@inproceedings{3fb3255f7f1249e5bc07929e58fcd99d,
title = "Navigating the samsung trustzone and cache-attacks on the keymaster trustlet",
abstract = "The ARM TrustZone is a security extension helping to move the “root of trust” further away from the attacker, which is used in recent Samsung flagship smartphones. These devices use the TrustZone to create a Trusted Execution Environment (TEE) called a Secure World, which runs secure processes called Trustlets. The Samsung TEE is based on the Kinibi OS and includes cryptographic key storage and functions inside the Keymaster trustlet. Using static and dynamic reverse engineering techniques, we present a critical review of Samsung{\textquoteright}s proprietary TrustZone architecture. We describe the major components and their interconnections, focusing on their security aspects. During this review we identified some design weaknesses, including one actual vulnerability. Next, we identify that the ARM32 assembly-language AES implementation used by the Keymaster trustlet is vulnerable to cache side-channel attacks. Finally, we demonstrate realistic cache attack artifacts on the Keymaster cryptographic functions, despite the recently discovered Autolock feature on ARM CPUs.",
author = "Ben Lapid and Avishai Wool",
note = "Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2018.; 23rd European Symposium on Research in Computer Security, ESORICS 2018 ; Conference date: 03-09-2018 Through 07-09-2018",
year = "2018",
doi = "10.1007/978-3-319-99073-6\_9",
language = "الإنجليزيّة",
isbn = "9783319990729",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "175--196",
editor = "Javier Lopez and Jianying Zhou and Miguel Soriano",
booktitle = "Computer Security - 23rd European Symposium on Research in Computer Security, ESORICS 2018, Proceedings",
address = "ألمانيا",
}