret (e.g., stored in secure memory or encrypted with the processor's secret key, not revealed to the outside bus, accessible by internal trusted software only). (b) encoding, such as by concatenating, at the first processor a provisioning data set (SS|UID1) that comprises a first processor device identifier (UID1) and the shared secret (SS); this encoding of the provisioning data set uses the shared secret (SS) to encrypt the first processor identifier (UID1), or alternatively the first processor identifier (UID1) may be sent as plaintext; (c) decoding at the second processor the provisioning data set (SS|UID1) to obtain at least the first processor device identifier (UID1) from the first processor and obtain the shared secret (SS), and storing in encrypted fashion the shared secret (SS) and first processor device identifier (UID1) using its secret key; (d) encoding in the second processor the second processor device identifier (UID2); this encoding of the provisioning data set uses the shared secret (SS) to encrypt the second processor identifier (UID2), or alternatively the second processor identifier may be sent as plaintext; and (e) decoding in the first processor the second processor device identifier (UID2) and storing the second processor identifier in encrypted fashion with its secret key. Alternatively to a) the generating of the shared secret (SS) may be done by a third source and the third source transmits SS to the first processor. The third source may transmit SS to the second processor or the first processor may transmit SS to the second processor.
Although the inventions have been described and illustrated in the above description and drawings, it is understood that this description is by example only, and that numerous changes and modifications can be made by those skilled in the art without departing from the true spirit and scope of the inventions. Although the examples in the drawings depict only example constructions and embodiments, alternate embodiments are available given the teachings of the present patent disclosure. For example, although radiotelephone examples are disclosed, the inventions are applicable to laptops and Personal Digital Assistants as well as pagers, MP3 players, game consoles and digital cameras or portable video recorders.