File:OWASP Security Tapas - TrustZone, TEE and Mobile Security final.pdf

From OWASP
Revision as of 15:42, 26 October 2015 by Peter Magnusson (talk | contribs) (Trusted Execution Environment, TrustZone and Mobile Security OWASP Göteborg: Security Tapas, Oct-20, 2015 Peter Gullberg, Principal Engineer - Digital Banking, Gemalto "TEE allows Applications to execute, process, protect and store sensitive data in...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
OWASP_Security_Tapas_-_TrustZone,_TEE_and_Mobile_Security_final.pdf(file size: 1.5 MB, MIME type: application/pdf)

Trusted Execution Environment, TrustZone and Mobile Security

OWASP Göteborg: Security Tapas, Oct-20, 2015 Peter Gullberg, Principal Engineer - Digital Banking, Gemalto

"TEE allows Applications to execute, process, protect and store sensitive data in an isolated, trusted environment."

Trusted Execution Environment (TEE)

TEE - Use Cases 5 Content Protection • IP streaming • DRM • Key protection • Content protection Mobile Financial Services • mBanking • Online payments • User authentication • Transaction validation Corporate/government • Secure networking • Secure email • BYOD • User authentication • Data encryption

Example of TEE enabled devices

Architectural ways of achieving a TEE

ARM TrustZone TrustZone enables the development of separate environments Rich Operating System - Normal domain Trusted Execution - Secure domain Both domains have the same capabilities Operate in a separate memory space Enables a single physical processor core to execute from both the Normal world and the Secure world Normal world components cannot access secure world resources Cortex-A Processors

How TrustZone works 10 Uses a “33rd bit”, signaling whether in secure mode This bit is also propagated outside the system on chip (SoC) Peripherals and memory are configured during startup which side to belong to (normal/secure)

ARM TrustZone: Non Secure bit 11 The memory is split in Secure and Non-secure regions Non-secure (NS) bit Determines if the program execution is in the Secure or Nonsecure world AMBA AXI bus propagates the NS bit Shared memory between two worlds Possible to secure peripherals Screen, crypto blocks Protected against software attacks

ARM TrustZone: transition management 12 Switch between normal and secure domain Monitor Gatekeeper that controls migration between Normal and Secure world In normal world, have both user mode and privileges mode. Same for Secure world Secure device drivers typically run in user mode Cannot switch the NS bit in user mode Secure Monitor Call SMC


CPU boots in "secure kernel mode" in ROM ROM Boot loader verifies signature of TEE OS TEE verifies signature of RichOS and starts it

Example on use case securebitcoin.net


BitCoin - example 16 SecureBitCoin.net Secure management of Master Secret PIN-entry to access the Master Secret Use secure crypto provided by TEE Master Secret is kept secure at all time Malware cannot steal data, or modify transactions


Trusted User Interface


App Deployment "secure BitCoin" App


Global Platform

File history

Click on a date/time to view the file as it appeared at that time.

Date/TimeDimensionsUserComment
current15:42, 26 October 2015 (1.5 MB)Peter Magnusson (talk | contribs)Trusted Execution Environment, TrustZone and Mobile Security OWASP Göteborg: Security Tapas, Oct-20, 2015 Peter Gullberg, Principal Engineer - Digital Banking, Gemalto "TEE allows Applications to execute, process, protect and store sensitive data in...
  • You cannot overwrite this file.

The following page links to this file: