A trusted execution environment (TEE) is a secure area of a main processor. It guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. A TEE as an isolated execution environment provides security features such as isolated execution, integrity of applications executing with the TEE, along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security than a rich mobile operating system open (mobile OS) and more functionality than a 'secure element' (SE).
Industry associations like GlobalPlatform (working to standardize specifications for the TEE) and Trusted Computing Group (working to align GlobalPlatform TEE specification with its Trusted Platform Module (TPM) technology for enhanced mobile security) have undertaken work in recent years.
Video Trusted execution environment
History
Open Mobile Terminal Platform (OMTP) first defined TEE in their 'Advanced Trusted Environment:OMTP TR1' standard, defining it as a "set of hardware and software components providing facilities necessary to support Applications" which had to meet the requirements of one of two defined security levels. The first security level, Profile 1, was targeted against only software attacks and whilst Profile 2, was targeted against both software and hardware attacks.
Commercial TEE solutions based on ARM TrustZone technology which conformed to the TR1 standard such as Trusted Foundations, developed by Trusted Logic, were later launched. This software would become part of the Trustonic joint venture, and the basis of future GlobalPlatform TEE solutions.
Work on the OMTP standards ended in mid 2010 when the group transitioned into the 'Wholesale Applications Community' (WAC).
The OMTP standards, including those defining a TEE, are hosted by GSMA.
In July 2010 GlobalPlatform first announced their own standardisation of the TEE, focusing first on the client API (the interface to the TEE within the mobile OS) which was expanded later to include the TEE internal API, a Remote Administration framework, a compliance programme and standardised security level.
Maps Trusted execution environment
Details
The TEE is an isolated environment that runs in parallel with the operating system, providing security for the rich environment. It is intended to be more secure than the User-facing OS (which GlobalPlatform calls the REE or Rich Execution Environment) and offers a higher level of performance and functionality than a Secure Element (SE), using a hybrid approach that utilizes both hardware and software to protect data. It therefore offers a level of security sufficient for many applications. Trusted applications running in a TEE have access to the full power of a device's main processor and memory, while hardware isolation protects these from user installed apps running in a main operating system. Software and cryptographic isolation inside the TEE protect the trusted applications contained within from each other.
Service providers, mobile network operators (MNO), operating system developers, application developers, device manufacturers, platform providers and silicon vendors are the main stakeholders contributing to the standardization efforts around the TEE.
To prevent simulation of hardware with a user-controlled software a hardware root of trust is used. To simulate the hardware in a way enabling it to pass remote authentication an attacker should extract keys from the hardware, which is costly because of used equipment and reverse engineering skills required (focused ion beam, scanning electron microscope, microprobing, decapsulation) or even impossible if the hardware is designed in a way that reverse engineering destroys the keys. In some cases the keys are unique for each piece of hardware, so a key extracted from one chip is useless for another ones.
Uses
There are a number of use cases for the TEE. Though not all possible use cases exploit the deprivation of ownership, TEE is usually used exactly for this.
Premium Content Protection / Digital Restrictions Management
Note: Much TEE literature covers this topic under the definition "premium content protection" which is the preferred nomenclature of many copyright holders. Premium content protection is a specific use case of Digital Restrictions Management (DRM), and is controversial among some communities. It is widely used by copyrights holders to restrict the ways in which end users can consume content such as 4K high definition films.
The TEE is a suitable environment for protecting digitally encoded information (for example, HD films or audio) on connected devices such as smart phones, tablets and HD televisions. This suitability comes from the ability of the TEE to deprive owner of the device from reading stored secrets, and the fact that there is often a protected hardware path between the TEE and the display and/or subsystems on devices.
The TEE is used to protect the content once it is on the device: while the content is protected during transmission or streaming by the use of encryption, the TEE protects the content once it has been decrypted on the device by ensuring that decrypted content is not exposed to the environment not approved by app developer OR platform vendor.
Mobile financial services
Mobile Commerce applications such as: mobile wallets, peer-to-peer payments, contactless payments or using a mobile device as a point of sale (POS) terminal) often have well-defined security requirements. TEEs can be used, often in conjunction with near field communication (NFC), SEs and trusted backend systems to provide the security required to enable financial transactions to take place.
In some scenarios, interaction with the end user is required, and this may require the user to expose sensitive information such as a PIN, password or biometric identifier to the mobile OS as a means of authenticating the user. The TEE optionally offers a trusted user interface which can be used to construct user authentication on a mobile device.
Authentication
The TEE is well-suited for supporting biometric ID methods (facial recognition, fingerprint sensor and voice authorization), which may be easier to use and harder to steal than PINs and passwords. The authentication process is generally split into three main stages:
- Storing a reference 'template' identifier on the device for comparison with the 'image' extracted in next stage.
- Extracting an 'image' (scanning the fingerprint or capturing a voice sample, for example).
- Using a matching engine to compare the 'image' and the 'template'.
A TEE is a good area within a mobile device to house the matching engine and the associated processing required to authenticate the user. The environment is designed to protect the data and establish a buffer against the non-secure apps located in mobile OS. This additional security may help to satisfy the security needs of service providers in addition to keeping the costs low for handset developers.
The FIDO Alliance is collaborating with GlobalPlatform to standardize the TEE for natural ID implementations.
Enterprise and government
The TEE can be used by governments and enterprises to enable the secure handling of confidential information on a mobile device. The TEE offers a level of protection against software attacks generated in the mobile OS and assists in the control of access rights. It achieves this by housing sensitive, 'trusted' applications that need to be isolated and protected from the mobile OS and any malicious malware that may be present. Through utilizing the functionality and security levels offered by the TEE, governments and enterprises can be assured that employees using their own devices are doing so in a secure and trusted manner.
Implementations
The following embedded hardware technologies can be used to support TEE implementations:
- AMD:
- Platform Security Processor (PSP)
- AMD Secure Execution Environment
- ARM:
- TrustZone
- Intel:
- Trusted Execution Technology
- SGX Software Guard Extensions
- "Silent Lake" (available on Atom processors)
Several TEE implementations are available from different TEE providers:
- Commercial implementations
- Kinibi (formerly: Trusted Foundation, MobiCore, t-base), a commercial implementation from Trustonic that has been qualified by GlobalPlatform
- QSEE, a commercial implementation from Qualcomm
- TSEE, a commercial implementation based on ARM TrustZone, Intel SGX and ARM Virtualization from TrustKernel and has been qualified by GlobalPlatform
- securiTEE, a commercial implementation from Solacia that has been qualified by GlobalPlatform
- CoreTEE, a commercial implementation from Sequitur Labs
- ProvenCore, a commercial implementation from Prove&Run
- ISEE, a commercial implementation from Beijing Bean Pod Technology
- Open-source implementations
- OP-TEE, an open source implementation under BSD license, originally from STMicroelectronics, now owned and maintained by Linaro.
- TLK, an open-source implementation from Nvidia under BSD license
- T6, and open-source implementation and research topic under GPL license
- Open TEE, an open source implementation and research project from the University of Helsinki and sponsored by Intel. Provided under an Apache license
- Implementations with dual commercial/open-source licensing
- SierraTEE, an implementation from Sierraware available both under commercial and GPL-licensing
Standardization
While there are a number of proprietary systems, GlobalPlatform is working to standardize the TEE. Standardizing the TEE is helpful for implementers of mobile wallets, NFC payment implementations, premium content protection and bring your own device (BYOD) initiatives.
These following TEE specifications are currently available from the GlobalPlatform website:
- TEE Client API Specification v1.0 outlines the communication between applications running in a mobile OS and trusted applications residing in the TEE.
- TEE Systems Architecture v1.0 explains the hardware and software architectures behind the TEE.
- TEE Internal API Specification v1.0 specifies how to develop trusted applications.
- TEE Secure Element API Specification v1.0 specifies the syntax and semantics of the TEE Secure Element API. It is suitable for software developers implementing trusted applications running inside the TEE which need to expose an externally visible interface to client applications.
- Trusted User Interface API Specification v1.0 specifies how a trusted UI should facilitate information that will be securely configured by the end user and securely controlled by the TEE.
- TEE TA Debug Specification v1.0 specifies the GlobalPlatform TEE debug interfaces and protocols.
- TEE Management Framework v1.0 specifies the GlobalPlatform Remote Administration Framework, which enables trusted applications on a device to be remotely managed by trusted service providers.
Trustonic was the company to qualify a GlobalPlatform-compliant TEE product. Since then, a significant number of GlobalPlatform TEE implementations have become available. A list of those which have been formally qualified by GlobalPlatform can be found at, and many other TEE products offer a high level of compatibility with GlobalPlatform standards.
Security
The GlobalPlatform TEE Protection Profile specifies the typical threats the hardware and software of the TEE needs to withstand. It also details the security objectives that are to be met in order to counter these threats and the security functional requirements that a TEE will have to comply with. A security assurance level of EAL2+ has been selected; the focus is on vulnerabilities that are subject to widespread, software-based exploitation.
The Common Criteria portal has officially listed the GlobalPlatform TEE Protection Profile on its website, under the Trusted Computing category. This important milestone means that industries using TEE technology to deliver services such as premium content and mobile wallets, or enterprises and governments establishing secure mobility solutions, can now formally request that TEE products are certified against this security framework.
GlobalPlatform is committed to ensuring a standardized level of security for embedded applications on secure chip technology. It has developed an open and thoroughly evaluated trusted execution environment (TEE) ecosystem with accredited laboratories and evaluated products. This certification scheme created to certify a TEE product in 3 months has been launched officially in June 2015
See also
- Open Mobile Terminal Platform
- GlobalPlatform
- Trusted Computing Group
- FIDO Alliance
References
World Wide Web
Source of the article : Wikipedia
0 Comments