Skip to main content
SpringerLink
Log in
Book cover

Smart Cards, Tokens, Security and Applications pp 497–519Cite as

Trusted Execution Environment and Host Card Emulation

  • Chapter
  • First Online:

  • 2051 Accesses

Abstract

Over the years, mobile devices have become increasingly sophisticated in terms of their features and the use cases they operate. This rise in sophistication poses a major security threat because it increases the attack surface of mobile devices. Consequently, the challenge from a security point of view is to offer security assurances for applications and services hosted on these devices. In this regard, a Trusted Execution Environment (TEE) as a technology provides an execution and storage platform on the device, which is isolated from the rest of the operating system and other applications, and is intended to be trustworthy. This provides security assurances in terms of the confidentiality and integrity for applications and their related data, running on the TEE. In this chapter, we explore what constitutes a TEE and the various security features a TEE is expected to provide. We also highlight standardisation efforts relating to TEEs. Example implementations of TEEs are contrasted along with Host Card Emulation (HCE) used in Near-Field Communication (NFC). NFC card emulation has traditionally relied on a TEE in the form of tamper-resistant Secure Element (SE) chip, whereas HCE allows an application on the host CPU of the mobile device to emulate a smart card. HCE introduces new security risks and this chapter considers how these can be managed to an acceptable level.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    August 2016.

  2. 2.

    APDU is a unit of communication between a smart card and a reader.

  3. 3.

    A startup in the USA, https://www.simplytapp.com/.

  4. 4.

    Battery low in this context means the device’s battery is too low to power on the OS and UI for regular usage. And “battery off” means the battery is either not present, or it has no residual power to even support the NFC controller.

  5. 5.

    EMVCo, made up of six members: American Express, Discover, JCB, MasterCard, UnionPay, and Visa, facilitates worldwide interoperability and acceptance of secure payment transactions.

  6. 6.

    August 2016.

References

  1. Amit Vasudevan, Emmanuel Owusu, Zongwei Zhou, James Newsome, and Jonathan M. McCune. Trust and Trustworthy Computing: 5th International Conference, TRUST 2012, Vienna, Austria, June 13-15, 2012. Proceedings, chapter Trustworthy Execution on Mobile Devices: What Security Properties Can My Mobile Platform Give Me?, pages 159–178. Springer Berlin Heidelberg, Berlin, Heidelberg, 2012. Cited 06 Jan 2016.

    Google Scholar 

  2. EMV Payment Tokenisation Specification. Standard, 2014. Cited 15 Jan 2016.

    Google Scholar 

  3. ARM Limited. ARM Security Technology Building a Secure System using TrustZone Technology, April 2009. http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf. Cited 08 Feb 2016.

  4. Trusted Computing Group. TCG Specification TPM 2.0 Mobile Reference Architecture, December 2014. http://www.trustedcomputinggroup.org/wp-content/uploads/TPM-2-0-Mobile-Reference-Architecture-v2-r142-Specification_FINAL2.pdf. Cited 17 Feb 2016.

  5. Trusted Computing Group. TCG Specification TPM 2.0 Mobile Common Profile, December 2015. http://www.trustedcomputinggroup.org/wp-content/uploads/TPM_2.0_Mobile_Common_Profile_v2r31.pdf. Cited 19 Feb 2016.

  6. Trusted Computing Group. TCG Specification TPM 2.0 Mobile Command Response Buffer Interface, December 2014. http://www.trustedcomputinggroup.org/wp-content/uploads/Mobile-Command-Response-Buffer-Interface-v2-r12-Specification_FINAL2.pdf. Cited 19 Feb 2016.

  7. Unified Extensible Firmware Interface Forum. Unified Extensible Firmware Interface Specification–version 2.6, January 2016. http://www.uefi.org/sites/default/files/resources/UEFIUEFI%20Spec%202_6.pdf. Cited 02 Jan 2016.

  8. GlobalPlatform. GlobalPlatform Device Technology, TEE System Architecture v1.0, December 2011. Cited 06 Mar 2016.

    Google Scholar 

  9. GlobalPlatform. GlobalPlatform Device Technology, TEE Client API Specification v1.0, July 2010. Cited 06 Mar 2016.

    Google Scholar 

  10. GlobalPlatform. GlobalPlatform Device Technology, TEE Internal API Specification, December 2011. Cited 10 Mar 2016.

    Google Scholar 

  11. GlobalPlatform. GlobalPlatform Device Technology, Trusted User Interface API Specification v1.0, June 2013. Cited 12 Mar 2016.

    Google Scholar 

  12. Intel Corporation. Intel Software Guard Extensions Programming Reference, October 2014. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf. Cited 18 Mar 2016.

  13. Smart Card Alliance. Host Card Emulation (HCE) 101. Technical report, Smart Card Alliance, Mobile and NFC Council, August 2014. Cited 20 Mar 2016.

    Google Scholar 

  14. Doug Yeager. Added NFC Reader support for two new tag types: ISO PCD type A and ISO PCD type B, 2012. https://github.com/CyanogenMod/android_packages_apps_Nfc. Cited 06 Apr 2016.

  15. Assad Umar, Keith Mayes, and Konstantinos Markantonakis. Performance variation in host-based card emulation compared to a hardware security element. In First Conference on Mobile and Secure Services (MOBISECSERV), pages 1–6, 2015. Cited 11 Apr 2016.

    Google Scholar 

  16. Stanley Chow, Phil Eisen, Harold Johnson, and Paul C. van Oorschot. Digital Rights Management: ACM CCS-9 Workshop, DRM 2002, Washington, DC, USA, November 18, 2002. Revised Papers, chapter A White-Box DES Implementation for DRM Applications, pages 1–15. Springer Berlin Heidelberg, Berlin, Heidelberg, 2003. Cited 16 Apr 2016.

    Google Scholar 

  17. Brecht Wyseur. White-box cryptography: Hiding keys in software. Technical report, NAGRA Kudelski Group, Switzerland, 2012. Cited 06 Apr 2016.

    Google Scholar 

  18. Android Developer Guide. Service. https://developer.android.com/reference/android/app/Service.html#WhatIsAService. Cited 16 Apr 2016.

  19. Identification cards – Integrated circuit cards – Part 4: Organization, security and commands for interchange. Standard, International Organization for Standardization, Geneva, CH, 2013. Cited 06 Jun 2016.

    Google Scholar 

  20. Android Developer Guide. Host-based card emulation. https://developer.android.com/guide/topics/connectivity/nfc/hce.html. 16 Apr 2016

Download references

Author information

Authors and Affiliations

  1. Smart Card Centre, Information Security Group, Royal Holloway, University of London, Egham, UK

    Assad Umar

  2. Director of the Information Security Group, Head of the School of Mathematics and Information Security, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, UK

    Keith Mayes

Authors
  1. Assad Umar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Keith Mayes
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Assad Umar .

Editor information

Editors and Affiliations

  1. Director of the Information Security Group, Head of the School of Mathematics and Information Security, Royal Holloway, University of London, Egham, Surrey, United Kingdom

    Keith Mayes

  2. Smart Card Centre, Information Security Group, Royal Holloway, University of London, Egham, Surrey, United Kingdom

    Konstantinos Markantonakis

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Cite this chapter

Umar, A., Mayes, K. (2017). Trusted Execution Environment and Host Card Emulation. In: Mayes, K., Markantonakis, K. (eds) Smart Cards, Tokens, Security and Applications. Springer, Cham. https://doi.org/10.1007/978-3-319-50500-8_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-50500-8_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-50498-8

  • Online ISBN: 978-3-319-50500-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation