Google Pixel 3 Improves Data Protection with Security Chip
19.10.2018 securityweek
Safety

Google has packed the recently launched Pixel 3 and Pixel 3 XL devices with Titan M, a hardened security microcontroller that can better protect information at hardware level.

Designed and manufactured by Google, Titan M is a second-generation, low-power security module meant to help with the Android Verified Boot, storing secrets, providing backing for the Android Strongbox Keymaster module, and enforcing factory-reset policies.

Courtesy of Insider Attack Resistance, the chip also ensures that no one, not even Google, can unlock a phone or install firmware updates without the owner's cooperation, the Internet search company reveals.

The purpose of including Titan M in Pixel 3 devices was to reduce attack surface. It is a separate chip, which mitigates against entire classes of hardware-level exploits such as Rowhammer, Spectre, and Meltdown, Google claims.

Titan M's processor, caches, memory, and persistent storage are isolated from the rest of the phone’s system, meaning that such side channel attacks are nearly impossible. Furthermore, the chip includes additional defenses that, alongside its physical isolation, protect against external attacks.

“But Titan M is not just a hardened security microcontroller, but rather a full-lifecycle approach to security with Pixel devices in mind. Titan M's security takes into consideration all the features visible to Android down to the lowest level physical and electrical circuit design and extends beyond each physical device to our supply chain and manufacturing processes,” Google says.

The chip, however, also includes features optimized for the mobile experience, such as low power usage, low-latency, hardware crypto acceleration, tamper detection, and secure, timely firmware updates.

Google says it also created a custom provisioning process for transparency and control at every step of the design process, starting from the earliest silicon stages.

“We know what's inside, how it got there, how it works, and who can make changes,” the company says.

Google also plans on making the Titan M firmware source code publicly available soon. The Internet giant holds the root keys necessary to sign Titan M firmware, but vendors will be able to reproduce binary builds based on the public source.

Titan M features an ARM Cortex-M3 microprocessor hardened against side-channel attacks, as well as hardware accelerators, including AES, SHA, and a programmable big number coprocessor for public key algorithms.

The implementation of Titan M, the company says, is also focused on ensuring that new features, capabilities, and performance that are not readily available in off-the-shelf components can be delivered to users.

“These changes allow higher assurance use cases like two-factor authentication, medical device control, P2P payments, and others that we will help develop down the road,” Google explains.