1

Copyright © 2017 Samsung. All Rights Reserved.

Understanding

the Tizen TV / Signage

Security Platform Jongoh Hur

Principal Engineer

Samsung Electronics

Timothy Rule

Microsoft

2

• The Importance of Security in Smart Devices

• Tizen TV / Signage Security Platform

• Creating Innovative Services

• Collaborating with Samsung

Overview

3

The Importance of Security in Smart Devices

4

• Secure Development

• Penetration Testing

• Bug Bounty

Samsung strengthened SW Security

5

• image

- Zero-Day Attack 0-Days of attack should be minimized

Time

Risk

Time

Vulnerability Introduced

Exploit Code Released

Patch Released

Zero-Days

6

All smart devices are connected on IoT

7

Security Solution can prevent attacks

Security Solution in Tizen Platform Old Platform

Service

Platform

System Media Player

3-Layers Security Solution

Application

Platform

Hardware

8

The Security Solution got evolved

Tizen Security Platform

2017

9

The Importance of Security on IoT

Tizen Security Platform For TV and Signage

10

Goals

• Provide 3-Layers Security Solution

• Support Secure APIs for Secure Services

11

3-Layers Security Solution

Application

System on Chip

Secure Boot Secure OS

Trusted Boot

Real-Time Kernel

Monitor Access Control

Secure Zone

Anti-Phishing Anti-Malware

Secure Keyboard

Secure

Channel

Secure

Number Pad

Platform

Hardware

3 Layers Security Functions

12

The world first security solution for TV

• Common Criteria

– Global Security Standard Certification(ISO/IEC15408)

• TV Security Solution Certified by Common Criteria

– 2015(Tizen2.3), 2016(Tizen2.4) were certified

– 2017(Tizen3.0) is progressing

13

Tizen Security platform provides Secure APIs

Secure Zone

DM* Secure

IME Payment

Secure

Storage RDP*

Tizen TV / Signage Security Solution

DRM

Hardware Security

Application Security

Platform Security

Smart Signage

* Remote Desktop Protocol

* Device Management

Security Functions

For Services

Secure API

14

The Importance of Security on IoT

Creating Innovative Services

15

5.0

Secure Zone

Payment Service Workplace Service

DM* Secure

IME Payment

Secure

Storage RDP*

Secure API Secure API

Payment

Contents Service

Tizen Security Solution

DRM

What Services you can create?

Security Functions

For Services

* Remote Desktop Protocol

* Device Management

16

5.0

Secure Zone

Payment Service Workplace Service

DM* Secure

IME Payment

Secure

Storage RDP*

Secure API Secure API

Tizen Security Solution

DRM

What Services you can create?

Payment

Contents Service

Security Functions

For Services

* Remote Desktop Protocol

* Device Management

17

Create Premium Contents Services

Digital Right Management

18

PlayReady DRM( timrule@Microsoft.com )

REACH

• Deployed on 4.6 billion devices

• Supported by all major encoders

• Rich ecosystem of partners

CAPABILITIES

• Rich set of features for live and VOD

• Supports and drives Standards

• Highly portable source code

LEADERSHIP

• Widely accepted by major studios

• Hundreds of premium services deployed

TRUSTWORTHY

• Comprehensive breach response

• Analytical data controlled by the service not the DRM

19

PlayReady DRM Basics

License Request

License Response

Device Public Key

Device Public Key

Client Private Key

Client Public Key

Content Request

20

PlayReady on Tizen

Broadly accessible across Samsung Tizen TV

INTEGRATION • PlayReady in Tizen is secured in the

hardware to support high value content

• Web & Native applications can both leverage PlayReady DRM from a high level API

• The app authenticates the user, PlayReady authenticates the device and secures the playback

Video App

PlayReady Secure Service Secure Service

Tizen OS

Tizen TV Security Platform

21

Getting Started

github.com/SamsungDForum/PlayerAVPlayDRM

test.playready.microsoft.com

playready@microsoft.com

EXPLORE

TEST

DEPLOY

• Support DRM content thru AVPlayer

• Mpeg-Dash, Smooth, & HLS

• Reactive & Proactive license acquisition

• webapis.avplay.setDrm

• Override license URL

• CustomData Support

• Full coverage of license policies

• Output protections

• Time base policies

• Adaptive Streaming test vectors

• Keyseed to package test content

22

5.0

Secure Zone

Workplace Service

SDM* Secure

IME Payment

Secure

Storage RDP*

Secure API Secure API

Tizen Security Solution

DRM

What Services you can create?

Payment

Contents Service Payment Service

Security Functions

For Services

* Remote Desktop Protocol

* Device Management

23

Create Secure Payment Services

NFC Printer Card Reader

Tizen Solutions

→ Lower TCO & Global Supply

Self Ordering Kiosk

- More and more people prefer self-ordering instead of

standing in line and encountering with strangers.

- Tizen can replace traditional kiosk(PC+Display) for Self

Ordering Kiosk by partnership with kiosk solution partners.

Self Check-In Kiosk

- Tizen can replace traditional Self Check-In Kiosk like

airplane ticketing

- Use ATM screens for cross-selling and upselling financial

products, or even for displaying advertising messages.

24

Self Ordering Kiosk for Offline Store

25

Self Check-In Kiosk for airplane ticketing

26

How does it work?

*

Payment Approval

Consumer

1 Purchase

Secure Zone

Secure IME Secure Payment Secure Storage

VAN/PG

2 Read Card Info 4 Print Receipt

3 Payment Request

Security Functions

For Services

Secure API

CCID compatible* CUPS compatible*

* Chip Card Interface Device

* Common Unix Printing System

27

5.0

Secure Zone

SDM* Secure

IME Payment

Secure

Storage RDP*

Secure API Secure API

Tizen Security Solution

DRM

What Services you can create?

Payment

Contents Service Payment Service Workplace Service

Security Functions

For Services

* Remote Desktop Protocol

* Device Management

28

Create Secure Workplace Services

Secure, Monitor & Control

Policy Server Dashboard

Device Management

Meeting Room Solution

With PC-Less

Group-working Solution with

PC-Less

29

Remote Desktop Solution

30

How does it work?

Presentation

Secure, Monitor

& Control DM Policy

Server

[ Meeting Room ]

Secure

Support Remote Access from TV and Signage to your PC

without connecting an external PC to TV and Signage

(only need to keyboard or mouse to control your PC remotely)

[ Office ]

< Kate’s PC >

< Sam’s PC>

< Jo’s Server >

31

• B2B Partner Candidate : 2nd quarter.

• PoC with Partner : 3rd quarter.

• Open Tizen Security Platform API : 4th quarter.

Plan

32

The Importance of Security on IoT

Collaborating with Samsung

33

B2B Collaboration

Partner Registration (NDA)

Develop Using Partner API(SDK)

Partner App Launching Process

34

Partner App Launching Process

- Samsung supports the security reviews and guides for B2B Partners’ Business

- B2B Wep Apps, need to use Partner APIs, should be verified and signed in security.

B2B Partner

SDK Download

Dev Guide

App Development

Samsung

Security Group

App Submit (API?)

Manual Verification

Automate Analysis

No security Issue?

No

Yes

Singed B2B web app

. Used Partner API

. Vulnerability

. Malicious Factor

App Submit (/w Testing

Guide)

SDF

Doc Submit A

(System and Data Flow)

Legal Review

B2B Team

Security Review

B2B Partner App Signing

PM Developer

Security Guide

Security Measure

Test and Release

Doc Submit B

(Legal Agreement)

Version Up

35

• Samsung

– jo.hur@samsung.com

• Microsoft

– playready@microsoft.com

Contact Information

36

• The Importance of Security in Smart Devices

• Tizen TV / Signage Security Platform

• Creating Innovative Services

• Collaborating with Samsung

Review

37

Let’s go together

38

Copyright © 2017 Samsung. All Rights Reserved.

Understanding

the Tizen TV / Signage

Security Platform Jongoh Hur

Principal Engineer

Samsung Electronics

Timothy Rule

Microsoft