Ndị nyocha sitere na NCC Group adịghị ike () na Qualcomm ibe, nke na-enye gị ohere ikpebi ọdịnaya nke igodo nzuzo nzuzo dị na mpaghara Qualcomm QSEE dịpụrụ adịpụ (Qualcomm Secure Execution Environment), dabere na teknụzụ ARM TrustZone. Nsogbu na-egosipụta onwe ya na Snapdragon SoC, nke agbasala na smartphones dabere na ikpo okwu gam akporo. Ndozi na-edozi nsogbu ahụ adịlarị na mmelite Eprel gam akporo na mwepụta firmware ọhụrụ maka ibe Qualcomm. Ọ were Qualcomm ihe karịrị otu afọ iji dozie ndozi; ozi gbasara adịghị ike ahụ ezigara na Qualcomm na Machị 19, 2018.
Ka anyị cheta na teknụzụ ARM TrustZone na-enye gị ohere ịmepụta gburugburu echekwabara ngwaike nke kewapụrụ kpamkpam na isi sistemụ ma na-agba ọsọ na processor mebere dị iche site na iji sistemụ arụmọrụ pụrụ iche. Ebumnuche bụ isi nke TrustZone bụ ịnye ndị nrụpụta ọrụ dịpụrụ adịpụ maka igodo nzuzo, nyocha biometric, data ịkwụ ụgwọ na ozi nzuzo ndị ọzọ. Mmekọrịta na isi OS na-eme n'ụzọ na-edoghị anya site na ntinye ntinye. A na-echekwa igodo ezoro ezo nkeonwe n'ime ụlọ ahịa igodo dịpụrụ adịpụ ngwaike, nke, ọ bụrụ na etinyere ya nke ọma, nwere ike igbochi ntapu ha ma ọ bụrụ na emebighị sistemu dị n'okpuru.
Ọdịmma ahụ bụ n'ihi ntụpọ na mmejuputa usoro nhazi nke elliptical curve algorithm, nke mere ka mwepu ozi gbasara ọganihu nke nhazi data. Ndị na-eme nchọpụta ewepụtala usoro ọgụ n'akụkụ ọwa nke na-enye ohere iji ntapu na-apụtaghị ìhè dị ugbu a nwetaghachi ọdịnaya nke igodo nzuzo dị na ngwaike dịpụrụ adịpụ. . A na-ekpebi nkwụsịtụ dabere na nyocha nke ọrụ nke ngọngọ amụma alaka na mgbanwe na ohere ịnweta data na ebe nchekwa. N'ime nnwale ahụ, ndị nchọpụta ahụ gosipụtara nke ọma mgbake nke igodo 224- na 256-bit ECDSA site na ụlọ ahịa igodo dịpụrụ adịpụ nke ejiri na Nexus 5X smartphone. Ịweghachi igodo ahụ chọrọ ịmepụta ihe dị ka puku iri na abụọ ntinye aka dijitalụ, nke were ihe karịrị awa 12. Ngwa eji ebu agha .
Isi ihe kpatara nsogbu ahụ bụ ịkekọrịta ngwaike nkịtị na cache maka mgbakọ na mwepụ na TrustZone na na isi usoro - a na-ekewapụ iche na ọkwa nkewapụ ezi uche, ma na-eji nkeji mgbakọ na-emekọ ihe ọnụ yana akara mgbako na ozi gbasara alaka ụlọ ọrụ. A na-edobe adreesị na cache nkịtị. Iji usoro Prime + Probe, dabere n'ịtụle mgbanwe n'oge ịnweta ozi echekwara, ọ ga-ekwe omume, site na ịlele ọnụnọ nke usoro ụfọdụ dị na cache, nyochaa usoro data na ihe ịrịba ama nke ogbugbu koodu jikọtara na mgbako nke mbinye aka dijitalụ na. TrustZone nwere izi ezi dị elu.
Ọtụtụ oge iji wepụta mbinye aka dijitalụ site na iji igodo ECDSA na ibe Qualcomm na-eji arụ ọrụ ịba ụba na akaghị aka site na iji vector mmalite nke na-agbanweghị maka mbinye aka ọ bụla (). Ọ bụrụ na onye mwakpo ahụ nwere ike nwetaghachi opekata mpe ole na ole yana ozi gbasara vector a, ọ ga-ekwe omume ịme mwakpo iji weghachi igodo nzuzo niile n'usoro.
N'ihe banyere Qualcomm, a na-achọpụta ebe abụọ ebe ozi dị otú ahụ na-agbapụta na algorithm multiplication: mgbe ị na-arụ ọrụ nyocha na tebụl na koodu ntinye data ọnọdụ dabere na uru nke ikpeazụ bit na vector "nonce". N'agbanyeghị eziokwu na koodu Qualcomm nwere usoro iji gbochie mgbasa ozi site na ọwa ndị ọzọ, usoro mbuso agha mepere emepe na-enye gị ohere ịgafe usoro ndị a wee chọpụta ọtụtụ ọnụọgụ nke uru "enweghị oge", nke zuru ezu iji nwetaghachi igodo 256-bit ECDSA.
isi: opennet.ru