Did Nexus S and iPhone5 NFC implementations forget about TrustZone?

Posted by Charbax – January 31, 2011

The idea as suggested in this computerworld column, is that the next generation smart phones are to replace all passwords, credit cards, car keys and other identification and authentication functions.

The potential problem I see with Nexus S and the rumored iPhone5′s NFC implementation would be if they leave out ARM’s TrustZone security system. If those NFC chips are nothing much more than some types of RFID tags for near field authentication, that wouldn’t be enough. We need devices with 100% secure modes that are built in the hardware and that are not improvised in software.

As you can see in the video below, as far as I understand it, TrustZone uses a hardware mechanism in the phone’s hardware to provide for 100% security in authentication, which could be used not only for secure payments, but for authentication with any kinds of online banking and any passwords for any type of website.

The idea is that you need to be able to put your phone in a 100% secure mode from which the authentication happens in some 100% secure way. The secure mode is a parallel OS mode on the phone, which cannot be hacked nor cannot display spoofed authentication screens.

Here’s a usage scenario. You click on any website with a login, be it gmail or any other website, instead of typing in your password on the screen, which could have keyloggers and trojan horses, a login prompt automatically displays on your phone with a light indicator elsewhere than on the screen of your phone lights up letting you know you are in 100% secure mode, the secure mode asks you to authenticate for a given authenticated domain login, you type in your 4-number pin code on your phone in the secure mode, that’s it, your phone authenticates your browser logon, no matter what site it is. Basically, your phone becomes as secure as those calculator types authentication systems that online banks use. Those are basically unhackable, because encryption can be so strong, it would take billions of years for all the computers in the world to find the key to powerful encryption. The only way for someone to access your online accounts would be for them to steal your phone and to know your pin code.

I’d like to know, does Nexus S or any upcoming “NFC” type implementations include something like the ARM TrustZone to provide for true secure online authentication or do we need to wait for yet another generation of devices before we have true meaningful online security?

Related articles
  • Anonymous

    Nokia is the most driving company in the nfc-forum as the standardization organisation is behind the shortwave radio standard NFC for making mobile phones for payment.Nokia,Google och Apple will make the nfc to a world standard for mobile phones for payment.In combination med rfid-tags on goods it will be possible to make shops and larger warehouses not so needed of people who is working there.

  • Anonymous

    yes my friend .. this is great.. they really forget this.. because it’s harder to implement .. 2 OS ..i know that the second OS for the NFC payment must be something like RealTimeOS or something QNX makes..with is hard to implement due to various components used .. for example the SuperAmoled on Nexus S .. so.. they just said ..NO .. why bother investing time&money.. their loss .
    i was always asking myself when looking at pdf files of ARM chips what the TrustZone mean..or what is it good for..now we know .
    btw remember my post on MSM7227 .. it’s not 45nm (insert sad face here) but it’s 65nm , this is from their pdf : http://avs234.net/docs/cpu/qualcomm/80-VM299-21_MSM7227_CHIPSET_TRAINING_INTRODUCTIONS_AND_CHIPSET_OVERVIEW.pdf
    PS : don’t know why engadget won’t ask this ( your ) question .. because NFC payment is indeed the future!
    PS2 : you are really funny in this clip.. (because you don’t understand the tech fully )

  • Thomas Woolford

    NFC is not great for this sort of thing. You would have to sit your phone on top of the device you want to auth. It seems what you are looking for is something more akin to openID+2Factor. (which used to post this reply)

  • Thomas Woolford

    NFC is not great for this sort of thing. You would have to sit your phone on top of the device you want to auth. It seems what you are looking for is something more akin to openID+2Factor. (which used to post this reply)

  • http://ARMdevices.net/ Charbax

    Yes that openID is similar to that idea of not having to use passwords on any site anymore. I wouldn’t mind Google taking care of holding all my passwords and not having to ask every website to integrate with open id, just the web browser taking care of that, but cloud based, and authenticated securely with a TrustZone powered pin code.

    Where I see TrustZone be useful in NFC is so that the screen where you type in the pin code, to authenticate any payment above a certain threshold for example if you want to transfer $5000 to some person through a simple NFC tap, all that you then need to do is authenticate with your pin code on your phone and instantly the money is transfered. Or for buying anything, you’d want that extra level of hardware based security as just waving unprotected phones in front of NFC readers is not enough, what if someone steals your phone.

    As far as I understand Google Wallet uses a hardware based security chip by NXP which may take care of this but perhaps ARM TrustZone is better, with a secure separate OS popping up for any secure authentication, also which I imagine could popup on your phone automatically every time you want to login to any website using your Laptops web browser.