Trusted Execution Environments offer alternative to secure element
By Matt McCarthy, Contributing editor, Avisian Publishing
When the ubiquitous smart phone or other mobile device is lost, panic ensues. Was it left in a taxi, or at the gym, or in a restaurant? Or, more maliciously, perhaps targeted for theft to access enterprise assets by criminals looking for a point of entry into a company’s systems.
Luckily, the handset can be protected with a passcode or, in some cases, a biometric access control like fingerprint scanner, voice or facial recognition software. These authentication systems rely on a matching engine to compare between the authentication attempt and the reference template stored on the device.
There are a number of places such authentication events can take place in the handset. One popular option is the Trusted Execution Environment (TEE) that enables secure transactions to take place outside of the device’s secure element. Authentication is just one task that can be performed in a TEE. Payments, protected content access and other secure processes are also key services controlled by the technology.
The TEE is a secure area that resides within the main processor of a smart phone or mobile device and ensures that sensitive data is stored, processed and protected in a trusted environment. It is made up of both software and tamper-resistant hardware, and acts as an alternative location to store data instead of the relying on the operating system or the secure element.
“The TEE helps us get around the limitations of the secure element,” explains Kevin Gillick, executive director of GlobalPlatform, and association that develops specifications for secure and interoperable use of embedded applications on chip technology. “Within the secure element you don’t have much data storage and you don’t have a lot of processing capabilities,” explains Gillick.
An alternative is the operating system but that has its drawbacks as well. “That’s a security problem because there’s so much opportunity to introduce malware or rogue activity and there’s little in the way of protection mechanisms,” Gillick explains.
The TEE is an ideal option for application developers because it provides computing power, memory and security, says Robert Brown, vice president of market development at Trustonic. A TEE must be built into a device by its manufacturer, but from there application developers have an easier time accessing this environment than the secure element. “We build trusted keys and roots of trust into the TEE and establish secure containers,” he adds.
The mobile operator or handset manufacturer controls the secure element, says Brown, and the operating system isn’t secure and malware can corrupt it. “But we’ve set the TEE up so that anyone can access a container and manage it,” he explains.
TEE Use Cases
Gillick identifies three main use cases for TEEs. The first use is for streaming premium content – such as movies, music and eBooks – that require a high level of security to protect against unauthorized distribution but also a high level of functionality to deliver quality features expected by end-users. “Premium content requires protection because distribution is usually done through very carefully written licensing agreements, and they need to be protected so content can’t be copied or shared,” explains Gillick.
The second use case Gillick identifies is in mobile financial services. The TEE can be used for NFC applications, making payments or using the device as a mobile point-of-sale terminal.
The other main use case Gillick cites for the TEE is in secure access to resources in corporate environments particularly as it relates to bring your own device. “If you want to access your enterprise resources from your phone or tablet, your company is going to be concerned about protecting that information. They are going to want to know how credentials are managed, how keys are managed, how certificates are managed – all the things that insure that they’re world is not compromised,” he adds.
The TEE can enable device manufactures to add high-assurance authentication technology at a lower cost, Brown says. In the past there have been a couple of different ways to place biometric sensors on the mobile devices and even PCs. One way was to have the sensor include a processor that would store and match the biometric data but this was pricey, as it required additional hardware.
The other way was to have the matching occur on the device’s processor, but this could be corrupted with viruses and malware. The TEE enables the matching to be done on the processor in a secure manner, and it is cheaper because a second processor isn’t necessary, Brown explains.
Some are also looking to perform host-card emulation in the TEE, Brown says. Host-card emulation is a protocol that would enable near field communication on devices without access to the secure element. Host card emulation functions could also take place in the TEE, improving the security of the overall approach.
Early iterations of TEE technology began appearing from the different handset and chip manufacturers, who included it in their devices as a part of their proprietary solution as early as fifteen years ago, says Gillick. In February of 2011, GlobalPlatform published a white paper recognizing a need for standardization, “The Trusted Execution Environment: Delivering Enhanced Security at a Lower Cost to the Mobile Market,” which outlines a roadmap to implementation and standardization of TEEs.
Consulting and testing services provider FIME helps chip and handset manufacturers determine if TEE offerings are compliant with GlobalPlatform specifications. The organization stresses the importance of standardization in this arena, explains Stephanie El Rhomri, manager for Near Field Communication and payment vendor business line at FIME. “If you want to have widespread TEE adoption you cannot use proprietary technology.”
As Gillick explains, “If TEE technology is not standardized then anyone developing an application is put into the uncomfortable situation of having to develop, support, and lifecycle-mange their application in a different way for each operating environment to which their application is provisioned.
“It gets cost prohibitive and acts as a block to the establishment of a mass market,” says Gillick. “So people really want to standardize the TEE.”
And with access to the secure element a difficult task and malware for mobile devices on the rise, he believes that more and more applications will move to these trusted environments.