File:OWASP Security Tapas - TrustZone, TEE and Mobile Security final.pdf
Trusted Execution Environment, TrustZone and Mobile Security
OWASP Göteborg: Security Tapas, Oct-20, 2015 Peter Gullberg, Principal Engineer - Digital Banking, Gemalto
"TEE allows Applications to execute, process, protect and store sensitive data in an isolated, trusted environment."
Trusted Execution Environment (TEE)
TEE - Use Cases 5 Content Protection • IP streaming • DRM • Key protection • Content protection Mobile Financial Services • mBanking • Online payments • User authentication • Transaction validation Corporate/government • Secure networking • Secure email • BYOD • User authentication • Data encryption
Example of TEE enabled devices
Architectural ways of achieving a TEE
ARM TrustZone TrustZone enables the development of separate environments Rich Operating System - Normal domain Trusted Execution - Secure domain Both domains have the same capabilities Operate in a separate memory space Enables a single physical processor core to execute from both the Normal world and the Secure world Normal world components cannot access secure world resources Cortex-A Processors
How TrustZone works 10 Uses a “33rd bit”, signaling whether in secure mode This bit is also propagated outside the system on chip (SoC) Peripherals and memory are configured during startup which side to belong to (normal/secure)
ARM TrustZone: Non Secure bit 11 The memory is split in Secure and Non-secure regions Non-secure (NS) bit Determines if the program execution is in the Secure or Nonsecure world AMBA AXI bus propagates the NS bit Shared memory between two worlds Possible to secure peripherals Screen, crypto blocks Protected against software attacks
ARM TrustZone: transition management 12 Switch between normal and secure domain Monitor Gatekeeper that controls migration between Normal and Secure world In normal world, have both user mode and privileges mode. Same for Secure world Secure device drivers typically run in user mode Cannot switch the NS bit in user mode Secure Monitor Call SMC
CPU boots in "secure kernel mode" in ROM ROM Boot loader verifies signature of TEE OS TEE verifies signature of RichOS and starts it
Example on use case securebitcoin.net
BitCoin - example 16 SecureBitCoin.net Secure management of Master Secret PIN-entry to access the Master Secret Use secure crypto provided by TEE Master Secret is kept secure at all time Malware cannot steal data, or modify transactions
Trusted User Interface
App Deployment "secure BitCoin" App
Click on a date/time to view the file as it appeared at that time.
|current||15:42, 26 October 2015||(1.5 MB)||Peter Magnusson||Trusted Execution Environment, TrustZone and Mobile Security OWASP Göteborg: Security Tapas, Oct-20, 2015 Peter Gullberg, Principal Engineer - Digital Banking, Gemalto "TEE allows Applications to execute, process, protect and store sensitive data in...|
- You cannot overwrite this file.