Trusted Execution Environment, millions of users have one, do you have yours?

mobile phone

I have been spending few years monitoring the development of a technology named Trusted Execution Environment in standard. Switching from a quest, to a technical concept and now starting to be embedded in devices, I felt it is time to share few things about that security enabler. At the time I discovered that strange stuff, it was just a question ‘how can we make the mobile more secure?’. That question was extensively discussed in OMTP, a dead consortium of mobile network operators and device makers. They wrote some security requirements, based on well know existing attacks on mobile environments and expected someone to solve the problem.

Who started to solve the probem ? GlobalPlatform, a standardization body [1], decided to take those requirements and define the ideal security guard for your mobile. The technology was named Trusted Execution Environment, and months after months, it got more traction, companies being curious or afraid joined the discussion. First driven by Nokia and Trusted Logic (merged with gemalto, then cut to be part of Trustonic), the technical work was supported by TI (RIP), ARM, and now NVIDIA, AMD, ST, Qualcom, Ericsson, Samsung are backing the development of the TEE specifications. Based on involved people, art of consensus and collaborative work, the TEE is now a well defined security object, which characteristics are described in a set of nice specifications, describing the architecture but also the services available to the applications running in it [2].

How does that TEE work ? In few lines, the TEE offers an isolated environment, integrated in environment such as android. It garantees code and data loaded inside to be protected with respect to confidentiality and integrity. Applications running in TEE are named trusted application (to make sure you understand who you should trust). Those applications can play with services such as secure storage, cryptographic operations, secure timing… A virtual smart card ? Yeap, could be. But no. Because the TEE does not resist to hardware attacks. It is designed to provide large memory, high processing power, protects its resources against software attacks, even get control on the display and keypad – to guarantee What You See Is What You Sign. But the TEE would not survive attacks from a user opening his mobile phone and questioning it with probed. And to make sure we all agree on the TEE resistance, there is a security certification describing exactly the attacks that a TEE can survive (and security geeks will be happy to know that it corresponds to a EAL2+ common criteria certification, and learn more by reading the corresponding protection profile).

Does TEE exist in real life ? Sure. Examples of announcements can be found [3]. Most of them are addressing the markets of content protection (well, DRM), corporate security, including BYOD use case. But the TEE will definitely be suitable for governments and payment market. It will be even more appealing soon, when it will include the capability to have its content dynamically managed, in a standard way – the last piece GlobalPlatform is working on to complete the eco-system.

As a conclusion. The TEE can be considered as a trusted relay for any mobile application offering secure services. It is also the ideal companion of the secure element as there is also a standard service allowing Trusted Application to access to secure element (embedded chip, sim card or µSD). Imagine : while using your payment application somewhere in your secure element, you are confident that the mobile screen displays the correct amount of your transaction. Playing that scenario on all the mobile phones is not possible yet, but it is well known that recent android Samsung devices do embed TEE, which makes that millions of TEE are in the field today. And we can expect that Mobile Word Congress, coming soon, will be the right place for more announcements.

To learn more :

GlobalPlatform simple guide on TEE :

Trusted Labs white paper on TEE security certification :

References :

[1] GlobalPlatform

[2] TEE specifications

[3] TEE related press release : TI and Netflix , Solacia and ST , Trustonic partners program


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s