Carrier Level Immutable Protection (CLIP): secure and trusted technology to empowering carriers.

Tuesday, March 26, 2019

A year ago, we were signing our partnership agreement with Rivetz, where we set the stage for the creation of a new decentralized model to enhance data security and management. Currently, we are in a position to talk about our first prototypes of a technology developed to provide security to all Movistar SIM-based mobile devices. To this end, we have used hardware components nowadays included in billions of devices: the so-called Trusted Execution Environments (TEE).

Alliance ElevenPaths Rivetz Wanchain Civic imagen

In the early days of the cell phone industry, it was easy for bad actors to clone your phone’s identity and run up all sorts of charges on your phone number. Early carriers required their users to set up a PIN in order to use their devices. The Subscriber Identity Module (you may have heard of the SIM card) came out of the European Telecommunications Standards Institute’s efforts to combat fraud. The SIM held the identity of the device and device owner in a way that could not be intercepted by any malicious users.

Until now, we are still using this approach, letting a single point manage our assets (or anything else, for that matter) which has become an exploitable vector for malicious actors or criminals. Even if the single point is difficult to break into, you might not notice it right away if you leave your phone at the office, drop it at a concert or someone with your private info steals it and impersonates you. First comes the fear when you realize you have lost it along with your photos and, essentially, your entire private life but then the truly frightening moment is when you realize you gave away your digital identity along with your account details, privileges and potentially access to your funds.

The Solution
If your security relies on one point, why not distribute security assets across two or more secure locations inside the same mobile device? Where each one provides different secure interoperability, security controls and management capabilities.  Therefore, according to our project’s vision we have taken into account that modern smartphones are equipped with independent carrier and application security domains such as the SIM, which is a proven security device certified at EAL6+ and also the TEE, which is a proven security environment certified at EAL2. In addition, we have to consider external elements as an additional layer of defense in those cases where users cannot depend on compromised mobile components. Depending of the use case these external supporting features can be a network of trusted devices, for instance an IoT environment, or a blockchain sustained identity for business scenarios.

Our research and technology partner, Rivetz, joined the project in order to provide security technology  and hardware security policies for SIM-based ecosystems, enabling a safer and simpler model for the protection of user’s digital assets and generating a hardware-based device identity. Rivetz works closely with other key partners creating a rich set of tools and functionalities where TEE becomes the cornerstone of trusted interoperable services. Digital identity services via Civic a key role in the technology ecosystem. Cryptocurrencies interoperability via cross-chain with Wanchain to enable community engagement and continuity to the project. Telefonica, as the Mobile Network Operator, identifies and develops platform, market, and security use cases suitable for our CLIP technology. Rivetz, Civic and Wanchain joined the ElevenPaths’ partnership program as R&D partners for this and future collaboration projects.

How it works
If we can distribute an asset across two or more security domains, we can create an environment tolerant to any failure of one of those security domains. By utilizing integrity measurements and verification, we can attest that these distributed assets have not been compromised before the sensitive information is released.

With CLIP, application secrets are distributed amongst the two hardware roots of trust of the handset. By provably assuring that both roots of trust are involved in the execution of a transaction, we can provide dual management frameworks with independent controls and attack resistance. Multiple methods exist to cryptographically protect and ensure persistence of distributed application secrets.  These include split-key, crypto anchored, and zero knowledge protocols.  All protocols must provide for cryptographically provable secret migration and escrow services. The initial implementation will be with a SIM and TEE that will demonstrate the usability in different use cases.  Key protection mechanisms in the SIM are performed by the Trusted supplied Applet (Dual Roots Applet - DRA). The protocol is also extensible for more than two security domains in order to expand or adapt the assets distribution according to the target scenario configuration.

Dual Roots Applet - DRA imagen

The previous image reflects our initial approach to a typical mobile scenario using a TEE-enabled smartphone, splitting the key between the Movistar/Telefonica SIM and the TEE managed by the Rivetz Middleware and App. One of the reasons of this distribution in these two roots, despite the fact that they’re in the same device is that they are under control of completely different entities. The Carrier is in control of the SIM while the TEE remains under control of the device manufacturer of the device, but accesible by granted third-parties such us Rivetz. Through a special application given permission to perform activities inside the TEE, the user can remain in control of the secrets within. 

Some of the most remarkable security properties of this approach are:
  • Open Mobile API provides permissioned access to SIM via Android native calls 
  • SIM Provision with ARA (Access Rules Application) which enables identified REE (Rich Execution Environment) world application access to the specified SIM Java Card application
  • SIM Provision with DRA Java Card application for the CLIP split key algorithm
  • Access from TEE to DRA is controlled via ARA control list. 

CLIP Lab Descrption
As development progresses we have outgrown the utility of virtualized SIM cards and OTA carrier control emulators. As the next step in our collaboration, Rivetz and ElevenPaths have created a small mobile network, dubbed the CLIP Lab, to develop, test, and validate our applications and network services in a near-production environment. The CLIP Lab will be the platform we use to develop OTA controls and bring the DRT technology to life in a functional handset – no emulators or virtualization. We are excited to show the world everything we’ve been working on performing in a live environment.

The CLIP Lab has three connected components that come together to form the development and testing environment. The mobile networking core is hosted in Telefonica’s data center in Miami, called the Keycenter, and runs a full LTE network core capable of supporting a small number of handsets. Additionally, there are two sites with antennas and Faraday boxes where handset applications will be demonstrated, developed, and tested. These antenna sites are located in San Francisco, California and Malaga,Spain. 


Fraud Use Case
One of the most typical fraud scenarios occurs when someone impersonates a user because the legitimate one has lost their smartphone or it was stolen. In this situation we have different threats and attack vectores:
  1. In case of SIM swapping to another mobile device, with a theoretical unlocked SIM, the user remains protected, as part of his key is located in his phone hardware, therefore, malicious user will not be able to register into the Carrier infrastructure due to the lack of proper remote attestation performed by Carrier at the initial negotiation.
  2. Similar happens if trusted SIM is substituted with another one, the attacker will not be able to get passwords, wallets keys, etc. As part of this data is protected because original SIM contains part of the neccesary splitted key. Literally, attacker will get an error when trying to decrypt the key through the phone. 
  3. Finally, when user loses their phone, gets new one, then gets a new SIM, calling MNO (Mobile Network Operator) to activate it in network, even if MNO verified identity and pass through SIM card, user remains protected through the  Trusted network. This concept relies on a backup and migration process based on 2-3 other user devices (Cell Phone, Cable Box, Smart TV, etc.). Therefore any impersonation using private details of the user will fail because they won’t be able to register into the Carrier network.

This final scenario is the ultimate security enhancement of the CLIP project. We provide, as a backup of trust, a way for users to place the smartphone into a trusted network with some of their devices (Smart TV/Laptop/Tablet), then attest with those devices. In case of a lost SIM and handset the user can manage keys through this backup, disabling or recovering lost keys. With help of the Carrier, users can block or unblock SIMs among other management functionalities. By default, user would have to recover the trusted state of the new handset, an attacker has no chance to access to data or steal money. This trusted environment ultimately protects user data and assets if a malicious user wants to rebuild the dual roots state in a new mobile device. In case of a legitimate user trying to recover their Carrier operatibility by buying new phone with new SIM card and activating it, they will need to configure and attest this handset in the trusted network through backup devices. 

Movistar-Rivetz solution imagen

Automotive IoT Use Case
Cars nowadays have become complex IoT environments with a lot of sensors, panels and gateways.Along with the technnology, security concerns and risks have grown. Some of these typical threats are car theft due to wireless technologies or car hacking, which can perform  malicious actions such as blocking engine startup or shutting down a moving car.

These security issues are magnified with self driving vehicles using M2M SIM cards increasing their reacheability, where only secure mechanisms such as our trusted network can provide advanced protection levels and resilience advantages. In this sense, CLIP interacts with SIM and onboard computer TEE which ensures a new level of security. If any attacker tries to steal it, the trusted network will not release the key, and the vehicle will not start. Alternatively the car’s data (license plate, Vehicle Identification Number - VIN) can be registered with the Rivetz network, where it will automatically marked and the user will be notified if there are any policy violations or access attempts. For example, the car may be locked if the VIN is reported stolen. Trusted User Interface(TUI) intent from a user may be requested to release keys to start the car if the current location is not within the user’s registered home location. In this scenario the carjackers will not be able to take control of the car without CLIP keys. 

Automotive IoT Use Case imagen

Conclusions
We need a way to distribute sensitive cryptographic assets so they are provably protected,splitting the access control and security capabilities into two or more independent entities. We start with roots of trust that already exist on mobile platforms. The SIM and the TEE are two of the most ubiquitous secure enclaves and are not controlled by the same entity – one is guarded by the carrier, the other by the manufacturer. If we start with these two, we protect a wide swath of the market and can move to others in time. As our mobile devices have become more important in our everyday lives and contain so much of our personal and vulnerable data, we need better ways to protect them. Dual Roots of Trust is the next step in keeping our assets safe.


Innovación y laboratorio en ElevenPaths

No comments:

Post a Comment