GlobalPlatform made simple guide: Trusted Execution Environment (TEE) Guide
GlobalPlatform Executive Director, Kevin Gillick, discusses the Trusted Execution Environment (TEE)
- What is the Trusted Execution Environment (TEE)?
The TEE is a secure area that resides in the main processor of a smart phone (or any mobile device) and ensures that sensitive data is stored, processed and protected in a trusted environment. The TEE's ability to offer safe execution of authorized security software, known as 'trusted applications', enables it to provide end-to-end security by enforcing protection, confidentiality, integrity and data access rights.
To learn more about the TEE, watch the following video discussion:
- How does it align / fit with the secure application ecosystem today and in the future?
To understand more fully, it is useful to put the TEE in the context of the overall security infrastructure of a mobile device.
There are three mobile environments which make up the security framework within a mobile phone. Each has a different task:
- Rich Operating System (Rich OS): An environment created for versatility and richness where device applications, such as Android, Symbian OS, and Windows Phone for example, are executed. It is open to third party download after the device is manufactured. Security is a concern here but is secondary to other issues.
- Trusted Execution Environment (TEE): Made up of software and hardware, the TEE offers a level of protection against software attacks, generated in the Rich OS environment. It assists in the control of access rights and houses sensitive applications, which need to be isolated from the Rich OS. For example, the TEE is the ideal environment for content providers offering a video for a limited period of time that need to keep their premium content (e.g. HD video) secure so that it cannot be shared for free.
- Secure Element (SE): The SE is comprised of software and tamper resistant hardware. It allows high levels of security and can even work in tandem with the TEE. The SE is mandatory for hosting proximity payment applications or official electronic signatures where the highest level of security is required. The TEE may also offer a trusted user interface to securely transmit a personal identification number (PIN), which is required in order to make high value transactions. It also filters access to applications stored directly on the SE.
The TEE is an isolated environment that runs in parallel with the Rich OS, providing security services to the rich environment. More secure than the Rich OS but not as secure as the SE, it offers a level of security sufficient for a significant number of applications. The TEE therefore offers a secure 'middle ground' between the high protection of the SE and the low protection of the Rich OS.
The TEE is now an essential part of the mobile ecosystem. It offers security and protection for all aspects of the mobile device – handset, Rich OS and SE – and satisfies the needs of the major players.
Service providers, mobile network operators (MNO), operating system (OS) and application developers, device manufacturers, platform providers and silicon vendors are all key stakeholders and, therefore, have a vested interest in seeing security implemented to a carefully developed and documented standard.
To find out more about the use cases driving TEE adoption in the marketplace, please watch the following video:
Who created the TEE and when?
Handset manufacturers or chip manufacturer have developed versions of this technology in the past years and included them in their devices as a part of their proprietary solution. Application developers therefore have to deal with the complexity of creating and securely evaluating different versions of each application in order to conform to the different sets of specifications and security levels drawn up by each, individual proprietary solution.
Since GlobalPlatform is handset and Rich OS agnostic, it is well placed to bring forward a methodology for the TEE that can be embraced by all suppliers and reside comfortably alongside each of their rich OS environments. Interoperability in both functionality and security will be enhanced by the standardization of the TEE. This will simplify app development and deployment for all concerned.
Why has it been created / what business and commercial requirements does it meet?
There are two central reasons why the TEE exists;
- More mobile services are emerging that require a greater level of security.
- With an increased number of users, there is a greater need for protection from malware / viruses. Applications with higher security requirements, and therefore heightened ramifications if compromised, require more protection than can be offered by software solutions alone.
Content protection, corporate environments, connectivity and the rise of mobile financial services all require increased levels of security. The TEE isolates secure applications and keeps them away from any malware which might be downloaded inadvertently. This makes the TEE a key environment for devices moving forward.
In terms of business and commercial benefits, the TEE is central to the requirements of the key players. Mobile manufacturers need to have a TEE environment present to satisfy the business requirements of different content providers. MNOs want the TEE, since it will enable them to offer more and higher value services to customers, facilitating increased revenues. Content providers want the TEE to ensure that their product remains secure and can be deployed to numerous platforms in a common manner.
Additionally, payment service providers do not want to have to develop different versions of the same application in order to satisfy the needs of different proprietary TEE environments. E.g. if the ecosystem is not standardized, payment service providers will have to be certified and support different applications and processes. This is time consuming, costly and counterintuitive to the goal of creating a mass market for application deployment.
Watch this video to see Gil Bernabeu and Christophe Colas of GlobalPlatform discussing how the TEE enables the development of secure applications:
To learn more about the benefits of having an underlying secure platform such as the TEE, watch the following video:
Why is GlobalPlatform involved?
GlobalPlatform and its members recognize the need for standards to be developed in parallel with the evolution of a new ecosystem. This mutual development will provide greater certainty and lower the cost of progress for the industry by removing barriers caused by interoperability issues.
GlobalPlatform recognizes the importance of the TEE for the future of managing applications on secure chip technology. Bridging the gap between the rich OS and SE is essential for the future security of trusted applications on mobile devices. Involvement with the standardization will also seek to breed market confidence. With ten years of experience in the mobile space and the expertise of the membership, its work is at the forefront of the market. GlobalPlatform has already worked to standardize the management of applications on SEs and also has extensive experience in the TEE through the development and delivery of three different specifications:
- TEE Client API Specification v1.0 outlines the communication between applications running in a rich OS and trusted applications residing in the TEE.
- TEE Systems Architecture v1.0 explains the hardware and software architectures behind the TEE.
- TEE Internal API Specification v1.0 specifies how to develop trusted applications.
All specifications can be downloaded from the GlobalPlatform Device Specifications webpages.
As GlobalPlatform is component agnostic, it is seeking to standardize the specifications to ensure an open and interoperable ecosystem. GlobalPlatform's aim is to continue enhancing its specification offering in relation to the TEE.
To promote confidence within this advancing ecosystem, GlobalPlatform has launched a TEE compliance program. This offers assurances to application and software developers and hardware manufacturers that a TEE product will perform in line with the GlobalPlatform standards and as intended. It also promotes market stability by providing a long-term, interoperable and industry agreed framework that will evolve with technical requirements over time. Visit the GlobalPlatform Compliance Program webpages for further information.
To complete this infrastructure, GlobalPlatform is developing a security certification program that will qualify the security level of a given TEE implementation. In the mid-term, GlobalPlatform will be working towards an ecosystem where GlobalPlatform compliance is a prerequisite amongst service providers and handset manufacturers. This is a stepping stone on the way to achieving full market adoption, with the long-term goal of the specifications becoming a de facto standard for the industry.
Watch the following video for further information on the role of GlobalPlatform in this space: