An Overview of Security Model applied on Samsung 2010 TV

An Overview Of Security Model Applied On Samsung 2010 Tv-Free PDF

  • Date:04 Feb 2020
  • Views:45
  • Downloads:0
  • Pages:13
  • Size:475.23 KB

Share Pdf : An Overview Of Security Model Applied On Samsung 2010 Tv

Download and Preview : An Overview Of Security Model Applied On Samsung 2010 Tv


Report CopyRight/DMCA Form For : An Overview Of Security Model Applied On Samsung 2010 Tv


Transcription:

Samsung Electronics Inc Confidential 2010 All rights reserved by Samsung. Table of Contents,Table of Contents 2,1 Introduction 3. 1 1 Device Security Concept 3,2 System Security Architecture 3. 2 1 Reliable Hardware 4,2 2 Secure Environment 4,2 3 Secure Transport 6. 3 DRM Security 7,3 1 WMDRM 7,3 1 1 WMDRM Overview 7. 3 1 2 WMDRM compliance 7,3 2 Widevine 8,3 2 1 Widevine Key Management 9.
3 2 2 Caching of Widevine Content 9,3 2 3 Widevine Update 9. Widevine module is included in the Samsung application Samsung Application will be updated using. Secure Update mechanism 9,4 Application Security 9. 4 1 Widget Security 9,4 2 Browser Security 10,5 Interface Management 10. 5 1 Input Port Protection 10,5 2 Network Security 11. Appendix The Issue Of Cracking Samsung TV 12,Contents Library Hole 12.
Samsung s Countermeasure Fixing Security Holes 12,Introduction. The main purpose of this document is to present security model applied to Samsung TV BD players. with Internet TV in 2010 models Even though we say about the TV in this document the same. security system is applied on the BD players also It was designed and implemented by using well. known crypto primitives protocols best practices and it is also important to note that our security in its. core concept doesn t base on any kind of hidden knowledge about our device internals And we. believe that document organized in such manner that answers to variety of major questions related to. particular security aspects and presents whole picture of applied security concept. Device Security Concept, While conceptually it is extremely difficult and expensive to provide protection against unauthorized. physical access to device internals our TV device security architecture focuses on achieving the. following goals, Prevent situation when after hacking of one particular device it will be possible to use. gained information for hacking another devices by using pure network or software methods. It should require a sophisticated combination of hardware and software engineering. skills and expensive professional tools to hack the one particular device. In other words it means that there is no way to hack Samsung TV devices rather than physically access. and modify some internal hardware components,System Security Architecture. Samsung TVs security architecture is based on three major components. Reliable Hardware,Secure Environment,Secure Transport.
The first one is the base of our device security and its core component is specially designed SoC with. embedded secret keys and crypto functions the second one secures device internals and actively uses. hardware SoC for securing sensitive data the third one secures network connection between device and. authorized partners They combine specially designed hardware software methods and actively use. embedded cryptography All of them are well integrated and their combined power creates highly. secure and trusted TV device,Reliable Hardware, Obviously hardware is one of the important parts of modern device security There are several well. known technologies for creating reliable and secure hardware environment and Samsung uses part of. them in its TV products,One Time Programmable, Programmable OTP Memory OTP memory uses permanently programmed memory cells. to implement small memories with good security properties These memories represent the most secure. solution available for deployed systems Access to them ccan. an be tightly controlled reverse engineering is, difficult and expensive due to expensive engineering tools necessity. System on Chip architecture Samsung uses specially designed chip with integrated cryptography that. supports variety of crypto primitives like AES TDES CMAC SHA1 and RC4 Each chip has set of common. keys embedded into all of them and they also contain unique key per each chip The last point is most. noticeable because by using that unique key Samsung creates unique chain of trust inside of each. particular device, Outputs Samsung TV devices don t have any kind of video outputs or debugging ports available on. Secure Environment, Secure Environment is the second core concept implemented in our security architecture It consists of.
al components actively used by our internal software and available for software solutions provided. by our partners, Secure Boot It ensures that only software certified by Samsung could run on our devices Secure boot. design based on using OTP as a first component that control integrity and authentication of core kernel. components During runtime authorized kernel control and verify application level processes see Fig 2. In other words Boot loader is located on OTP area of the flash memory When booting. bootin up boot loader, is loaded to memory and is executed Then boot loader loads the kernel to memory and then. authenticates the kernel with its integrity check value e g RSA signature After kernel authorization. the kernel is executed and it subsequently authenticates the application with its integrity check value. Application means all data on read only partition of Flash such as rootfs main application program. shared library each certificate file for WMDRM and HubSite etc Application doesn t include data which. can be written onto writable partition of Flash But each module which downloads any file from. external device or server will check the security of the input data. Secure Storage This component provides functionality for storing sensitive data in a cryptographically. strong manner within internal flash memory Each application has its own unique access credentials. Secure Storage generates unique data encryption key for each application and associates it with. credentials It uses generated key for encrypting particular application data only All application keys. stored in the keys repository under protection of unique secrete key embedded in SoC Secure Storage. checks the integrity also of all the stored data Applications don t have any access to that repository and. can t use encryption keys directly They can make requests for securing or reading data from Secure. Storage only, Secure Update As mentioned before TV is combination of specially designed hardware and software If. hardware s working well there s no need to update the firmware But firmware can add capabilities to. existing hardware and extend amount of services available through TV device And it is necessary to. patch unexpected security holes if we find anything Samsung designed and implemented firmware s. secure update mechanisms available in both online and offline versions In both cases new firmware. image installed only after proper verification Verification is performed by using RSA public key. algorithms and device contains only public key part of RSA key pair necessary for firmware image. verification Public key is well protected by using unique secrete key embedded in SoC Samsung. provides firmware image only in an encrypted way which can be decrypted after the verification of the. integrity with the appropriate SoC and knowledge about decryption key derivation algorithms The. rollback to an older firmware version is prevented by checking the firmware version due to the security. Key Management The hierarchy of secret keys see Fig 1 used by different system components is. unique for each device and system uses the unique secret key in SoC as a root Key Encryption Key. Device Unique Identifier Each device has unique identifier derived in cryptographically strong manner. from unique seed value embedded into internal chip. Embedded secrete key,Secure Keys Repository,App 1 private key App N private key. Secure Data Repository,App N App N App N App N,Secrete Data CA Certificate AES key.
Fig1 The hierarchy of secret keys,Fig2 Components interaction diagram. Secure Transport, This is the third core concept implemented in our security architecture Its main goal is to provide. reliable secure transport between devices and authorized partner sites To be able to do that Samsung. TV devices utilize well known and widely used network technologies like SSL Adobe RTMPe and HTTPS. Open Trusted Network OTN It is specially designed device management protocols. protoco and API that, provide variety of device management mechanisms over SSL protocols In particular firmware online. update protocol is a part of OTN and uses SSL for securing transactions between device and Samsung. Certificate management To be able to use the whole power of TLS and HTTPS protocols Samsung. provides certificate management solution for its TV devices It incorporates unique certificate issuing. updating and revoking for each device, RTMPe Streaming As one method of secure transport between. between Samsung devices and authorized Video, On Demand partners Samsung TV devices implement Stagecraft v 1 2 which supports SWF verification.
and RTMPe streaming protocol provided by Adobe RTMPe incorporates encryption of video streams. with private key on n partner server and decryption on Samsung devices and can be used by service. providers to securely deliver content to Samsung devices. devices It is up to the service provider to decide. whether the service will use RTMP or RTMPe More ore generally for securing prem. premium VOD content,content is delivered through RTMPe exclusively. DRM Security,1 1 1 WMDRM Overview,Samsung Internet TV. TV can use WMDRM 10 as one of the methods for protecting premium content. streamed from the server Currently we don t support playing downloaded. downloaded content The first released,service using WMDRM10 is started at March 2010. 2010 7 WMDRM 10 certificate and key are protected by. Secure Storage,1 1 2 WMDRM compliance, License Agreement Number And Date see the table below. Version of WMDRM10 PD,PD Distribution should be 10 8 or later 10 8.
Samsung already made agreement with Microsoft for Janus and License Information is following. We intentionally delete a part of agreement number for security. License Name Agreement Number Company Name, Microsoft WMFC Distribution 51375xxxx 2004 03 16 SEC Samsung Electronics. License WMA WMV Company, WMDRM10 for Final Product 513887xxxx 2004 11 01 SEC 2006 03 17. Distribution License, Samsung Internet TV meets Microsoft Compliance and Robustness Rules. Compliance Rules for WMDRM10 Portable Devices Platforms. Compliance Rules for WMDRM10 Portable Devices Applications. Robustness Rules for WMDRM10 Devices,Caching of WMDRM10 Content. WMDRM10 Content is not stored at a flash and all of WMDRM10 Content will be removed. completely when the set is power off In other words the WMDRM10 Content will only be held. in RAM while the movie is playing, Anybody cannot view those real values with Widely Available Tools.
Caching of WMDRM10 License, WMDRM10 License file is not stored at a flash and will be removed completely when movie is. WMDRM10 sensitive data, During factory provisioning process we insert WMDRM10 sensitive data into Secure Storage. WMDRM module also uses Secure Storage to read write its data except HDS. WMDRM10 Update, WMDRM10 module is included in the TV application TV Application will be updated using. Secure Update mechanism, Also Samsung Internet TV can use Widevine as one of the methods for protecting premium content. streamed from the server Widevine can support the three major functions adaptive streaming. Widevine DRM and Widevine live streaming,1 1 3 Widevine Key Management.
The Widevine sensitive key is stored in Secure Storage during the manufacturing time For the devices in. the market like TVs outside the USA which do not have the Widevine keys the Widevine sensitive key. may be downloaded and be stored in Secure Storage at field when it needs by Widevine company. 1 1 4 Caching of Widevine Content, Widevine Content is not stored at a flash and all of Widevine Content in RAM will be removed. completely when the set is power off In other words the Widevine Content will only be held in RAM. while the movie is playing,1 1 5 Widevine Update, Widevine module is included in the Samsung application Samsung Application will be updated using. Secure Update mechanism,Application Security,Widget Security. Samsung Internet DTV defines trusted widget group TWG this group consists of the Specific. content provider s widget and any other Samsung widgets that are permitted to run together with the. specific content provider s widget This group does not contain any non essential members Currently. Samsung Widget Manager Samsung specific content provider s Widget belong to this group. All member of TWG are digitally signed using RSA and encrypted using AES 128. Files with extension such as txt js xml html htm css so will be encrypted And these. encrypted files will be used as input to generate signature The files without above extensions will not. be encrypted and not used as input to generate signature In addition Samsung DTV does not use. libPNG but use Samsung proprietary library which is safe against buffer overflow attack. Specific widget has the permission information at config xml which is mandatory configuration file. of each widget This config xml file is protected by widget signature system. Including specific content provider s specific API all secure TVAPIs have some verification code at. the beginning of each API call If the caller widget is verified . On Demand partners Samsung TV devices implement Stagecraft v 1 2 which supports SWF verification and RTMPe streaming protocol provided by Adobe RTMPe incorporates encryption of video streams with private key o n partner server and decryption on Samsung devices and can be used by service providers to securely deliver content to Samsung devices

Related Books