brand logo

Securing your information with Trust Architecture

18 Dec 2021

Service-oriented systems are built for availability, interconnection, and scalability. Application microservices, cloud infrastructure, and security tools enable service-oriented systems to be adopted as a best practice for all developers and for all modern applications. A Trust Architecture provides a framework that enables trusted data to flow through a service-oriented system. When a connected device is providing data to another system participant as a service, it must go further than simply providing an endpoint to supply data; it must cryptographically prove its identity and cryptographically sign all data that it sends into the rest of the distributed system.  In other words, a device should serve its identity and data in a way that any other device or application can trust, anywhere in the application stack. Recipients of this data should have a common and openly available way to verify the origin and cryptographic signatures of all data received. The only way for secure interoperability to exist among vast networks of connected devices is for devices to serve trusted data to their entire ecosystem as a service in a verifiable way. It’s the responsibility of devices to serve metadata that allows other services to reason about their trustworthiness – that is a Trust Architecture. Just as application developers assume service-oriented design in their web apps, they now need to adopt Trust Architecture principles when building application stacks with connected devices. Only then can billions of connected devices safely scale to serve the applications that rely upon their data. This is how autonomous systems in the future will be able to arrive at well-reasoned determinations of data trustworthiness in their ecosystems. Perhaps the most viable application of Trust Architecture is TrustZone. Knox, Samsung’s defense-grade security platform built into our latest mobile devices, leverages a processor architecture known as ARM TrustZone to keep our devices secure. In TrustZone, there are two worlds, the “Normal World”, and the “Secure World”. Virtually all smartphone software as we know today still runs in the Normal World. The Secure World is reserved for highly sensitive computations, and is used extensively by Knox for protecting enterprise confidential data. TrustZone consists of three core components; TrustZone-based Integrity Measurement Architecture (TIMA) KeyStore, real-time kernel protection (RKP), and attestation. Checking the integrity of Android itself is handled by a built-in Android feature called device mapper verity (dm-verity) that provides integrity checking at a very low level. Samsung’s version of dm-verity includes some enhancements that make it easier for carriers to patch Android on devices using firmware over-the-air updates. Samsung smartphones go beyond the basic Android checks with a series of Samsung proprietary security features that add integrity checking to Android, known as TIMA. Samsung’s TIMA runs inside the TrustZone Trusted Execution Environment (TEE), which provides a wide variety of security services, including attestation, a trusted user interface, KeyStore, Client Certificate Management, and two components that are part of the TIMA real-time protections; RKP and periodic kernel measurement (PKM). Security professionals like to combine both active and passive security checks to catch malicious behaviors. PKM is a passive check – it is software that runs in the TrustZone TEE regardless of whether anything is trying to touch the Android kernel. PKM periodically checks the kernel to detect if code or data have been modified by malicious software. PKM also checks the integrity of key data structures used by SE for Android to detect attempts to disable those security checks. RKP is an active security check designed to block tampering with the kernel. With RKP, critical kernel events are intercepted and inspected in the TrustZone TEE. Events that impact the kernel can be blocked or logged to indicate suspected tampering. Tamper alerts are available for mobile device management (MDM) and enterprise mobility management (EMM) software, which means that checking those logs is a key task for security-minded IT managers. TIMA combines active and passive protections and runs within the protected world of the TrustZone TEE. RKP tries to block tampering; if something gets through or around RKP, then PKM can pick it up. In either case, when a security problem is detected, IT managers can see an alert in their MDM/EMM software and proactively take action. With both passive and active integrity checks via TIMA and the TrustZone TEE, and Samsung’s Trusted Boot technologies, Android devices have a strong, hardware-assisted security setup to create easy-to-deploy and protected hardware for today’s enterprise. Samsung Blockchain Keystore leverages the ARM’s TrustZone, which is one of the best known technologies to implement TEE in mobile devices. TEE is a secure area inside a main processor. As an isolated environment, it makes sure that the code and data loaded in the TEE are protected from software attacks and vulnerabilities in the Rich Execution Environment (REE).

Kapruka

Discover Kapruka, the leading online shopping platform in Sri Lanka, where you can conveniently send Gifts and Flowers to your loved ones for any event. Explore a wide range of popular Shopping Categories on Kapruka, including Toys, Groceries, Electronics, Birthday Cakes, Fruits, Chocolates, Automobile, Mother and Baby Products, Clothing, and Fashion. Additionally, Kapruka offers unique online services like Money Remittance, Astrology, Medicine Delivery, and access to over 700 Top Brands. Also If you’re interested in selling with Kapruka, Partner Central by Kapruka is the best solution to start with. Moreover, through Kapruka Global Shop, you can also enjoy the convenience of purchasing products from renowned platforms like Amazon and eBay and have them delivered to Sri Lanka.Send love straight to their heart this Valentine's with our thoughtful gifts!

Discover Kapruka, the leading online shopping platform in Sri Lanka, where you can conveniently send Gifts and Flowers to your loved ones for any event. Explore a wide range of popular Shopping Categories on Kapruka, including Toys, Groceries, Electronics, Birthday Cakes, Fruits, Chocolates, Automobile, Mother and Baby Products, Clothing, and Fashion. Additionally, Kapruka offers unique online services like Money Remittance, Astrology, Medicine Delivery, and access to over 700 Top Brands. Also If you’re interested in selling with Kapruka, Partner Central by Kapruka is the best solution to start with. Moreover, through Kapruka Global Shop, you can also enjoy the convenience of purchasing products from renowned platforms like Amazon and eBay and have them delivered to Sri Lanka.Send love straight to their heart this Valentine's with our thoughtful gifts!


More News..