YoVDO

Unearthing the TrustedCore - A Critical Review on Huawei’s Trusted Execution Environment

Offered By: USENIX via YouTube

Tags

USENIX Workshop on Offensive Technologies (WOOT) Courses Cybersecurity Courses Reverse Engineering Courses Mobile Device Security Courses Vulnerability Analysis Courses Trusted Execution Environment Courses

Course Description

Overview

Explore a critical review of Huawei's Trusted Execution Environment (TEE) implementation, TrustedCore, in this award-winning conference talk. Delve into the reverse-engineering process of TC's components, their interconnections, and integration with the Android system. Uncover multiple severe design and implementation flaws affecting popular Huawei devices. Examine the Trusted Application (TA) loader, revealing vulnerabilities that compromise code confidentiality. Investigate the design of Huawei's keystore system and its impact on hardware-backed cryptography and full-disk encryption. Learn about an exploitable memory corruption within the keymaster TA, enabling arbitrary code execution within ARM TrustZone. Discover how researchers bypassed mitigation techniques like stack canaries and Address Space Layout Randomization (ASLR). Gain insights into the responsible disclosure process and the implications of these findings for mobile device security.

Syllabus

Intro
Motivation
Outline
Trusted Execution Environments (TEES)
ARM Trustzone on ARMVB-A Systems
TEEs in the Field (on Android)
Overview
TrustedCore - Normal World
TrustedCore-Secure World
Loading Encrypted Trusted Applications (cont.)
Protection of Crypto Keys
Scope & Consequences
Export-Protected Crypto Keys
The Key Encryption Key (KEK)
Memory Corruption in keymaster TA
Exploit Mitigations
Lessons Learned - Hardware-Protected Crypto Keys
Lessons Learned - Attack Surface


Taught by

USENIX

Related Courses

AFL++ - Combining Incremental Steps of Fuzzing Research
USENIX via YouTube
Cloning Credit Cards - A Combined Pre-play and Downgrade Attack on EMV Contactless
USENIX via YouTube
Tick Tock - Building Browser Red Pills from Timing Side Channels
USENIX via YouTube
Zippier ZMap - Internet-Wide Scanning at 10 Gbps
USENIX via YouTube
Green Lights Forever - Analyzing the Security of Traffic Infrastructure
USENIX via YouTube