Abaphandi abavela kwiQela le-NCC
Masikhumbule ukuba itekhnoloji ye-ARM TrustZone ikuvumela ukuba wenze i-hardware-indawo ekhuselekileyo ekhuselweyo eyohlulwe ngokupheleleyo kwinkqubo ephambili kwaye isebenze kwiprosesa eyahlukileyo esebenzisa inkqubo ekhethekileyo yokusebenza. Eyona njongo iphambili yeTrustZone kukubonelela ngokuqhutywa okukodwa kweeprosesa kwizitshixo ze-encryption, uqinisekiso lwebhayometriki, idatha yentlawulo kunye nolunye ulwazi oluyimfihlo. Ukusebenzisana kunye ne-OS ephambili kuqhutyelwa ngokungathanga ngqo nge-interface yokuthumela. Izitshixo ze-encryption zangasese zigcinwe ngaphakathi kwe-hardware-isolated key store, leyo, ukuba iphunyezwe ngokufanelekileyo, inokuthintela ukuvuza kwabo ukuba inkqubo engaphantsi iyancipha.
Ubuthathaka bubangelwa isiphene ekuphunyezweni kwe-algorithm ye-elliptic curve processing, ekhokelela ekuvuzeni kolwazi malunga nenkqubela phambili yokucubungula idatha. Abaphandi baye baphuhlisa indlela yokuhlaselwa kwejelo elisecaleni elivumela ukusebenzisa ukuvuza okungathanga ngqo okukhoyo ukubuyisela imixholo yezitshixo zabucala ezibekwe kwindawo ekwanti.
Isizathu esiphambili sengxaki kukwabelana ngamacandelo e-hardware aqhelekileyo kunye ne-cache yokubala kwi-TrustZone kunye nenkqubo ephambili - ukuhlukaniswa kwenziwa kwinqanaba lokuhlukana okunengqiqo, kodwa kusetyenziswa iiyunithi zekhompyutha eziqhelekileyo kunye nokulandela izibalo kunye nolwazi malunga nesebe. iidilesi ezifakwe kwicache yeprosesa eqhelekileyo. Ukusebenzisa indlela ye-Prime + Probe, esekelwe ekuhloleni utshintsho kwixesha lokufikelela kulwazi olugciniweyo, kunokwenzeka, ngokujonga ubukho beepateni ezithile kwi-cache, ukujonga ukuhamba kwedatha kunye neempawu zokusetyenziswa kwekhowudi ehambelana nokubalwa kweesignesha zedijithali TrustZone ngokuchaneka okuphezulu.
Ixesha elininzi ukwenza umsayino wedijithali usebenzisa izitshixo ze-ECDSA kwiitshiphusi ze-Qualcomm lichithwa kusenziwa imisebenzi yophindaphindo kwiluphu kusetyenziswa i-vector yokuqalisa engatshintshwanga kumsayino ngamnye.
Kwimeko ye-Qualcomm, iindawo ezimbini apho ulwazi olunjalo luye lwavuza luchongiwe kwi-algorithm yokuphindaphinda: xa usenza imisebenzi yokukhangela kwiitheyibhile kunye nekhowudi yokubuyisela idatha esekelwe kwixabiso lokugqibela kwi-vector "nonce". Ngaphandle kwento yokuba ikhowudi ye-Qualcomm iqulethe imilinganiselo yokuchasana nokuvuza kolwazi ngokusebenzisa amajelo omntu wesithathu, indlela yohlaselo ephuhlisiweyo ikuvumela ukuba udlule kula manyathelo kwaye umisele amasuntswana amaninzi exabiso elithi "nonce", elaneleyo ukubuyisela izitshixo ze-256-bit ECDSA.
umthombo: opennet.ru