University of Twente Student Theses


Reversing and Fuzzing the Google Titan M Chip

Melotti, D. (2021) Reversing and Fuzzing the Google Titan M Chip.

Full text not available from this repository.

Full Text Status:Access to this publication is restricted
Abstract:Google recently introduced a secure chip called Titan M in its Pixel smartphones, allowing the implementation of a Trusted Execution Environment (TEE) in Tamper Resistant Hardware. TEEs have been proven effective in reducing the attack surface exposed by smartphones, by protecting specific security-sensitive operations. However, studies have shown that TEE code and execution can also be targeted and exploited by attackers, therefore studying their security lays the basis of the trust we have in their features. In this paper, we provide the first security analysis of the Titan M. We start by reverse engineering the firmware and reviewing the open source code in the Android OS responsible for the communication with the chip. By exploiting a known vulnerability, we then dynamically examine the memory and the internals of the chip. Finally, leveraging the acquired knowledge, we design and implement a structure-aware black-box fuzzer. Using our fuzzer, we rediscover several known vulnerabilities after a few seconds of testing, proving the effectiveness of our solution. In addition, we find and report a new vulnerability in the latest version of the firmware.
Item Type:Essay (Master)
Quarkslab, Paris, France
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page