Abstract
Trusted execution environments are secure areas of central processors or devices that execute code with higher security than the rest of the device. Security is provided by encrypted memory regions called enclaves. Because the environment is isolated from the rest of the device, it is not affected by infection or compromise of the device. Trusted execution environments have applications for different usages, such as mobile phones, cloud data processing, or cryptocurrencies. Furthermore, since Trusted execution environments are part of a standard chipset, this inexpensive technology can be leveraged across many devices, resulting in increased security, especially in the mobile sector and IoT products.
You have full access to this open access chapter, Download chapter PDF
1 Introduction
Trusted Execution Environments (TEEs) are secure areas of central processors or devices that execute code with higher security than the rest of the device. They provide confidentiality and integrity for sensitive data in all its states. TEEs are similar to hardware security modules but are a component of the typical chipset rather than a separate dedicated device. Moreover, TEEs aim to provide verifiable launch, run-time isolation, trusted input/output, and secure storage for TEE data. TEEs are widely used in mobile phones, cloud computing environments, and other embedded hardware platforms. Using TEEs in cloud environments enables companies to securely migrate sensitive data to the cloud. The regulation of TEEs will play an essential role in driving companies to adopt cloud computing, especially in highly regulated industries such as healthcare and banking.
2 Analysis
Trusted execution environments (TEEs) ensure the confidentiality and integrity of highly sensitive data in all its states (i.e., at rest, in transit, and use). Using TEE on-premises, in the cloud, or within embedded hardware platforms is possible. For example, smartphones and Internet of Things (IoT) devices used in automotive and healthcare applications often incorporate TEEs [1].
2.1 Definition
TEEs are areas on a central processor or device that execute code with higher levels of security than the rest of the device. Security is provided by encrypted memory regions called enclaves. Because the environment is isolated from the rest of the device, it is not affected by infection or compromise of the device. The code or applications that run on the TEE are referred to as trusted applications (TAs) [2] (see Fig. 18.1).
Depiction of a TEE compared with a “normal” environment. The root of Trust and Remote Attestation is used to authenticate the device and the executed applications. The Trusted Application Manager is used to install applications, which can then be consumed in the TEE
In principle, TEEs are similar to hardware security modules (HSMs), which are dedicated devices that allow the creation of keys protected by hardware and perform everyday cryptographic operations such as encryption, decryption, and signing. It is a separate module that is connected to the main CPU and motherboard via a PCI bus or a network [3] (see HSM in Chap. 16). On the other hand, the TEE is a component of the typical chipset and does not require any additional hardware.
TEEs often vary in terms of their exact security goals. However, most of them aim to provide four high-level security protections. The first one is the verifiable launch of the execution environment for the sensitive code and data so that a remote entity can assure that it was set up correctly. The second is the run-time isolation to protect the confidentiality and integrity of sensitive code and data. The third is the trusted IO to enable secure access to peripherals and accelerators. The fourth one is the secure storage for TEE data that must be stored persistently and made available only to authorized entities at a later time [4].
2.2 Trends
2.2.1 Application on Mobile Phones
The mobile phone is capable of downloading and using a wide variety of applications. As a result of this increased complexity of code bases running on mobile operating systems, vulnerabilities and compromises are more likely to be exploited. Malicious code from one application can access information from another application and leak the information. Using TEEs, application space can be separated from each other, and sensitive applications can be restricted to running within the TEE. Data that requires high levels of security can be designated to be stored and processed exclusively within the TEE and nowhere else [1]. In most modern smartphones and tablets, the ARM TrustZone implements a TEE [5].
2.2.2 Security in Cloud Data Processing
The use of hardware-based TEEs within cloud environments is referred to as “confidential computing” by various vendors, including AMD, Intel, and ARM, and on various platforms, including Microsoft Azure or Internet of Things applications [2, 6]. TEEs have historically stored small amounts of data, such as passwords or encryption keys. Nowadays, they are available on a larger scale in cloud environments and can therefore be offered as part of secure database services that allow data only to be decrypted in the TEE of the respective servers. In other words, the data is encrypted both in transit and at rest. Even though it is not encrypted during use, it is still protected since it can only be used within the isolated enclave [7]. Using TEEs in cloud environments enables companies to migrate highly sensitive data to the cloud. According to an exploratory study [8], understanding the regulatory impact of TEEs is essential in driving companies’ cloud adoption, especially in industries such as healthcare, life sciences, and banking that are more conservative and slow to adapt.
2.2.3 Data Protection Laws
Today’s computer and mobile systems are becoming increasingly complex, hosting a variety of untrusted software components, such as multiple applications interacting with user data on a single smartphone or multiple tenants sharing a single cloud platform [4]. Thus, systems must protect sensitive data from unauthorized access over networks and physical attacks. In addition to storing encryption keys [9], TEE is capable of isolating private data, such as contacts, messages, photos, or sensitive data, such as credentials, passwords, or medical information. In the event of a loss, theft, or malware infection, data is not exposed [10].
2.2.4 Cryptocurrency Usage
TEEs are used to protect cryptocurrency wallets. One example is the ARM TrustZone-based Secure Blockchain Lightweight Wallet (SBLWT) [11]. In SBLWT, the private key associated with the digital assets is isolated. By using this method, retail investors can replace the common practice of backing up private keys on paper or insecurely storing them in the cloud [12].
2.2.5 Demand
Currently, hardware tokens are used in many aspects of our lives, including one-time tokens for multi-factor authentication and tokens for opening cars or buildings. In the future, TEEs in our mobile phones may replace these, improving the user experience and reducing the costs for service providers [1]. With the many possible applications of TEEs in mobile phones, it can be inferred that demand for such devices will increase. As of 2021, almost 15 billion mobile devices were operating worldwide. The previous year, just over 14 billion mobile devices were operating worldwide. By 2025, the number of mobile devices is expected to reach 18 billion. The demand for TEE systems is likely to increase as these devices become increasingly available and related apps become increasingly popular on a global scale [13].
2.2.6 Actors
There are many key players in the global TEE market, including IBM Corporation, Intel Corporation, Fortanix, Inc., Alibaba Group Holdings, Microsoft Corporation, Advanced Micro Devices, Inc., and Edgeless Systems GmbH. Securosys SA, CYSEC SA, Legic Identsystems SA, and Fortinet Switzerland GmbH are the market leaders in the Swiss market.
2.2.7 Research
The Secure & Trustworthy Systems Group at ETH Zurich has released an Open Framework for Architecting Trusted Execution Environments as a reference for creating large systems [14, 15]. On the other hand, Zurich University of Applied Sciences (ZHAW) is focused on developing privacy-preserving applications of TEE [16].
The Linux Foundation’s Confidential Computing Consortium is a community dedicated to defining and accelerating the adoption of confidential computing [17]. TEE Committee members are members of GlobalPlatform [18]. The project aims to define an open security architecture for consumers and connected devices using a TEE and to enable the development and deployment of services by multiple service providers. In particular, they address API specifications and security evaluation frameworks [19].
3 Consequences for Switzerland
Swiss providers have established themselves internationally due to the country’s stability and availability of skilled labor. Many TEE providers have branch offices here, and Swiss providers have established themselves in other countries. Examples include Securosys SA, Global Platform Services GmbH, and CYSEC SA.
3.1 Maturity
As noted above, most mobile phones are equipped with TEE functionality [1]. Furthermore, TEE has achieved a high level of maturity due to the almost 15 billion mobile phones in circulation [13].
3.1.1 Recommendations and Options
-
Open-source hardware security
Hardware vulnerabilities are a real threat, which has been exploited most recently in 2018, when it was revealed that a wide range of attacks might be possible, including Foreshadow, Spectre, and Meltdown. As these vulnerabilities affected closed-source hardware, open-source projects aim to close these vulnerabilities by making their code base available to a variety of specialists [20,21,22].
-
Potential security and/or trust issues
Cerdeira et al. [23] studied the vulnerabilities and limitations affecting existing TrustZone-assisted TEE systems. They found three different categories of issues:
-
Critical implementation bugs
There are continuous bugs found in trusted applications as well as trusted OS.
-
Architectural deficiencies
TEEs have large attack surfaces due to the lack of standard protection mechanisms generally found in modern OSes.
-
Overlooked hardware properties
In most TrustZone systems, there are overlooked properties on the architectural and microarchitectural levels that can be exploited and/or used to exfiltrate sensitive data.
-
-
Lack of standards
The development of TEE has been siloed by a small number of companies, which has led to the need for well-established standards. Unfortunately, this resulted in proprietary designs (SGX, SEV, TrustZone) with interoperability issues. However, a few research groups are committed to developing industry standards (see research section above).
4 Conclusion
With TEE, sensitive data is protected in an isolated enclave, and other applications are prevented from accessing the reserved memory enclave. Furthermore, since TEEs are part of a standard chipset, this inexpensive technology can be leveraged across many devices, resulting in increased security, especially in the mobile sector and IoT products.
References
Jan-Erik Ekberg, Kari Kostiainen, and N. Asokan. The Untapped Potential of Trusted Execution Environments on Mobile Devices. IEEE Security & Privacy, 12(4):29–37, July 2014.
Victor Costan and Srinivas Devadas. Intel SGX Explained. https://eprint.iacr.org/2016/086, 2016. Published: Cryptology ePrint Archive, Paper 2016/086.
A. M. Parker. HSMs and Key Management: Effective Key Security. https://www.cryptomathic.com/news-events/blog/hsms-and-key-management-effective-key-security, August 2022.
Moritz Schneider, Ramya Jayaram Masti, Shweta Shinde, Srdjan Capkun, and Ronald Perez. SoK: Hardware-supported Trusted Execution Environments. 2022. Publisher: arXiv Version Number: 1.
ARM. ARM Security Technology Building a Secure System using TrustZone Technology. https://developer.arm.com/documentation/PRD29-GENC-009492/c/?lang=en, April 2009.
Christian Priebe. Protecting applications using trusted execution environments. April 2020. Publisher: Imperial College London.
Arseny Kurnikov. Trusted Execution Environments in Cloud Computing. Doctoral thesis, School of Science, 2021. ISBN: 978-952-64-0619-0 (electronic), 978-952-64-0618-3 (printed) ISSN: 1799-4942 (electronic), 1799-4934 (printed), 1799-4934 (ISSN-L) Series: Aalto University publication series DOCTORAL DISSERTATIONS; 171/2021.
Tim Geppert, Jan Anderegg, Leoncio Frei, Simon Moeller, Stefan Deml, David Sturzenegger, and Nico Ebert. Overcoming Cloud Concerns with Trusted Execution Environments? Exploring the Organizational Perception of a Novel Security Technology in Regulated Swiss Companies. 2022.
Kalmer Keerup, Dan Bogdanov, Baldur Kubo, and Per Gunnar Auran. Privacy-Preserving Analytics, Processing and Data Management. In Caj Södergård, Tomas Mildorf, Ephrem Habyarimana, Arne J. Berre, Jose A. Fernandes, and Christian Zinke-Wehlmann, editors, Big Data in Bioeconomy, pages 157–168. Springer International Publishing, Cham, 2021.
GlobalPlatform. The Trusted Execution Environment: Delivering Enhanced Security at a Lower Cost to the Mobile Market. https://globalplatform.org/wp-content/uploads/2018/04/GlobalPlatform_TEE_Whitepaper_2015.pdf, 2015.
Weiqi Dai, Jun Deng, Qinyuan Wang, Changze Cui, Deqing Zou, and Hai Jin. SBLWT: A Secure Blockchain Lightweight Wallet Based on Trustzone. IEEE Access, 6:40638–40648, 2018.
Karanjai Rabimba, Shi Weidong, Xu Lei, Chen Lin, Zhang Fengwei, and Gao Zhimin. Lessons Learned from Blockchain Applications of Trusted Execution Environments and Implications for Future Research. In Workshop on Hardware and Architectural Support for Security and Privacy, pages 1–8, Virtual CT USA, October 2021. ACM.
S. O’Dea. Forecast number of mobile devices worldwide from 2020 to 2025 (in billions)*. Technical report, Statista, September 2021.
ETH Zurich. Research. https://sectrs.ethz.ch/research.html, August 2022.
Dayeol Lee, David Kohlbrenner, Shweta Shinde, Krste Asanović, and Dawn Song. Keystone: an open framework for architecting trusted execution environments. In Proceedings of the Fifteenth European Conference on Computer Systems, pages 1–16, Heraklion Greece, April 2020. ACM.
ZHAW. Privacy-preserving confidential computing with trusted execution environments. https://www.zhaw.ch/en/research/research-database/project-detailview/projektid/3698/, August 2022.
The Linux Foundation\(\mbox{\textregistered }\). What is the Confidential Computing Consortium? https://confidentialcomputing.io/, August 2022.
GlobalPlatform, Inc. GlobalPlatform, Inc. https://globalplatform.org/.
GlobalPlatform. Trusted Execution Environment (TEE) Committee. https://globalplatform.org/technical-committees/trusted-execution-environment-tee-committee/.
Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In 27th USENIX Security Symposium (USENIX Security 18), pages 991–1008, Baltimore, MD, August 2018. USENIX Association.
Paul Kocher, Jann Horn, Anders Fogh, and Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P’19), 2019.
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. Meltdown: Reading Kernel Memory from User Space. In 27th USENIX Security Symposium (USENIX Security 18), 2018.
David Cerdeira, Nuno Santos, Pedro Fonseca, and Sandro Pinto. Sok: Understanding the prevailing security vulnerabilities in trustzone-assisted tee systems. In 2020 IEEE Symposium on Security and Privacy (SP), pages 1416–1432, 2020.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2023 The Author(s)
About this chapter
Cite this chapter
Sommerhalder, M. (2023). Trusted Execution Environment. In: Mulder, V., Mermoud, A., Lenders, V., Tellenbach, B. (eds) Trends in Data Protection and Encryption Technologies . Springer, Cham. https://doi.org/10.1007/978-3-031-33386-6_18
Download citation
DOI: https://doi.org/10.1007/978-3-031-33386-6_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-33385-9
Online ISBN: 978-3-031-33386-6
eBook Packages: Computer ScienceComputer Science (R0)