Smart connected devices, such as smartphones, are intrinsic to daily life: they are
used for business, social interactions, making purchases and enjoying media content. All
of this data, however, is susceptible to attacks from hackers and the millions of
downloadable applications represent an even larger opportunity for fraudsters.
Similarly, automotive and home devices are increasingly becoming connected and
offering more functionality. On top of this, consumers are increasingly using their
devices in new ways: organizing a trip from a smart TV, streaming music while driving or
using a smartphone to pay for shopping. These expanded practices create new security
vulnerabilities, which highlight the need for mechanisms that allow trusted parties to
have access to applications without granting hackers the same opportunity.
Service providers and original equipment manufacturers (OEMs) now need to protect
applications on many levels: from attacks originating in a device’s operating system,
authenticating the correct user to the correct service, offering increased privacy,
protecting valuable content, allowing secure access to corporate and personal data and
mitigating financial risks. One solution to these security challenges is to provide a small,
isolated execution environment that allows service providers and OEMs to improve the
user experience while reducing fraud. The GlobalPlatform Trusted Execution
Environment (TEE) effectively addresses these concerns.
The TEE is a secure area of the main processor in a smart phone (or any connected
device). It ensures that sensitive data is stored, processed and protected in an isolated,
trusted environment. The TEE's ability to offer isolated safe execution of authorized
security software, known as 'trusted applications', enables it to provide end-to-end
security by enforcing protected execution of authenticated code, confidentiality,
authenticity, privacy, system integrity and data access rights. Comparative to other
security environments on the device, the TEE also offers high processing speeds and a
large amount of accessible memory.
The TEE offers a level of protection against attacks that have been generated in the
Rich OS environment. It assists in the control of access rights and houses sensitive
applications, which need to be isolated from the Rich OS. For example, the TEE is the
ideal environment for content providers offering a video for a limited period of time, as
premium content (e.g. HD video) must be secured so that it cannot be shared for free.
Watch this short video which provides an overview of the TEE:
Multiple handset and chip manufacturers have already developed and deployed
proprietary versions of this technology. The resulting lack of standardization has
presented application developers with a significant challenge to overcome; each
proprietary TEE solution requires a different version of the same application to ensure
that the application conforms to unique versions of the technology. In addition, if the
application provider wishes to deploy to multiple TEE solution environments and have
assurance that each environment will provide a common level of security, then a security
evaluation will need to be performed on each TEE solution. This leads to a resource
intensive development process.
There are two central reasons why the TEE exists:
An increasing number of mobile services, which require a greater level of
security, are emerging.
With a growing number of users, there is a greater need for protection
against software attacks. Applications with higher security requirements, and
therefore heightened ramifications if compromised, require more protection than can be
offered by rich OS solutions alone.
Enterprise IT environments, delivery of premium multimedia content, mobile
payments, the Internet of Things, government identification programs and more seek to
balance a consumer’s desire for a rich experience with the security concerns shared by
consumers and service providers. The TEE isolates trusted applications and keeps them
away from any malware which might be downloaded inadvertently. Because of this, the
TEE will become an essential environment within all devices as the secure services
Since GlobalPlatform is handset and Rich OS agnostic, it is well placed to bring
forward specifications for the TEE that can be embraced by all suppliers and reside
comfortably alongside each of their rich OS environments. Interoperability in both
functionality and security will be enhanced by the standardization of the TEE. This will
simplify application development and deployment for all concerned, saving costs and
time to market.
There are three main use cases for the TEE. It can be used to protect:
Digital content such as films, television, music and other multimedia formats,
mCommerce and mPayments credentials and transactions,
Enterprise and government data.
The protection of premium content, such as a 4K resolution film or a TV series which
has just been aired, is a key driver for the adoption of TEE technology. TEE technology
can be used to ensure that content cannot be stolen once it is decrypted on a device. It
does this by offering a trusted environment in which to perform the decryption and store
the file, in addition to offering trusted video playback to protect the content while it is
being displayed on screen. The technology is therefore of great value for smartphones
and tablets, in addition to 4K televisions and set top boxes.
In mCommerce and mPayments, TEE technology is already being used to protect
payment credentials such as cryptographic keys while a transaction is being authorized.
Another benefit of the TEE is the ability to offer a trusted user interface
(UI) which ensures that the correct information is displayed to the user and that the
information displayed on screen and entered by the user is secure. These capabilities
reduce the risk of passcode logging and allow transaction, logs and statement
information to be securely displayed.
In an enterprise or government environment, the protection of corporate or
otherwise sensitive data is essential. Bring your own device (BYOD) is becoming ever
more prevalent as more employees use their own handsets and tablets to perform work-
based tasks like email and document editing. The TEE enables the secure handling of
confidential data, protection against software attacks from the Rich OS and assistance
with access rights control and user authentication.
From a business and commercial perspective, the TEE meets the requirements of all
of the key players. At a high level:
Mobile manufacturers’ security concerns are tied to several
factors, not the least of which being the sheer number of stakeholders involved in device
and application delivery. A framework (such as GlobalPlatform-certified TEE) that
guarantees a minimum baseline for platform security would allow all stakeholders to
make updates to devices and applications while minimizing threats to consumers.
For MNOs the TEE delivers a higher level of security than what
the Rich OS offers and higher performance than what a Secure Element (SE) typically
offers. In essence, the TEE ensures a high level of trust between the device, the
network, the edge and the cloud, thereby improving the ability of a MNO to enhance
services for root detection, SIM-lock, anti-tethering, mobile wallet, mobile as PoS, data
protection, mobile device management, application security, content protection, device
wipes, and anti-malware protection.
Content and service providers want the TEE to ensure that their
product remains secure and can be deployed to numerous platforms in a common
manner and is easily accessible to the end user.
Payment service providers do not want to have to develop
different versions of the same application in order to satisfy the needs of different
proprietary TEE environments. E.g. if the ecosystem is not standardized, payment
service providers will have to be certified and support different applications and
processes. This is time consuming, costly and counterintuitive to the goal of creating a
mass market for application deployment.
Focusing specifically on security, the TEE is a unique environment that is capable of
increasing the security and assurance level of services and applications, in the following
User Authentication: Using the trusted UI, the TEE makes it
possible to securely collect a user’s password or PIN. This trusted user authentication
can be used to verify a cardholder for payment, confirm a user’s identification to a
corporate server, attest to a user’s rights with a content server, and more.
Trusted Processing and Isolation: Application processing can be
isolated from software attacks by running in the TEE. Examples include processing a
payment, decrypting premium content, reviewing corporate data, and more.
Transaction Validation: Using the trusted UI, the TEE ensures
that the information displayed on-screen is accurate. This is useful for a variety of
functions, including payment validation or protection of a corporate document.
Usage of Secure Resources: By using the TEE APIs, application
developers can easily make use of the complex security functions made available by a
device’s hardware, instead of using less safe software functions. This includes hardware
cryptography accelerators, SEs, biometric equipment and the secure clock.
Certification: Trusted certification is best achieved through
standardization of the TEE, which in turn improves stakeholder confidence that the
security-dependent applications are running on a trusted platform.
It is useful to put the TEE in the context of the overall security infrastructure of a
mobile device. There are three environments which make up the framework. Each has a
Rich OS: An environment created for versatility and richness
where device applications, such as Android, Symbian OS, and Windows Phone for
example, are executed. It is open to third party download after the device is
manufactured. Security is a concern here but is secondary to other issues.
TEE: The TEE is a secure area of the main processor in a
smartphone (or any connected device) and ensures that sensitive data is stored,
processed and protected in an isolated, trusted environment. The TEE's ability to offer
isolated safe execution of authorized security software, known as 'trusted applications',
enables it to provide end-to-end security by enforcing protection, confidentiality,
integrity and data access rights. The TEE offers a level of protection against software
attacks, generated in the Rich OS environment. It assists in the control of access rights
and houses sensitive applications, which need to be isolated from the Rich OS. For
example, the TEE is the ideal environment for content providers offering a video for a
limited period of time that need to keep their premium content (e.g. HD video) secure so
that it cannot be shared for free.
SE:The SE is a secure component which comprises autonomous, tamper-resistant
hardware within which secure applications and their confidential cryptographic data (e.g.
key management) are stored and executed. It allows high levels of security, but limited
functionality, and can work in tandem with the TEE. The SE is used for hosting proximity
payment applications or official electronic signatures where the highest level of security
is required. The TEE can be used to filter access to applications stored directly on the SE
to act as a buffer for Malware attacks.
The Rich OS is therefore a rich environment that is vulnerable to both software and
physical attacks. The SE, on the other hand, is resilient to physical attacks but somewhat
constrained in execution processing capabilities. The TEE, however, serves as an ideal
balance between Rich OS performance and SE security, and a companion to both. The
security offered by the TEE, in general, is sufficient for most applications. Moreover, the
TEE provides a more powerful processing speed capability and greater accessible
memory space than an SE (these are, in fact, quite similar to that of a Rich OS).
TEE standardization is essential to avoid fragmentation. The proliferation of
proprietary TEE solutions would lead to the following:
Higher costs to develop or change applications/solutions when creating or adapting
to proprietary platforms
The need for very specialized skills
Extended time-to-market due to longer development times and potential integration
Standardization, by contrast, enables simplified and unified implementation and
improves interoperability between stakeholders. Furthermore, standardization allows a
large ecosystem to thrive and blossom, allowing for multiple business partners and,
because it ensures long-term stability and survivability, protects investment in a way
that proprietary solutions cannot. It also defines a basis for evaluating and comparing
different solutions. Lastly, standardization creates a foundation for a uniform
GlobalPlatform’s 120+ members recognize the need for standards to be developed in
parallel with the evolution of a new ecosystem. This mutual development will provide
greater certainty and lower the cost of progress for the industry by removing barriers
caused by a lack of interoperability.
With 17 years of experience in the mobile space and the expertise of a global
membership which represents the full ecosystem, GlobalPlatform’s work is leading the
market. GlobalPlatform Card Specifications are now embedded in more than 17.7 billion
SEs. Since the TEE Client API v1.0 was published in July 2010, GlobalPlatform has been
responsible for driving TEE standardization on behalf of the industry. Since that time,
the following specifications have been developed / delivered by GlobalPlatform:
TEE Client API Specification v1.0 – enables communication between applications
running in a Rich OS and trusted applications residing in the TEE.
TEE Internal Core API Specification v1.1.1 – enables trusted applications within a TEE
to perform the general operations of a security application, such as cryptography, secure
storage, communication and general tasks, such as timekeeping and memory
TEE Secure Element API Specification v1.1 – allows trusted applications to directly
communicate with a SE, rather than through a client application.
TEE Sockets API Specification v1.0 – is a suite of specifications that provide
standards to enables trusted applications to directly make use of internet protocol
interfaces, rather than send packets to a client application for internet transfer.
Trusted User Interface API Specification v1.0 – allows a trusted application to
securely display text and graphics, and ask the user to perform an action ranging from
navigation to entry of an associated PIN- or Password-backed ID.
TEE Systems Architecture v1.0 – explains the hardware and software architectures
behind the TEE.
TEE Internal API Specification v1.0 – specifies how to develop trusted applications.
TEE Protection Profile v1.2 – facilitates the Common Criteria evaluation of TEEs.
TEE TA Debug Specification v1.0.1 – enables the debugging of GlobalPlatform
TEE Compliance Profile - combines the functional testing of the TEE Client API and
the TEE internal core API.
Secure Element Remote Application Management v1.0.1 – defines a single
administration protocol to perform remote management of applications residing on any
type of SE.
Secure Element Access Control v1.1 – specifies how the access policy is stored in the
SE and how it can be accessed and applied by the device.
The GlobalPlatform Compliance
Program: To promote confidence within this advancing
ecosystem, GlobalPlatform has launched a TEE compliance program. This offers
assurances to application and software developers and hardware manufacturers that a
TEE product will perform in line with the GlobalPlatform specifications and as intended. It
also promotes market stability by providing a long-term, interoperable and industry
agreed framework that will evolve with technical requirements over time. Visit the GlobalPlatform Compliance
Program webpages for further information.
Here, Stephanie El Rhomri, Chair of the GlobalPlatform TEE Compliance Working
Group discusses the work for the group, the importance of compliance, the process for
stakeholders to validate their TEE products and the next steps for the program:
GlobalPlatform has also launched a TEE Certification Scheme
that evaluates the security level of a given TEE implementation. To drive this initiative,
GlobalPlatform has also launched a TEE Security Evaluation Secretariat to manage the
scheme. Under the scheme, providers of TEE products will be able to submit their
products to the new GlobalPlatform secretariat for independent evaluation of their
conformance to the organization's TEE Protection Profile.
Here, Gil Bernabeu,
Technical Director of GlobalPlatform, offers an introduction to the TEE Security
Certification Scheme and TEE Protection Profile, before explaining their benefits to the
industry and end users for the deployment of convenient and secure mobile services.
In the mid-term, GlobalPlatform is working to accelerate the deployment of certified
TEEs and to create an ecosystem where GlobalPlatform certification is a prerequisite
amongst service providers and handset manufacturers. This is a stepping stone on the
way to achieving full market adoption, with the long-term goal of the specifications
becoming a de facto standard for the industry.
Want more information? Check out our infographic, take a look at our YouTube channel GlobalPlatform TV and
download the latest free white papers: