Samsung Galaxy S3 may be the first smartphone with full ARM TrustZone support for enabling 100% security in everything online

Posted by Charbax – May 4, 2012

The newly announced Samsung Galaxy S3 may not only have an amazing new 32nm Quad-core ARM Cortex-A9 processor with a new accelerated higher frequency Quad-core Mali-400 GPU offering perhaps the fastest ARM SoC in the world at the moment. Samsung may also have done the right choice to fully enable and activate ARM TrustZone through the MobiCore integrated security platform directly onto the Exynos 4412 SoC. The Trusted Execution Environment (TEE) is joint venture between ARM (40%), Gemalto (30%) and Giesecke & Devrient (30%) which is currently in the process of getting approval from the European Commission for European Wide mass adoption as the default secure mobile authentication system.

While ARM TrustZone has been talked about for a while, it being supported in many ARM Processors, as far as I know it hasn't been activated on any of those processors yet, the full Trusted Execution Environment (TEE) ecosystem has not yet been implemented in a mass market phone. The idea is to provide a 100% secure system for mobile payment, enterprise productivity, mobile banking applications, online commerce and premium content services. I believe ARM TrustZone can even be used for a fast and easy 100% secure authentication on your phone every time you log-in to your Google Account, and I believe that you may even set it up to 100% securely authenticate you when you log-in to any Open ID or other username/password protected websites on the Internet, Facebook, Twitter and any others included.

Basically consider these usage scenarios:
1. E-commerce: You click to buy something online, no need to type in credit card infos. Your phone automatically turns on in safe mode (identifiable by secure LED light lighting up on the side of the phone), you type your 4 digit pin code, payment 100% secure activated, the web page automatically updates, no click needed, and says thanks for your payment.

2. NFC or Online Payments/Money transfers: Tap your phone with the person you want to give some money to, or click on payment link in email or elsewhere online. Your phone automatically turns on in safe mode (identifiable by secure LED light lighting up on the side of the phone), you type your 4 digit pin code, payment or money transfer 100% secure activated. Both receiver and sender automatically get confirmation payment or money transfer has happened instantly.

3. Securely log-in to your Google or other web account. Click to login. Instead of using Google's current 2-step verification (code being sent by SMS or Android app), a new easier, better and more secure 2-step verification system is established using ARM TrustZone TEE. As soon as you click to login, you don't even need to type your password in the web browser, your phone automatically turns on in safe mode (identifiable by secure LED light lighting up on the side of the phone), you type your 4 digit pin code, you are 100% securely logged into your Google account.

Etc. Same system for 100% securely logging on to corporate networks and applications. You can also setup different pin codes depending on the different class of applications. For example your important payment systems may have a different pin code than basic website logons.

The idea of the ARM TrustZone Trusted Execution Environment is that once that security LED light is turned on on your phone, you can be assured that what you see on the screen is the encrypted alternative OS environment to authenticate you and authorize actions that it then encrypts and sends back through the Android OS to the Internet. For example it displays "Paying $20 to X" as you enter your pin code and click OK or you click cancel if you don't agree. Again using encryption. Using systems of 128bit encryption, in theory this system should be 100% secure. As long as users always make sure to check that the security LED light is on on their phone when they enter their pin codes and click for authorizations.

If implemented correctly, ARM TrustZone will not only much improve security online, it will also make authentication and authorization processes easier and faster online. With the Galaxy S3 and the correct implementation of ETT support throughout the Internet, the Chrome browser, Android, you may never need to remember usernames and passwords for all websites again, you just use the same few PIN codes on your phone to do all your authentications, authorizations and every type of secure authenticated activities on the Internet.

I am very excited about the upcoming mass adoption of ARM TrustZone, because I believe we are going to see an explosion of awesomely advanced applications for secure authentication, online payments, mobile payments and the feeling for users is going to be that they are soon going to trust using their phones to replace their wallets, passports, credit cards, and that people are going to have a tool to be able to trust any and every website, as those will never be able to see your passwords as consumers will always be protected by the normal set of consumer protections and that online scams, online security breaches will be a thing of the past. ARM TrustZone Trusted Execution Environment means the end of paper money, it means the end of ticketing, it means the end of credit cards, it means the end of membership cards, it means the end of usernames and passwords online.

Here is the press release:

G&D announces MobiCore® integrated security platform to support Samsung GALAXY S III in Europe

Munich, May 4, 2012 – Giesecke & Devrient (G&D) today announced that its MobiCore security platform will be integrated in Samsung GALAXY S III smartphones distributed in Europe. Thanks to MobiCore, the NFC-capable smartphone from Samsung will be the first mobile device to boast a protected area on its application processor in which security-sensitive applications can be securely run and downloaded dynamically. The MobiCore platform will provide a secure execution environment for mobile payments authentication, emails or corporate VPN access.

The first application installed in the Mobicore-protected area on the Samsung GALAXY S III is a digital rights management (DRM) application which provides digital content with effective protection against misuse. In addition, G&D’s Trusted Service Management (TSM) solution will enable organizations such as network operators and banks to install and customize additional security-critical apps in the protected area of the smartphone. Samsung GALAXY S III, with integrated MobiCore security platform, will be made commercially available first in Europe and will then be rolled out globally.

  • derekmorr

    Nothing is 100% secure.

  • World financial systems, net banking, the United Nations, the White House, etc all those are pretty secure. I think the lack of security happens only when their are security gaps in the overall system. If you can build a system where full 128bit or higher encryption is used at every important node, then I’d guess the system is pretty close to 100% secure. Can you identify the security risks of this system?

  • derekmorr

    Encryption is not the same as security.

  • My understanding is that it takes billions of years for all the computers in the world to break a 128bit encryption. Millions of billions of trillions of years for all the computers on our planet and all the other habitable planets in our universe and in the multi-verses to break a 256bit encryption.

    The only security risks that I can imagine are:

    1. Hackers install a mod-chip in your phone to modify the behavior of your security LED light. Very unlikely.

    2. Hackers kidnap you and force you to authorize a transfer. But even then, the transfer is digital and can be reversed by the authorities so actually not even a workable scenario anymore.

  • Guest

    Nope, derekmorr is right here. Nothing is 100% secure. “Security features” do not necessarily provide security. In a complex system like this, there are plenty of potentially vulnerable components.

  • Goophoney5

    Goophone y5Goophone y5 is coming now.Choose a cheap goophone y5 is a hard work.You should choose a best goophone mtk6575.The best mtk6575 iphone is here!

    goophone mtk6575

    buy goophone y5

    cheap goophone y5

    best mtk6575 iphone