Abaphandi abavela kwiQela le-NCC ubuthathaka () kwiitshiphusi ze-Qualcomm, ezikuvumela ukuba umisele imixholo yezitshixo ze-encryption zabucala ezibekwe kwindawo evalelwe yodwa i-Qualcomm QSEE (i-Qualcomm Secure Execution Environment), esekwe kwitekhnoloji ye-ARM TrustZone. Ingxaki izibonakalisa ngo I-Snapdragon SoC, eye yasasazeka kwii-smartphones ezisekwe kwiqonga le-Android. Izilungiso ezilungisa ingxaki sele zikhona kuhlaziyo luka-Epreli lwe-Android kunye nokukhutshwa kwe-firmware entsha yeetshiphusi zeQualcomm. Kuthathe iQualcomm ngaphezulu konyaka ukulungisa ukulungiswa; ulwazi malunga nokuba sesichengeni lwathunyelwa kwiQualcomm nge-19 kaMatshi ka-2018.
Masikhumbule ukuba itekhnoloji ye-ARM TrustZone ikuvumela ukuba wenze i-hardware-indawo ekhuselekileyo ekhuselweyo eyohlulwe ngokupheleleyo kwinkqubo ephambili kwaye isebenze kwiprosesa eyahlukileyo esebenzisa inkqubo ekhethekileyo yokusebenza. Eyona njongo iphambili yeTrustZone kukubonelela ngokuqhutywa okukodwa kweeprosesa kwizitshixo ze-encryption, uqinisekiso lwebhayometriki, idatha yentlawulo kunye nolunye ulwazi oluyimfihlo. Ukusebenzisana kunye ne-OS ephambili kuqhutyelwa ngokungathanga ngqo nge-interface yokuthumela. Izitshixo ze-encryption zangasese zigcinwe ngaphakathi kwe-hardware-isolated key store, leyo, ukuba iphunyezwe ngokufanelekileyo, inokuthintela ukuvuza kwabo ukuba inkqubo engaphantsi iyancipha.
Ubuthathaka bubangelwa isiphene ekuphunyezweni kwe-algorithm ye-elliptic curve processing, ekhokelela ekuvuzeni kolwazi malunga nenkqubela phambili yokucubungula idatha. Abaphandi baye baphuhlisa indlela yokuhlaselwa kwejelo elisecaleni elivumela ukusebenzisa ukuvuza okungathanga ngqo okukhoyo ukubuyisela imixholo yezitshixo zabucala ezibekwe kwindawo ekwanti. . Ukuvuza kunqunywe ngokusekelwe kuhlalutyo lomsebenzi webhloko yokubikezela isebe kunye notshintsho kwixesha lokufikelela kwidatha kwimemori. Kuvavanyo, abaphandi babonise ngempumelelo ukubuyiswa kwe-224- kunye ne-256-bit ye-ECDSA izitshixo ezisuka kwi-hardware-eyedwa yevenkile engundoqo esetyenziswa kwi-smartphone ye-Nexus 5X. Ukubuyisela isitshixo esifunekayo ukuvelisa malunga ne-12 lamawaka esayinwe yedijithali, eyathatha ngaphezu kweeyure ze-14. Izixhobo ezisetyenzisiweyo ukwenza uhlaselo .
Isizathu esiphambili sengxaki kukwabelana ngamacandelo e-hardware aqhelekileyo kunye ne-cache yokubala kwi-TrustZone kunye nenkqubo ephambili - ukuhlukaniswa kwenziwa kwinqanaba lokuhlukana okunengqiqo, kodwa kusetyenziswa iiyunithi zekhompyutha eziqhelekileyo kunye nokulandela izibalo kunye nolwazi malunga nesebe. iidilesi ezifakwe kwicache yeprosesa eqhelekileyo. Ukusebenzisa indlela ye-Prime + Probe, esekelwe ekuhloleni utshintsho kwixesha lokufikelela kulwazi olugciniweyo, kunokwenzeka, ngokujonga ubukho beepateni ezithile kwi-cache, ukujonga ukuhamba kwedatha kunye neempawu zokusetyenziswa kwekhowudi ehambelana nokubalwa kweesignesha zedijithali TrustZone ngokuchaneka okuphezulu.
Ixesha elininzi ukwenza umsayino wedijithali usebenzisa izitshixo ze-ECDSA kwiitshiphusi ze-Qualcomm lichithwa kusenziwa imisebenzi yophindaphindo kwiluphu kusetyenziswa i-vector yokuqalisa engatshintshwanga kumsayino ngamnye.). Ukuba umhlaseli angafumana kwakhona amasuntswana ambalwa ngolwazi malunga nale vector, kuyakwenzeka ukwenza uhlaselo ukubuyisela ngokulandelelana iqhosha labucala lonke.
Kwimeko ye-Qualcomm, iindawo ezimbini apho ulwazi olunjalo luye lwavuza luchongiwe kwi-algorithm yokuphindaphinda: xa usenza imisebenzi yokukhangela kwiitheyibhile kunye nekhowudi yokubuyisela idatha esekelwe kwixabiso lokugqibela kwi-vector "nonce". Ngaphandle kwento yokuba ikhowudi ye-Qualcomm iqulethe imilinganiselo yokuchasana nokuvuza kolwazi ngokusebenzisa amajelo omntu wesithathu, indlela yohlaselo ephuhlisiweyo ikuvumela ukuba udlule kula manyathelo kwaye umisele amasuntswana amaninzi exabiso elithi "nonce", elaneleyo ukubuyisela izitshixo ze-256-bit ECDSA.
umthombo: opennet.ru