The Untapped Potential of Trusted Execution Environments on Mobile Devices

  • N. Asokan
  • Jan-Erik Ekberg
  • Kari Kostiainen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7859)


A trusted execution environment (TEE) is a secure, integrity-protected processing environment, consisting of processing, memory and storage capabilities. It is isolated from the “normal” processing environment, sometimes called the rich execution environment (REE), where the device operating system and applications run. TEEs can make it possible to build REE applications and services with better security and usability by partitioning them so that sensitive operations are restricted to the TEE and sensitive data, like cryptographic keys, never leave the TEE. In our daily lives, we encounter more and more services that use dedicated hardware tokens to improve their security: one-time code tokens for two-factor authentication, wireless tokens for opening doors in buildings or cars, tickets for public transport, and so on. Mobile devices equipped with TEEs have the potential for replacing these many tokens thereby improving the usability for users while also reducing the cost for the service providers without hampering security.


  1. 1.
    3GPP: 3GPP TS 42.009 Security Aspects. 3GPP (March 2001),
  2. 2.
    ARM: Building a Secure System using TrustZone©Technology. ARM Security Technology (April 2009),
  3. 3.
    Ekberg, J.E.: Securing Software Architectures for Trusted Processor Environments. Doctoral dissertation, Aalto University (May 2013)Google Scholar
  4. 4.
    Kostiainen, K.: On-board Credentials: An Open Credential Platform for Mobile Devices. Doctoral dissertation, Aalto University (May 2012)Google Scholar
  5. 5.
    Kostiainen, K., Ekberg, J.E., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: Proceedings of ACM Symposium on Information, Computer and Communications Security, ASIACCS (2009)Google Scholar
  6. 6.
    Kostiainen, K., Reshetova, E., Ekberg, J.E., Asokan, N.: Old, new, borrowed, blue – a perspective on the evolution of mobile platform security architectures. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy (CODASPY) (February 2011)Google Scholar
  7. 7.
    Srage, J., Azema, J.: M-Shield mobile security technology, TI White paper (2005),

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • N. Asokan
    • 1
  • Jan-Erik Ekberg
    • 2
  • Kari Kostiainen
    • 3
  1. 1.University of HelsinkiFinland
  2. 2.Nokia Research CenterFinland
  3. 3.ETH ZurichSwitzerland

Personalised recommendations