Jump to content

Trusted execution environment

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 50.151.193.168 (talk) at 08:54, 28 November 2016 (Changed grammatical tense). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The Trusted Execution Environment (TEE) is a secure area of the main processor. It guarantees code and data loaded inside to be protected with respect to confidentiality and integrity.[1] The TEE as an isolated execution environment provides security features such as isolated execution, integrity of Trusted Applications along with confidentiality of their assets.[2] In general terms, the TEE offers an execution space that provides a higher level of security than a rich mobile operating system (mobile OS) and more functionality than a 'secure element' (SE).[3]

Industry associations like GlobalPlatform (working to standardize specifications for the TEE[4]) and Trusted Computing Group (working to align GlobalPlatform TEE specification with its Trusted Platform Module (TPM) technology for enhanced mobile security[5]) have undertaken work in recent years.

History

Open Mobile Terminal Platform (OMTP) first defined the TEE in their 'Advanced Trusted Environment:OMTP TR1' standard, defining it as a "set of hardware and software components providing facilities necessary to support Applications" which had to meet the requirements of one of two defined security levels. The first security level, Profile 1, was targeted against only software attacks and whilst Profile 2, was targeted against both software and hardware attacks.[6]

Commercial TEE solutions based on ARM TrustZone technology which conformed to the TR1 standard such as Trusted Foundations, developed by Trusted Logic, were later launched.[7] This software would become part of the Trustonic joint venture, and the basis of future GlobalPlatform TEE solutions.[8][9]

Work on the OMTP standards ended in mid 2010 when the group transitioned into the 'Wholesale Applications Community' (WAC).[10]

The OMTP standards, including those defining a TEE, are hosted by GSMA.[11]

In July 2010 GlobalPlatform first announced their own standardisation of the TEE, focusing first on the client API (the interface to the TEE within the mobile OS)[12] which was expanded later to include the TEE internal API,[13] and a compliance programme and standardised security level.[14]

Details

The TEE is an isolated environment that runs in parallel with the operating system, providing security for the rich environment. It is more secure than the OS and offers a higher level of functionality than the SE, using a hybrid approach that utilizes both hardware and software to protect data.[15] It therefore offers a level of security sufficient for most applications. Trusted applications running in a TEE have access to the full power of a device's main processor and memory, while hardware isolation protects these from user installed apps running in a main operating system. Software and cryptographic isolation inside the TEE protect the trusted applications contained within from each other.[16]

Service providers, mobile network operators (MNO), operating system developers, application developers, device manufacturers, platform providers and silicon vendors are all key stakeholders are all interested in, and contributing to, the standardization efforts and will benefit from the resulting specifications.

Uses

There are a number of use cases for the TEE:

Premium content protection

The TEE is an ideal environment for protecting premium content (for example, HD films) on connected devices such as smart phones and HD televisions. Premium content is defined by its perceived value which is in itself defined by the quality of the material (4K high definition films are one example), the file's proximity to its release date (as content has more value the closer it is to its release) and by consumer recognition. The TEE is used to protect the highest value content and so will be deployed into devices where this content is available:

The TEE is used to protect the content once it is on the device. The content is encrypted during transmission or streaming so it is protected. The TEE protects the content once it has been decrypted on the device as it is a secure environment.

Mobile Financial Services

As m-Commerce (mobile wallets, peer-to-peer payments, contactless payments and using a mobile device as a point of sale (POS) terminal) develops, stronger and more standardized mobile security is needed. In collaboration with near field communication (NFC) and SEs, the TEE needs to be deployed to ensure the device is secure and that consumers can carry out any financial transaction in a safe and trusted environment.[17]

Sensitive mobile use cases often need some form of interaction with the end user, meaning that sensitive information needs to be ‘exposed’ in the mobile OS to the user for validation - 'to guarantee What You See Is What You Sign'.[18] The TEE offers a safe and trusted user interface to enable authentication on a mobile device.[19]

Authentication

The TEE is ideal for supporting natural ID (facial recognition, fingerprint sensor and voice authorization) as PINs and passwords can be easily hacked and stolen. The authentication process is split into three stages:

  • Extracting an 'image' (scanning the fingerprint or capturing a voice sample, for example).
  • A reference 'template' stored on the device for comparison with the extracted 'image'.
  • A match engine to process the comparison between the 'image' and the 'template'.

The TEE is an ideal area within a mobile device to house the match engine and the associated processes required to authenticate the user. The increased security of this environment is able to protect the data and establish a buffer against the non-secure apps located in mobile OS. This additional security will help to satisfy the needs of service providers in addition to keeping the costs low for handset developers.

The FIDO Alliance is collaborating with GlobalPlatform to standardize the TEE for natural ID implementations.[20]

Enterprise and government

The TEE can be used by governments and enterprises to enable the secure handling of confidential information on a mobile device. The TEE offers a level of protection against software attacks generated in the mobile OS and assists in the control of access rights. It achieves this by housing sensitive, ‘trusted’ applications that need to be isolated and protected from the mobile OS and any malicious malware that may be present. Through utilizing the functionality and security levels offered by the TEE, governments and enterprises can be assured that employees using their own devices are doing so in a secure and trusted manner.

Implementations

The following embedded hardware technologies can be used to support TEE implementations:

Several TEE implementations are available from different TEE providers:

  • Commercial implementations
    • Kinibi,[28] a commercial implementation from Trustonic that has been qualified by GlobalPlatform[29]
    • securiTEE,[30] a commercial implementation from Solacia that has been qualified by GlobalPlatform[31]
  • Open-source implementations
  • Implementations with dual commercial/open-source licensing
    • SierraTEE,[36] an implementation from Sierraware available both under commercial and GPL-licensing

Standardization

While there are a number of proprietary systems, GlobalPlatform is working to standardize the TEE. Standardizing the TEE is crucial for mobile wallets, NFC payment implementations, premium content protection and bring your own device (BYOD) initiatives.

These following TEE specifications are currently available from the GlobalPlatform website:[37]

Joint venture formed by ARM, Gemalto and Giesecke & Devrient (G&D), Trustonic, was the first to qualify a GlobalPlatform-compliant TEE product in 2013.[41]

Security

The GlobalPlatform TEE Protection Profile specifies the typical threats the hardware and software of the TEE needs to withstand. It also details the security objectives that are to be met in order to counter these threats and the security functional requirements that a TEE will have to comply with. A security assurance level of EAL2+ has been selected; the focus is on vulnerabilities that are subject to widespread, software-based exploitation.

The Common Criteria portal has officially listed the GlobalPlatform TEE Protection Profile[42] on its website, under the Trusted Computing category. This important milestone means that industries using TEE technology to deliver services such as premium content and mobile wallets, or enterprises and governments establishing secure mobility solutions, can now formally request that TEE products are certified against this security framework.

GlobalPlatform is committed to ensuring a standardized level of security for embedded applications on secure chip technology. It has developed an open and thoroughly evaluated trusted execution environment (TEE) ecosystem with accredited laboratories and evaluated products. This certification scheme created to certify a TEE product in 3 months has been launched officially in June 2015 [43]

See also

References

  1. ^ http://poulpita.com/2014/02/18/trusted-execution-environment-do-you-have-yours/
  2. ^ https://www.youtube.com/watch?v=PmtQtWpfW3w
  3. ^ http://www.globalplatform.org/documents/GlobalPlatform_TEE_White_Paper_Feb2011.pdf
  4. ^ http://www.landmobile.co.uk/news/globalplatform-publishes-tee-security-best-practice-guidelines
  5. ^ http://www.trustedcomputinggroup.org/resources/tpm_mobile_with_trusted_execution_environment_for_comprehensive_mobile_device_security
  6. ^ http://www.gsma.com/newsroom/wp-content/uploads/2012/03/omtpadvancedtrustedenvironmentomtptr1v11.pdf
  7. ^ http://www.trusted-logic.com/IMG/pdf/TRUSTED_LOGIC_TRUSTED_FOUNDATIONS_OMTP_FINAL.pdf
  8. ^ https://www.trustonic.com/about-us/who-we-are/
  9. ^ http://tlmobility.com/spip.php?article207
  10. ^ http://www.mobileeurope.co.uk/Press-Wire/omtp-announces-final-documents-prior-to-transition-into-wholesale-application-community
  11. ^ "OMTP documents". http://www.gsma.com/newsroom/technical-documents/omtp-documents/. GSMA. May 2012. Retrieved 12 September 2014. {{cite web}}: External link in |website= (help)
  12. ^ http://globalplatform.org/mediapressview.asp?id=800
  13. ^ http://globalplatform.org/mediapressview.asp?id=800
  14. ^ http://globalplatform.org/mediapressview.asp?id=963
  15. ^ http://www.entrust.com/a-glance-at-mobile-security-the-trusted-execution-environment/
  16. ^ https://www.trustonic.com/products-services/trusted-execution-environment
  17. ^ http://www.globalplatform.org/documents/GP_Position_Paper_Value_Added_Mobile_Services.pdf
  18. ^ http://poulpita.com/2014/02/18/trusted-execution-environment-do-you-have-yours/
  19. ^ http://www.globalplatform.org/TEEevent/media_center_blog_ngarner.asp
  20. ^ http://www.globalplatform.org/TEEevent/media_center_blog_sebastientaveau.asp
  21. ^ http://www.amd.com/en-us/innovations/software-technologies/security
  22. ^ https://classic.regonline.com/custImages/360000/369552/TCC%20PPTs/TCC2013_VanDoorn.pdf
  23. ^ http://hothardware.com/Reviews/AMD-Beema-and-Mullins-Mainstream-and-LowPower-2014-APUs-Tested/?page=2#!bFIw4K
  24. ^ a b c http://www.openvirtualization.org/open-source-arm-trustzone.html
  25. ^ http://www.amd.com/en-us/innovations/software-technologies/security
  26. ^ http://www.arm.com/about/events/globalplatform-trusted-execution-environment-trustzone-building-security-into-your-platform.php
  27. ^ http://www.cs.helsinki.fi/group/secures/CCS-tutorial/tutorial-slides.pdf
  28. ^ https://www.trustonic.com/products-services/trusted-execution-environment/
  29. ^ https://www.globalplatform.org/compliance/LOQ_GP_QC_0025_Recognized_Card_Trustonic_Limited.pdf
  30. ^ http://www.sola-cia.com/en/securiTee/product.asp
  31. ^ https://www.globalplatform.org/compliance/GP_QC_0122_Recognized_Card_Solacia_Inc.pdf
  32. ^ https://github.com/OP-TEE
  33. ^ http://nv-tegra.nvidia.com/gitweb/?p=3rdparty/ote_partner/tlk.git;a=summary
  34. ^ http://www.liwenhaosuper.com/projects/t6/t6_overview.html
  35. ^ https://github.com/Open-TEE/project
  36. ^ http://www.openvirtualization.org
  37. ^ http://www.globalplatform.org/specificationsdevice.asp
  38. ^ http://www.nfcworld.com/2010/08/11/34274/globalplatform-specification-adds-secure-area-to-mobile-phone-baseband-processors/
  39. ^ http://www.finextra.com/news/announcement.aspx?pressreleaseid=44607&topic=internet
  40. ^ http://www.finextra.com/news/announcement.aspx?pressreleaseid=44607&topic=internet
  41. ^ https://www.trustonic.com/news/release/trustonic-is-first-to-qualify-a-globalplatform-compliant-tee/en
  42. ^ https://www.commoncriteriaportal.org/files/ppfiles/anssi-profil_PP-2014_01.pdf
  43. ^ https://www.globalplatform.org/mediapressview.asp?id=1154