Various electronic devices, e.g. mobile telecommunication terminals, portable computers and PDAs, require access to security related components such as application programs, cryptographic keys, cryptographic key data material, intermediate cryptographic calculation results, passwords, authentication means for externally downloaded data etc. Typically, it is necessary that these components, and the processing of them, is kept secret within the electronic device. Ideally, they shall be known by as few people as possible since a device possibly can be tampered with if its security related components are known. Access to these types of components might aid an attacker which has a malicious intent to manipulate a terminal.
Therefore, a secure execution environment is introduced in which environment a processor within the electronic device is able to access the security related components. Access to the secure execution environment, processing in it and exit from it should be carefully restricted. Prior art hardware comprising this secure environment is often enclosed within a tamper resistant packaging. It should not be possible to probe or perform measurements and tests on this type of hardware which could result in the revealing of security related components and the processing of them.
In order to protect data in the device, data residing in permanent, i.e. non-volatile, memories should be encrypted. Data protection is highly desired, since a malicious person may try to access sensitive data in the device in case this person attains access to the device, e.g. by stealing it. Another scenario where attempts may be made to access sensitive data is when a Digital Rights Management (DRM) system is included in the device. This DRM system stores copyright protected contents and associated digital rights that determine what type of access a user has to the contents. The DRM system is thus used to protect the contents from being accessed by an unauthorized user, misused and/or wrongly distributed. Since the contents and the rights have an economic value, the user may try to access the contents by bypassing DRM control functions. Encryption of the data residing in permanent memory should be secure, efficient and low-cost. As mentioned hereinabove, in current device architectures, it is possible to handle security related components securely in the secure execution environment. However, this may be problematic and results in quite an amount of overhead in terms of transfers of data and control signals, as secure entries to—and exits from—the secure execution environment must be undertaken when performing encryption operations.
On the other hand, encryption can be made highly efficient by using prior art hardware accelerators outside the secure environment. However, another problem arises in that it may then be possible for eavesdroppers to get ahold of security components, such as encryption/decryption keys, from the accelerators, since the components consequently are in the clear. This may be solved by introducing security measures in the device, but will most likely require additional hardware and software and thus create unacceptable escalations of device costs.