Security: the bowels of the Google Pixel 6 look like a fortress

Google has lifted the veil a little more on the physical security of its Pixel 6 smartphones. The key word here is multi-layered security. The IT giant is increasingly compartmentalizing the execution of tasks, so that its phone now has four zones of enhanced protection: Private Compute Core, Secure TrustZone, Tensor Security Core and Titan M2. So who does what exactly?

Private Compute Core is new in Android 12. It’s a sandbox open source which is separate from the rest of the operating system. Its purpose is to process sensitive data without it being shared with other applications or with the cloud. Private Compute Core is used to generate the subtitles of an audio speech stream in real time (Live Caption), to recognize pieces of music in real time (Now Playing) or to offer replicas in messaging discussions (Smart Reply).

Secure TrustZone is probably the best-known item, as it derives from the specifications of the Arm chips. It offers a higher level of security than Private Compute Core, because it is an execution space outside of Android 12, while using the same underlying hardware resources (CPU, GPU, etc.). In the case of the Pixel 6, it relies on Trusty OS, an operating system open source created by Google.

With the Tensor Security Core, we go a step further. This execution space also runs on Trusty OS, but has dedicated hardware resources within the Tensor chip: CPU, ROM, programmable ROM, cryptographic engine, internal SRAM, protected DRAM. “The main use cases are the protection of the identifying data (user data keys) during the execution of the tasks, the shielding of the secure boot and the interfacing with Titan M2”, specifies a blog post from Google.

Finally, with Titan M2, we access the holy of holies. With a RISC-V architecture, this chip is physically separate from the Tensor chip, but connected to the latter by an SPI bus. Titan M2 will take care of the most sensitive processing: storage of master keys, generation of secondary cryptographic keys, storage of PIN codes and passwords, generation of random numbers, execution of encryption algorithms (RSA, AES, ECDSA …), Etc.

Titan M2 is a secure element that is particularly resistant to the most advanced hardware attacks, such as electromagnetic analysis, variations in electrical voltage (“voltage glitching”) or laser beams. Indeed, Google has subjected its chip to an AVA_VAN.5 type vulnerability analysis, where the penetration tests are the most extensive on the market.

With the Pixel 6, Google has created a veritable digital fortress that it already considers – why be humble? – like “A new standard in mobile security”. Apple engineers, who are finding it increasingly difficult to master iPhone security, should take the seed.

Source: Google