This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
File:OWASP Security Tapas - TrustZone, TEE and Mobile Security final.pdf
Trusted Execution Environment, TrustZone and Mobile Security
OWASP Göteborg: Security Tapas, Oct-20, 2015 Peter Gullberg, Principal Engineer - Digital Banking, Gemalto
"TEE allows Applications to execute, process, protect and store sensitive data in an isolated, trusted environment."
Trusted Execution Environment (TEE)
TEE - Use Cases 5 Content Protection • IP streaming • DRM • Key protection • Content protection Mobile Financial Services • mBanking • Online payments • User authentication • Transaction validation Corporate/government • Secure networking • Secure email • BYOD • User authentication • Data encryption
Example of TEE enabled devices
Architectural ways of achieving a TEE
ARM TrustZone TrustZone enables the development of separate environments Rich Operating System - Normal domain Trusted Execution - Secure domain Both domains have the same capabilities Operate in a separate memory space Enables a single physical processor core to execute from both the Normal world and the Secure world Normal world components cannot access secure world resources Cortex-A Processors
How TrustZone works 10 Uses a “33rd bit”, signaling whether in secure mode This bit is also propagated outside the system on chip (SoC) Peripherals and memory are configured during startup which side to belong to (normal/secure)
ARM TrustZone: Non Secure bit 11 The memory is split in Secure and Non-secure regions Non-secure (NS) bit Determines if the program execution is in the Secure or Nonsecure world AMBA AXI bus propagates the NS bit Shared memory between two worlds Possible to secure peripherals Screen, crypto blocks Protected against software attacks
ARM TrustZone: transition management 12 Switch between normal and secure domain Monitor Gatekeeper that controls migration between Normal and Secure world In normal world, have both user mode and privileges mode. Same for Secure world Secure device drivers typically run in user mode Cannot switch the NS bit in user mode Secure Monitor Call SMC
CPU boots in "secure
kernel mode" in ROM
ROM Boot loader
verifies signature of
TEE OS
TEE verifies signature
of RichOS and starts it
Example on use case securebitcoin.net
BitCoin - example
16
SecureBitCoin.net
Secure management of
Master Secret
PIN-entry to access the
Master Secret
Use secure crypto
provided by TEE
Master Secret is kept
secure at all time
Malware cannot steal data,
or modify transactions
Trusted User Interface
App Deployment
"secure BitCoin" App
Global Platform
File history
Click on a date/time to view the file as it appeared at that time.
Date/Time | Dimensions | User | Comment | |
---|---|---|---|---|
current | 20:42, 26 October 2015 | (1.5 MB) | Peter Magnusson (talk | contribs) | Trusted Execution Environment, TrustZone and Mobile Security OWASP Göteborg: Security Tapas, Oct-20, 2015 Peter Gullberg, Principal Engineer - Digital Banking, Gemalto "TEE allows Applications to execute, process, protect and store sensitive data in... |
- You cannot overwrite this file.
File usage
The following page links to this file: