KR20160067547A - Improved mobile trusted module-based session and key management method - Google Patents

Abstract

Disclosed are an improved mobile trusted module (MTM) and an operating method thereof, for managing a session and a key. An improved MTM-based session and key management method according to an embodiment of the present invention comprises the steps of: determining session open acceptance when a session open request is received from the outside; generating a session entry including session nonce for a corresponding session when the session open is accepted, registering the same in a session table, and storing a generated session key in a key table; decoding an MTM command by using the session key when the MTM command is received from the outside; and executing the MTM command as session nonce included in the decoded MTM command is matched to the registered session nonce.

Description

[0001] IMPROVED MOBILE TRUSTED MODULE-BASED SESSION AND KEY MANAGEMENT METHOD [0002]

The present invention relates to a Mobile Trusted Module (MTM), and more particularly to an improved MTM session and key management technique.

Mobile Trusted Module (MTM) is a mobile information security technology that is installed in a mobile device such as a smart phone to completely block hacking, etc. It is a mobile security module that is used for authentication of users, platform authentication, device authentication, Is a Trusted Computing Group (TCG) standard mobile security hardware technology.

The mobile terminal is always exposed to security threats such as loss or theft of the terminal due to carelessness of the user, leakage of privacy data of the terminal, insertion of malicious code, and the like. In general, software can be easily manipulated and hacked compared to hardware, so efforts are being made to enhance security using MTM technology, which provides physical security. Accordingly, the mobile terminal uses the MTM to securely protect important data, keys, and certificate information from external attacks and verify the integrity of the mobile terminal platform to detect and block the execution of the malicious code. .

MTM basically provides a tamper-resistant function to counter physical attacks. In addition, the MTM provides the Root of Trust function, including the Root of Trust for Storage (RTS) for secure data storage, the Root of Trust for Measurement (RTM) that records the state of the system in the MTM, Provides a Root of Trust for Reporting (RTR) function that proves in a reliable manner.

Although the MTM specification contains a lot of content, the functions provided can be summarized in the following three points. It provides the Protected Storage function that guarantees the integrity of the mobile platform through the Chain of Trust measurement, stores the data and key in the MTM, and provides platform assurance between platforms with MTM through Remote Attestation. Providing a more secure and reliable computing environment.

Basically, the MTM is defined by assuming a low-performance, low-cost H / W security chip, and session management and key management mechanisms through access control are defined very inefficiently. FIG. 1 shows the Protected Storage structure of the MTM.

The MTM stores important data and keys in the MTM without spilling it outward. If there is not enough space to store in the MTM, it provides the Protected Storage function that encrypts it using SRK (Storage Root Key) and stores important data or key outside MTM.

As shown in FIG. 1, the mode key has a hierarchical structure that is encrypted and stored by a parent key. The key is generated in the MTM, encrypted with the parent key, and stored outside the MTM. Accordingly, in order to use the key, the corresponding key and the parent key must be loaded into the key slot in the MTM and decoded. At this time, the MTM checks the consistency of the Auth data.

In this case, if the storage depth of the desired key is deep, all the keys in the middle must be sequentially loaded and decoded, which causes considerable cost. Due to the complicated session and key management methods, it is difficult to apply the actual implementation to the MTM of the mobile terminal.

Also, since there is a limitation on the capacity of the key slot in the MTM, if the slot is full, a key management mechanism such as exporting the key to the outside and appropriately reloading it when necessary is needed. In other words, key loading process is required for key decryption of Leaf Node due to the hierarchical structure of keys stored outside the MTM. Also, it is necessary to manage key slots having a limited capacity. do.

On the other hand, for session connection, only authenticated session should be allowed to connect. MTM performs session authentication using Authorization Protocol. For example, in the MTM, only the sessions that have passed the authentication process are connected through the object-based complex authentication protocol such as Object Independent Authorization Protocol (OIAP) and Object Specific Authorization Protocol (OSAP). Therefore, existing MTM consumes a considerable amount of cost due to the necessity of managing the context for the key loading and sequence of commands associated with the session.

In addition, the existing MTM must store and manage a context for a sequence of commands to perform an MTM command after a session is connected, and ensure that commands are transmitted and executed through an authenticated session.

It is an object of the present invention to provide a more simple and effective session and key management technique by improving the complicated and ineffective session and key management techniques defined in the existing MTM specification. Another object of the present invention is to contribute to the activation of MTM's mobile terminal application by reducing cost by providing an efficient and lightweight access control, session management and key management technique in implementing MTM technology.

According to an aspect of the present invention, there is provided an improved MTM session and key management method comprising: determining whether to accept a session connection when a Session Open request is received from an external source; Generating a session key including a Session Nonce for the session, registering the session entry in the session table, generating a session key and storing the session key in a key table, receiving the MTM command from the outside, Decrypting the MTM command by using the decrypted MTM command, and executing the MTM command according to whether the session nonce included in the decrypted MTM command matches the registered session nonce .

According to the embodiment of the present invention, since all generated keys are stored in the MTM, it is possible to protect against attacks generated when an encrypted key is stored outside the existing MTM. That is, when the key is stored in the external hard disk, there is a risk that the corresponding key is deleted by hacking. According to the embodiment of the present invention, there is less risk of exposure to such a hacking attack due to the key hiding effect. Also, according to the embodiment of the present invention, it is possible to effectively protect the replay attack and the man-in-the-middle attack by enhancing the security through the session key and the session nonce which are dynamically allocated each time a session connection is established.

According to the embodiment of the present invention, the simplified key management technique can reduce the key loading cost of the existing MTM, the key slot management cost that is additionally generated due to the limited capacity, and the complex context management cost. In addition, according to the embodiment of the present invention, it is possible to efficiently manage multiple sessions by application-based session and key management techniques.

This improved MTM-based session and key management technique can be implemented easily, and the MTM execution engine can be lightened by reducing computation and cost with a simplified structure. Thus, it is possible to solve the present problem in which MTM application in a mobile terminal is practically difficult.

1 is a diagram illustrating a Protected Storage structure of a conventional MTM.
FIG. 2 is a basic structure diagram of an improved MTM for session and key management according to an embodiment of the present invention; FIG.
3 is a diagram illustrating a field structure of a Session Table Entry and a Key Table Entry according to an embodiment of the present invention.
4 is an operational flowchart of an improved MTM for session and key management according to an embodiment of the present invention.
5 is a flowchart illustrating an operation of the MTM when a session is opened according to an embodiment of the present invention.
FIG. 6 is a flowchart illustrating an MTM operation of transmitting and executing an MTM command through data communication after establishing a session connection according to an embodiment of the present invention; FIG.
7 is a flowchart illustrating an operation of MTM when a session is closed after data communication is completed according to an embodiment of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The advantages and features of the present invention and the manner of achieving them will become apparent with reference to the embodiments described in detail below with reference to the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as being limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. And is provided to fully convey the scope of the invention to those skilled in the art, and the present invention is defined by the claims. It is to be understood that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. In the present specification, the singular form includes plural forms unless otherwise specified in the specification. It is noted that " comprises, " or "comprising," as used herein, means the presence or absence of one or more other components, steps, operations, and / Do not exclude the addition.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the drawings, like reference numerals refer to like elements throughout. In the drawings, like reference numerals are used to denote like elements, and in the description of the present invention, In the following description, a detailed description of the present invention will be omitted.

2 is a basic block diagram of an improved MTM for session and key management according to an embodiment of the present invention.

When a connection request command is received from the mobile trusted module (MTM) 100, the access control unit 110 determines whether to establish a session connection through an authentication process. Here, the authentication process compares the AuthData stored in the non-volatile memory with the AuthData received from the outside together with the connection request command, and determines whether to accept the session connection according to the match.

When the access control unit 110 accepts the session connection, the session management unit 120 creates an entry for the session in the session table 121. [ At this time, the session table 121 is for storing and managing session entries dynamically generated and deleted, and is stored in a volatile memory.

When the session connection is accepted by the access control unit 110, the key management unit 130 generates a session key and stores the session key in a key table 131. In this case, although the session key used for encryption / decryption of the session is dynamically generated and destroyed with the session, the key table 131 is generally stored in a nonvolatile memory having a capacity larger than that of the volatile memory in consideration of the key size .

Here, the Entry (Session Table Entry) 310 of the Session Table and the Entry (Key Table Entry) 320 of the Key Table have a field structure as illustrated in FIG. Since session and key management are performed based on the application, App ID fields 311 and 321, which are application distinguishers, are commonly included in the session table entry 310 and the key table entry 320.

The Session Table Entry 310 includes a Session Handle field 312 for distinguishing each session and a Session Nonce field 313 for randomly allocating the session in the MTM 100 when the authentication process is performed. At this time, the Session Nonce field 313 is effective for Replay attack or Man-in-the-middle attack defense.

The key table entry 320 includes a session key field 322 for a connected session and various other key fields 323 to 326 used in other applications. For example, the Key Table Entry 320 includes a Storage Key field 323 for securely storing data and other keys, a Signing Key field 324, which is an asymmetric key used for signing, A Binding Key field 325 used for encrypting / decrypting a small amount of data such as a symmetric key generated and transmitted by the MTM 100, and other Key (Other Key) field 326. Here, unlike the other static Key fields 323 to 326, the Session Key field 322 is dynamically generated and stored or deleted according to the creation and destruction of the session

The session and the key generated by the MTM 100 according to the embodiment of the present invention are generated and managed in a 1: 1 mapping to an application executed in the mobile terminal. The MTM 100 can process a session connection request of a plurality of mobile terminal applications and can support multiple sessions by the memory capacity.

The MTM 100 according to the embodiment of the present invention has the biggest difference from the existing MTM specification. The MTM 100 according to the exemplary embodiment of the present invention does not use an Authorization Protocol that is complicated and requires context management such as OIAP (Object Independent Authorization Protocol) or OSAP (Object Specific Authorization Protocol) And stores all generated keys in the MTM 100, which is different from the existing MTM specification.

Also, according to the embodiment of the present invention, there is no need to perform a lot of key loading processes to decrypt a key stored in a leaf node having a large depth, and there is no need to separately manage a key slot. That is, according to the embodiment of the present invention, security of the same strength as that of the existing MTM can be provided by a simplified session and key management technique.

Hereinafter, the session and key management method of the MTM 100 according to the embodiment of the present invention will be described in detail with reference to the flowcharts of FIGS.

4 is a flowchart illustrating an operation of the MTM for session and key management according to an embodiment of the present invention.

First, the MTM 100 compares and authenticates AuthData when establishing a session connection (Session Open), and creates a session (S410).

For example, when a SessionOpen request is received from an external (Trusted Software Stack Core Service, TCS), the MTM 100 compares and authenticates the AuthData and creates a session Creation. At this time, when receiving a session connection request from the outside, the MTM 100 receives information including AppID, Handle, and AuthData together.

This will be described in detail with reference to FIG. 5 shows the operation flow of the MTM 100 at the time of Session Open.

When a session open request is received from the external TCS of the MTM 100 in operation S501, the access control unit 110 of the MTM 100 transmits the AuthData transmitted from the external and the MTM 100 AuthData is compared (S502). At this time, the AuthData transmitted at the time of Session Open is encrypted with the SRK, and the encrypted AuthData is decrypted and compared in the MTM 100.

If the comparison result of the AuthData is different (S503-N), the MTM 100 generates an error code and transmits the response message to the outside (S504).

If the comparison result of the AuthData matches (S503-Y), the MTM 100 generates a session key for proceeding with the session connection establishment process and registers the generated session key in the key table (S505).

In addition, the MTM 100 generates a Session Nonce and registers it with the Session Handle in the Session Table (S506).

Since the session connection has been established successfully, the MTM 100 generates and transmits a Success Response message to the outside (S507).

After the above-described process (step S410) is performed, the MTM 100 receives an MTM command from the outside when data communication is performed, prevents a Replay attack through a session nonce, And decodes the MTM instruction and executes the MTM instruction (S420). Upon receiving an MTM command from the outside, the MTM 100 receives information including Handle, Session Nonce, and Payload together.

This will be described in detail with reference to Fig. FIG. 6 shows an operation flow of the MTM related to transmission and execution of MTM commands through data communication after setting up a session connection.

Upon receiving the MTM command (MTM_Command) from the external (TCS) (S601), the MTM (100) searches the Session Table (S602). If there is no session entry as a result of the session table search (S603-N), the MTM 100 generates a Response (Fail) message (Error Code) and transmits it to the outside (S604).

If there is a session entry as a result of the session table search (S603-Y), the MTM 100 reads the session key from the key table (S605), and decrypts the MTM command using the read session key S606).

The MTM 100 compares the Session Nonce of the decrypted MTM command with the Session Nonce value of the Session Table (S607). If the session nonce of the MTM instruction and the session nonce value of the session table are different from each other (S608-N), the MTM 100 generates a Response (Fail) message (Error Code) and transmits it to the outside (S609).

If the Session Nonce of the MTM command and the Session Nonce value of the Session Table are the same (S608-Y), the MTM 100 executes the corresponding MTM command (MTM Command Execution) (S610) and generates a Response And transmits the success result to the outside (S611).

When the data communication is completed by performing the above-described process (step S420), the MTM 100 closes the session and deletes the session (S430). At this time, the MTM 100 receives information including a Session Close request and a Handle, SessionNonce from the outside.

This will be described in detail with reference to Fig. FIG. 7 shows the operation flow of the MTM 100 when the session is closed after data communication is completed.

When a Session Close request is received from the external TCS (S701), the MTM 100 searches the Session Table (S702). If there is no session entry in the session table search result (S703-N), the MTM 100 generates a Response (Fail) message (Error Code) and transmits it to the outside (S704).

If a session entry exists as a result of the session table search (S703-Y), the MTM 100 reads the session key from the key table (S705), and decrypts the MTM command using the read session key ( S706).

The MTM 100 compares the Session Nonce of the decrypted MTM command with the Session Nonce value of the Session Table (S707). If the session nonce of the MTM instruction and the session nonce value of the session table are different from each other (S708-N), the MTM 100 generates and transmits a Response (Fail) message (S709).

If the session nonce of the MTM instruction is the same as the session nonce value of the session table (S708-Y), the corresponding session entry is deleted from the session table because the command executed by the MTM instruction is Session Close. The Session Key field is deleted (S710). Thereafter, the MTM 100 generates a Response (Success) message and transmits the success result to the outside (S710).

As described above, according to the embodiment of the present invention, since all generated keys are stored in the MTM, it is possible to protect against attacks occurring when an encrypted key is stored outside the existing MTM. That is, when the key is stored in the external hard disk, there is a risk that the corresponding key is deleted by hacking. According to the embodiment of the present invention, there is less risk of exposure to such a hacking attack due to the key hiding effect. Also, according to the embodiment of the present invention, it is possible to effectively protect the replay attack and the man-in-the-middle attack by enhancing the security through the session key and the session nonce which are dynamically allocated each time a session connection is established.

According to the embodiment of the present invention, the simplified key management technique can reduce the key loading cost of the existing MTM, the key slot management cost that is additionally generated due to the limited capacity, and the complex context management cost. In addition, according to the embodiment of the present invention, it is possible to efficiently manage multiple sessions by application-based session and key management techniques.

Improved MTM-based session and key management techniques can be implemented easily, and the MTM execution engine can be lightened by reducing computation and costs with a simplified structure. Thus, it is possible to solve the present problem in which MTM application in a mobile terminal is practically difficult.

While the present invention has been described in connection with what is presently considered to be practical exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, It is to be understood that the invention may be embodied in other specific forms. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. The scope of the present invention is defined by the appended claims rather than the detailed description, and all changes or modifications derived from the scope of the claims and their equivalents shall be construed as being included within the scope of the present invention.

100: MTM
110: access control unit
120: Session Management Department
130: Key management unit

Claims (1)

Determining whether to accept a session connection when receiving a Session Open request from the outside;
Creating a session entry including a session nonce for the session, registering the session entry in the session table, creating a session key, and storing the session key in a key table;
Decrypting the MTM command using the session key when an MTM (Mobile Trusted Module) command is received from the outside; And
Executing the MTM instruction according to whether the session nonce included in the decrypted MTM instruction matches the registered session nonce;
The method comprising the steps of:

Images