Security/Tizen 2.X Secure-storage

From Tizen Wiki
Jump to: navigation, search

Introduction

  • Secure storage is a kind of technology to store data securely, implemented by using cryptographic techniques.
  • Secure storage allows platform modules or preloaded applications to securely store data. This stores the confidential data securely as the encrypted form. All given data are encrypted with the internal key. This key can be replaced with a hardware-fused key inside the secure world(like trustzone) in a Tizen product.
  • Web applications are encrypted to protect their source codes using secure storage.

Architecture & Basic Flow

Secure-storage-overview.png

  • The following explains the basic flows
  • Native applications or internal modules call secure-storage client APIs to encrypt a data.
  • Secure-storage client requests secure-storage server with IPC.
  • Secure-storage server verifies a caller identity with smack label of secure-storage client.
  • Secure-storage server encrypt data and stores a encrypted data into secure storage which can be accessed when a process has root privilege.

Downloaded Web Application Encryption

  • Downloaded web application can be stored in the encrypted form using secure storage. Secure storage stores only the key used in encrypting the application.

Secure-storage-appencryption.png

  1. Secure-storage agent gets a secret key from secure-storage.(Secure-storage agent generates a secret key.)
  2. Secret key is stored in secure storage.
  3. Wrt installer requests web application encryption.
  4. Secure-storage agent which is client side requests a secret key to encrypt web application.
  5. Wrt launcher requests decryption to secure-storage agent.
  6. Secure-storage agent which is client side requests a secret key to decrypt web application.