Trisha Shetty (Editor)

Trusted execution environment

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit

The Trusted Execution Environment (TEE) is a secure area of the main processor. It guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. The TEE as an isolated execution environment provides security features such as isolated execution, integrity of Trusted Applications along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security than a rich mobile operating system (mobile OS) and more functionality than a 'secure element' (SE).

Contents

Industry associations like GlobalPlatform (working to standardize specifications for the TEE) and Trusted Computing Group (working to align GlobalPlatform TEE specification with its Trusted Platform Module (TPM) technology for enhanced mobile security) have undertaken work in recent years.

History

Open Mobile Terminal Platform (OMTP) first defined the TEE in their 'Advanced Trusted Environment:OMTP TR1' standard, defining it as a "set of hardware and software components providing facilities necessary to support Applications" which had to meet the requirements of one of two defined security levels. The first security level, Profile 1, was targeted against only software attacks and whilst Profile 2, was targeted against both software and hardware attacks.

Commercial TEE solutions based on ARM TrustZone technology which conformed to the TR1 standard such as Trusted Foundations, developed by Trusted Logic, were later launched. This software would become part of the Trustonic joint venture, and the basis of future GlobalPlatform TEE solutions.

Work on the OMTP standards ended in mid 2010 when the group transitioned into the 'Wholesale Applications Community' (WAC).

The OMTP standards, including those defining a TEE, are hosted by GSMA.

In July 2010 GlobalPlatform first announced their own standardisation of the TEE, focusing first on the client API (the interface to the TEE within the mobile OS) which was expanded later to include the TEE internal API, a Remote Administration framework, a compliance programme and standardised security level.

Details

The TEE is an isolated environment that runs in parallel with the operating system, providing security for the rich environment. It is more secure than the OS and offers a higher level of functionality than the SE, using a hybrid approach that utilizes both hardware and software to protect data. It therefore offers a level of security sufficient for most applications. Trusted applications running in a TEE have access to the full power of a device's main processor and memory, while hardware isolation protects these from user installed apps running in a main operating system. Software and cryptographic isolation inside the TEE protect the trusted applications contained within from each other.

Service providers, mobile network operators (MNO), operating system developers, application developers, device manufacturers, platform providers and silicon vendors are all key stakeholders are all interested in, and contributing to, the standardization efforts and will benefit from the resulting specifications.

Uses

There are a number of use cases for the TEE:

Premium content protection

The TEE is an ideal environment for protecting premium content (for example, HD films) on connected devices such as smart phones and HD televisions. Premium content is defined by its perceived value which is in itself defined by the quality of the material (4K high definition films are one example), the file's proximity to its release date (as content has more value the closer it is to its release) and by consumer recognition. The TEE is used to protect the highest value content and so will be deployed into devices where this content is available:

  • 4K HD televisions
  • 4K HD set-top boxes
  • tablet computers
  • smartphones

    • The TEE is used to protect the content once it is on the device. The content is encrypted during transmission or streaming so it is protected. The TEE protects the content once it has been decrypted on the device as it is a secure environment.

    Mobile financial services

    As m-Commerce (mobile wallets, peer-to-peer payments, contactless payments and using a mobile device as a point of sale (POS) terminal) develops, stronger and more standardized mobile security is needed. In collaboration with near field communication (NFC) and SEs, the TEE needs to be deployed to ensure the device is secure and that consumers can carry out any financial transaction in a safe and trusted environment.

    Sensitive mobile use cases often need some form of interaction with the end user, meaning that sensitive information needs to be ‘exposed’ in the mobile OS to the user for validation - 'to guarantee What You See Is What You Sign'. The TEE offers a safe and trusted user interface to enable authentication on a mobile device.

    Authentication

    The TEE is ideal for supporting natural ID (facial recognition, fingerprint sensor and voice authorization) as PINs and passwords can be easily hacked and stolen. The authentication process is split into three stages:

  • Extracting an 'image' (scanning the fingerprint or capturing a voice sample, for example).
  • A reference 'template' stored on the device for comparison with the extracted 'image'.
  • A match engine to process the comparison between the 'image' and the 'template'.

    • The TEE is an ideal area within a mobile device to house the match engine and the associated processes required to authenticate the user. The increased security of this environment is able to protect the data and establish a buffer against the non-secure apps located in mobile OS. This additional security will help to satisfy the needs of service providers in addition to keeping the costs low for handset developers.

    The FIDO Alliance is collaborating with GlobalPlatform to standardize the TEE for natural ID implementations.

    Enterprise and government

    The TEE can be used by governments and enterprises to enable the secure handling of confidential information on a mobile device. The TEE offers a level of protection against software attacks generated in the mobile OS and assists in the control of access rights. It achieves this by housing sensitive, ‘trusted’ applications that need to be isolated and protected from the mobile OS and any malicious malware that may be present. Through utilizing the functionality and security levels offered by the TEE, governments and enterprises can be assured that employees using their own devices are doing so in a secure and trusted manner.

    Implementations

    The following embedded hardware technologies can be used to support TEE implementations:

  • AMD:
  • Platform Security Processor (PSP)
  • AMD Secure Execution Environment
  • ARM TrustZone
  • ARM:
  • TrustZone
  • Intel:
  • Trusted Execution Technology
  • SGX Software Guard Extensions
  • "Silent Lake" (available on Atom processors)

    • Several TEE implementations are available from different TEE providers:

  • Commercial implementations
  • Kinibi, a commercial implementation from Trustonic that has been qualified by GlobalPlatform
  • TSEE, a commercial implementation based on ARM TrustZone, Intel SGX and ARM Virtualization from TrustKernel and has been qualified by GlobalPlatform
  • securiTEE, a commercial implementation from Solacia that has been qualified by GlobalPlatform
  • Open-source implementations
  • OP-TEE, an open source implementation under BSD license, originally from STMicroelectronics, now owned and maintained by Linaro.
  • TLK, an open-source implementation from Nvidia under BSD license
  • T6, and open-source implementation and research topic under GPL license
  • Open TEE, an open source implementation and research project from the University of Helsinki and sponsored by Intel. Provided under an Apache license
  • Implementations with dual commercial/open-source licensing
  • SierraTEE, an implementation from Sierraware available both under commercial and GPL-licensing

    • Standardization

    While there are a number of proprietary systems, GlobalPlatform is working to standardize the TEE. Standardizing the TEE is crucial for mobile wallets, NFC payment implementations, premium content protection and bring your own device (BYOD) initiatives.

    These following TEE specifications are currently available from the GlobalPlatform website:

  • TEE Client API Specification v1.0 outlines the communication between applications running in a mobile OS and trusted applications residing in the TEE.
  • TEE Systems Architecture v1.0 explains the hardware and software architectures behind the TEE.
  • TEE Internal API Specification v1.0 specifies how to develop trusted applications.
  • TEE Secure Element API Specification v1.0 specifies the syntax and semantics of the TEE Secure Element API. It is suitable for software developers implementing trusted applications running inside the TEE which need to expose an externally visible interface to client applications.
  • Trusted User Interface API Specification v1.0 specifies how a trusted UI should facilitate information that will be securely configured by the end user and securely controlled by the TEE.
  • TEE TA Debug Specification v1.0 specifies the GlobalPlatform TEE debug interfaces and protocols.
  • TEE Management Framework v1.0 specifies the GlobalPlatform Remote Administration Framework, which enables trusted applications on a device to be remotely managed by trusted service providers.

    • Joint venture formed by ARM, Gemalto and Giesecke & Devrient (G&D), Trustonic, was the first to qualify a GlobalPlatform-compliant TEE product in 2013.

    Security

    The GlobalPlatform TEE Protection Profile specifies the typical threats the hardware and software of the TEE needs to withstand. It also details the security objectives that are to be met in order to counter these threats and the security functional requirements that a TEE will have to comply with. A security assurance level of EAL2+ has been selected; the focus is on vulnerabilities that are subject to widespread, software-based exploitation.

    The Common Criteria portal has officially listed the GlobalPlatform TEE Protection Profile on its website, under the Trusted Computing category. This important milestone means that industries using TEE technology to deliver services such as premium content and mobile wallets, or enterprises and governments establishing secure mobility solutions, can now formally request that TEE products are certified against this security framework.

    GlobalPlatform is committed to ensuring a standardized level of security for embedded applications on secure chip technology. It has developed an open and thoroughly evaluated trusted execution environment (TEE) ecosystem with accredited laboratories and evaluated products. This certification scheme created to certify a TEE product in 3 months has been launched officially in June 2015

    References

    Trusted execution environment Wikipedia
    (Text) CC BY-SA