Samsung Electronics, known for its advancements in various turnkey technologies, has now introduced a standalone security solution comprised of a Secure Element (SE) chip (S3FV9RR) that is managed by enhanced security software. This security chip from Samsung offers a secure gateway to perform tasks such as booting, isolated storage, mobile payments, and other applications. Samsung first introduced a SE-chip (S3K250AF) in its S20 device, which had a Common Criteria Evaluation Assurance Level (CC EAL) of 5+. However, with the SE-chip (S3FV9RR), Samsung has taken its own security standards a notch higher as it has achieved a CC EAL certification of 6+, the highest level acquired by a mobile component.
With the new standalone security element solution (S3FV9RR), Samsung is now enabling smart devices to safeguard user’s private information.
Samsung’s Data Security Chip – A Game Changer
The EAL ranking is given by Common Criteria, an organization that certifies the security level of IT products from EAL0 to EAL7, with seven being the most secure. Thus, the CC EAL certification of 6+ is deemed as a game-changer because it is utilized in applications that demand the most stringent security requirements in the market such as high-end smartphones, e-passports, and hardware wallets for cryptocurrency.
This new data security chip also supports the following:
- The hardware-based root of trust (RoT)
- Secure boot, and
- Secure device authentication
While running applications on a mobile device, a boot loader initiates a chain of trust, i.e. all the firmware with approved keys is validated sequentially. This boot process is carried out by the RoT, which guards the device against any possible malicious threats and unauthorized software updates.
Dongho Shin, Senior Vice President of System LSI marketing at Samsung Electronics, said, “In this era of mobility and contact-less interactions, we expect our connected devices, such as smartphones or tablets, to be highly secure so as to protect personal data and enable fintech activities such as mobile banking, stock trading, and cryptocurrency transactions. With the new standalone security element solution (S3FV9RR), Samsung is enabling smart devices to safeguard private information.”
This is not the first attempt of hardware-based security and security chips were introduced earlier.
Google’s Titan M Security Chip
Google’s Titan M is an enterprise-grade security chip custom-built for Google’s smartphone brand, Pixel. This chip secures the most sensitive on-device data and operating system. Titan M helps the bootloader (the program that validates and loads Android when the phone turns on) — make sure that the latest Android version is loaded. It stores the last known safe Android version and restricts attackers from moving to an older and potentially vulnerable Android version on the device. Titan M also prevents attackers’ attempts to unlock the bootloader.
The other salient features of Titan M are:
- Lock screen and On-Device Disk Encryption protection
- Secure Third-Party App Transactions
- Insider Attack Resistance
In 2019, Google announced a $1.5 Mn bug bounty reward for cracking Pixel’s Titan M secure element chip. The reward amount though is at the discretion of the rewards committee and depends on several factors.
Trusted Platform Module
In 2009, a computer industry consortium called Trusted Computing Group created a specification for Trusted Platform Module (TPM). TPM, also known as ISO/IEC 11889, is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. A TPM chip has a unique RSA key burned in and a computer program can use a TPM to authenticate hardware devices. In this way hardware-level security complements software-based security, further strengthening the security of the system.
Any application can use a TPM chip for:
- Digital rights management
- Protection and enforcement of software licenses
- Prevention of cheating in online games