A set of Trusted Mobile Platform specifications defining security features for mobile devices has been released for public review by the authors and promoters from IBM, Intel, and NTT DoCoMo.
Trusted Mobile Platform (TMP) is described as a comprehensive end-to-end security architecture for mobile wireless platforms. The specification "can help make advanced mobile-commerce services such as electronic tickets and e-wallets for online purchases more secure and help protect against viruses and other software attacks."
The Trusted Mobile Platform has been published as a set of three separate specifications. The Protocol Specification Document defines a set of protocols that enable the Trusted Mobile Platform to communicate with other platforms more securely. The TMP Software Architecture Description "identifies security-related elements in the software stack that enable the underlying security hardware and would be common across all platforms based on the Hardware Architecture Description." The Hardware Architecture Description document "defines a set of essential hardware components required to build mobile platforms that support a rich set of services for enhancing the platform's trust."
The TMP specifications address a number of security and privacy concerns: "(1) How can data exchanged over the air be protected from eavesdropping? (2) How can the user be certain that information received from a service is authentic and has not been changed since it was created? (3) How is the device protected from malicious downloaded programs such as viruses?"
According to the announcement, components defined in the TMP specifications "function together to limit the potential damage from malicious applications and to enable a rich set of security services. Through tamper-resistant modules and by enabling domain separation, a trusted platform will be able to protect data from potential viruses spreading from one application to the next. In addition, the authorization and management protocols provide companies with higher levels of security for wireless delivery of new software to employees."
The TMP Protocol document does not define a new collection of mobile security protpcols per se, but "investigates available and emerging open standards by identifying specific areas that are currently missing to support trusted mobile devices. Trusted Mobile Platform builds on well established, strong security techniques and applies them to the hardware and software architectures to define a trusted execution environment that protects the device both at boot time and during runtime."
The 103-page Trusted Mobile Platform Protocol Specification Document "describes protocols that allow the security state of a device to be shared with other devices in the network, enabling device level trust to be extended into the larger network."
Section 4 defines the use of several security and trust profiles based upon the anticipation that Web services will be widely used as a preferred distributed computing framework within the next few years and that there is often no direct TCP/IP connection between the client and the server in mobile applications. The Web services profiles also meet demands beyond authentication, confidentiality, and integrity (e.g., non-repudiation, association of a message with authorization information, exchange of platform integrity claims, communication mechanisms when the patterns are not synchronous and peer-to-peer, or are multi-party).
Section 5 "Attestation and Supporting Infrastructure" defines a set of protocols that work among Trusted Mobile Devices, services, and trust entities based upon requirements outlined in the Trusted Computing Group industry specification. Included is a protocol for certificates exchange (Privacy CA protocol, Validation data protocol, Integrity reporting protocol, Remote Data Binding Protocol). "Since interoperability is essential for attestation-based trust infrastructure to be widely used in various network environments, the protocols are designed based on the Web Services Security specifications." WS-Security and WS-Trust are featured in this section.
Section 6 defines a Fair Contract Signing Protocol, providing for reliable and atomic transaction — considered a "more serious problem for mobile devices because wireless network connections are less reliable especially when the clients are moving. The TMP Fair Contract Signing Protocol which allows exchanging signatures in an atomic way makes use of an additional schema with Commitment and Contract element types in the protocol specification's http://schemas.trusted-mobile.org/protocol/2003/06/ofcs namespace.
Section 7 of the Protocol Specification Document describes Mobile Device Management, which "consists of varying features and functionalities to allow the user and or the service provider to install, update, or modify the software and configurations of a Trusted Mobile Device (TMD). It also discusses the process of the software download, key management and the associated protocols and practices."
Section 8 on "Access Control Architecture" specifies that SAML and XACML should be used to specify and express policies and authorizations; WS-Security should be used for managing and exchanging trust relationships. It is recommended that profiled versions of XML Signature, XML Encryption, Exclusive Canonicalization, WS-Security, WS-Trust, WS-SecureConversation, SAML, and XACML are supported by the Trusted Mobile Device. When the device has WS-Trust capability, the support for PKIX is optional; however, if the device has no WS-Trust, it must implement PKIX, including certificate request, certificate retrieval, and certificate revocation."
Bibliographic Information
Trusted Mobile Platform Protocol Specification Document. Authors: Selim Aissi (Intel); Hiroshi Maruyama (IBM); Fumiaki Miura (NTT DoCoMo); Taiga Nakamura (IBM); Daniel Saito (NTT DoCoMo); Atsushi Takeshita (NTT DoCoMo); Dave Wheeler (Intel); Sachiko Yoshihama (IBM). From NTT DoCoMo, IBM, and Intel Corporation. 04/05/2004. Protocol Specification Document. Revision 1.00. 130 pages. "Rev 1.00 is a stable revision of the Trusted Mobile Platform Protocol Specification that was agreed upon by Trusted Mobile Platform promoters." [source]
Trusted Mobile Platform Software Architecture Description From NTT DoCoMo, IBM, and Intel Corporation. June 23, 2004. Revision 1.00. 98 pages. [source]
Trusted Mobile Platform Hardware Architecture Description. From NTT DoCoMo, IBM, and Intel Corporation. June 23, 2004. Revision 1.00. 63 pages. [source]
TMP Specification Copyright Notice: (c) Copyright IBM Corporation, NTT DoCoMo, Inc. and Intel Corporation 2003, 2004. All rights reserved. THIS SPECIFICATION IS PROVIDED "AS IS". IBM CORPORATION, NTT DOCOMO, INC. AND INTEL CORPORATION (COLLECTIVELY, THE "COMPANIES") MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, TITLE AND ALL STATUTORY WARRANTIES REGARDING THIS SPECIFICATION. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, THE COMPANIES MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, THAT THE CONTENTS OF THIS SPECIFICATION ARE SUITABLE FOR ANY PURPOSE; NOR THAT THE IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. THE COMPANIES WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES INCURRED BY YOU ARISING OUT OF OR RELATING TO ANY USE OR DISTRIBUTION OF THIS SPECIFICATION. No other rights, including intellectual property rights, are granted by implication, estoppel or otherwise.
From the Announcement
NTT DoCoMo, Inc., Intel and IBM released a new security specification called "Trusted Mobile Platform." The specification can help make advanced mobile-commerce services such as electronic tickets and e-wallets for online purchases more secure and help protect against viruses and other software attacks.
Trusted Mobile Platform has defined a set of hardware and software components that can be constructed to build devices offering different levels of security. Trusted Mobile Platform builds on well established, strong security techniques and applies them to the hardware and software architectures to define a trusted execution environment that protects the device both at boot time and during runtime.
These components function together to limit the potential damage from malicious applications and to enable a rich set of security services. In addition, Trusted Mobile Platform has defined a protocol that allows the security state of a device to be shared with other devices in the network, enabling device level trust to be extended into the larger network.
"The Trusted Mobile Platform provides a new foundation for mobile devices," said Takanori Utano, executive vice president and chief technology officer of NTT DoCoMo, Inc. "The goal of our joint research was to provide an open and secure architecture, for future wireless data services."
"This collaboration directly enhances handheld architectures to provide the trusted capabilities vital for widespread adoption of mobile commerce and enterprise usage," said Sean Maloney, executive vice president and general manager of Intel's Communications Group.
"Mobile security is more than just protecting against new viruses, worms and attacks, it's about protecting critical business assets and information," said Alistair Rennie, vice president, Sales and Marketing, IBM Pervasive Computing. "IBM is working to bring security specifications, such as the Trusted Mobile Platform, to standards bodies, with the hope security will become more embedded across a broad range of business systems."
The Trusted Mobile Platform specification incorporates the latest security technologies and controls. Through tamper-resistant modules and by enabling domain separation, a trusted platform will be able to protect data from potential viruses spreading from one application to the next. In addition, the authorization and management protocols provide companies with higher levels of security for wireless delivery of new software to employees.
Each company has contributed unique and valuable skills to the collaboration. NTT DoCoMo brings the requirements for platform integrity and security based on its knowledge of wireless networks, Intel brings its knowledge of silicon designs and expertise in architecting wireless devices, and IBM is contributing its vast experience in business security and pervasive computing.
Principal references:
- Announcement 2004-10-27: "NTT DoCoMo, Intel and IBM Collaborate to Enhance Mobile Device Security. Companies Introduce 'Trusted Mobile Platform' Specification."
- Trusted Mobile Platform web site
- Trusted Mobile Platform Protocol Specification Document [cache]
- XML Schema for Fair Contract Signing Protocol. The Trusted Mobile Platform Protocol Specification Document Section 6 "defines the TMP Fair Contract Signing Protocol, which allows exchanging signatures in an atomic way. The protocol uses the idea of Optimistic Fair Contract Signing recently [1998] proposed by Asokan, Shoup, and Waidner..." See literature references.
- Trusted Mobile Platform Software Architecture Description [cache]
- Trusted Mobile Platform Hardware Architecture Description [cache]
- Press:
- "'Palladium' Echoes in New Handheld Security Specification." By Mark Hachman. In eWEEK (October 27, 2004).
- "IT Heavies Unveil Mobile Specification." By Michael Singer. From InternetNews.com(October 27, 2004).
- XML and Security - General reference list