Did Nexus S and iPhone5 NFC implementations forget about TrustZone?

Posted by – January 31, 2011
Category: Opinions, Google

The idea as suggested in this computerworld column, is that the next generation smart phones are to replace all passwords, credit cards, car keys and other identification and authentication functions.

The potential problem I see with Nexus S and the rumored iPhone5’s NFC implementation would be if they leave out ARM’s TrustZone security system. If those NFC chips are nothing much more than some types of RFID tags for near field authentication, that wouldn’t be enough. We need devices with 100% secure modes that are built in the hardware and that are not improvised in software.

As you can see in the video below, as far as I understand it, TrustZone uses a hardware mechanism in the phone’s hardware to provide for 100% security in authentication, which could be used not only for secure payments, but for authentication with any kinds of online banking and any passwords for any type of website.

The idea is that you need to be able to put your phone in a 100% secure mode from which the authentication happens in some 100% secure way. The secure mode is a parallel OS mode on the phone, which cannot be hacked nor cannot display spoofed authentication screens.

Here’s a usage scenario. You click on any website with a login, be it gmail or any other website, instead of typing in your password on the screen, which could have keyloggers and trojan horses, a login prompt automatically displays on your phone with a light indicator elsewhere than on the screen of your phone lights up letting you know you are in 100% secure mode, the secure mode asks you to authenticate for a given authenticated domain login, you type in your 4-number pin code on your phone in the secure mode, that’s it, your phone authenticates your browser logon, no matter what site it is. Basically, your phone becomes as secure as those calculator types authentication systems that online banks use. Those are basically unhackable, because encryption can be so strong, it would take billions of years for all the computers in the world to find the key to powerful encryption. The only way for someone to access your online accounts would be for them to steal your phone and to know your pin code.

I’d like to know, does Nexus S or any upcoming “NFC” type implementations include something like the ARM TrustZone to provide for true secure online authentication or do we need to wait for yet another generation of devices before we have true meaningful online security?