Abstract
Over the years, mobile devices have become increasingly sophisticated in terms of their features and the use cases they operate. This rise in sophistication poses a major security threat because it increases the attack surface of mobile devices. Consequently, the challenge from a security point of view is to offer security assurances for applications and services hosted on these devices. In this regard, a Trusted Execution Environment (TEE) as a technology provides an execution and storage platform on the device, which is isolated from the rest of the operating system and other applications, and is intended to be trustworthy. This provides security assurances in terms of the confidentiality and integrity for applications and their related data, running on the TEE. In this chapter, we explore what constitutes a TEE and the various security features a TEE is expected to provide. We also highlight standardisation efforts relating to TEEs. Example implementations of TEEs are contrasted along with Host Card Emulation (HCE) used in Near-Field Communication (NFC). NFC card emulation has traditionally relied on a TEE in the form of tamper-resistant Secure Element (SE) chip, whereas HCE allows an application on the host CPU of the mobile device to emulate a smart card. HCE introduces new security risks and this chapter considers how these can be managed to an acceptable level.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
August 2016.
- 2.
APDU is a unit of communication between a smart card and a reader.
- 3.
A startup in the USA, https://www.simplytapp.com/.
- 4.
Battery low in this context means the device’s battery is too low to power on the OS and UI for regular usage. And “battery off” means the battery is either not present, or it has no residual power to even support the NFC controller.
- 5.
EMVCo, made up of six members: American Express, Discover, JCB, MasterCard, UnionPay, and Visa, facilitates worldwide interoperability and acceptance of secure payment transactions.
- 6.
August 2016.
References
Amit Vasudevan, Emmanuel Owusu, Zongwei Zhou, James Newsome, and Jonathan M. McCune. Trust and Trustworthy Computing: 5th International Conference, TRUST 2012, Vienna, Austria, June 13-15, 2012. Proceedings, chapter Trustworthy Execution on Mobile Devices: What Security Properties Can My Mobile Platform Give Me?, pages 159–178. Springer Berlin Heidelberg, Berlin, Heidelberg, 2012. Cited 06 Jan 2016.
EMV Payment Tokenisation Specification. Standard, 2014. Cited 15 Jan 2016.
ARM Limited. ARM Security Technology Building a Secure System using TrustZone Technology, April 2009. http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf. Cited 08 Feb 2016.
Trusted Computing Group. TCG Specification TPM 2.0 Mobile Reference Architecture, December 2014. http://www.trustedcomputinggroup.org/wp-content/uploads/TPM-2-0-Mobile-Reference-Architecture-v2-r142-Specification_FINAL2.pdf. Cited 17 Feb 2016.
Trusted Computing Group. TCG Specification TPM 2.0 Mobile Common Profile, December 2015. http://www.trustedcomputinggroup.org/wp-content/uploads/TPM_2.0_Mobile_Common_Profile_v2r31.pdf. Cited 19 Feb 2016.
Trusted Computing Group. TCG Specification TPM 2.0 Mobile Command Response Buffer Interface, December 2014. http://www.trustedcomputinggroup.org/wp-content/uploads/Mobile-Command-Response-Buffer-Interface-v2-r12-Specification_FINAL2.pdf. Cited 19 Feb 2016.
Unified Extensible Firmware Interface Forum. Unified Extensible Firmware Interface Specification–version 2.6, January 2016. http://www.uefi.org/sites/default/files/resources/UEFIUEFI%20Spec%202_6.pdf. Cited 02 Jan 2016.
GlobalPlatform. GlobalPlatform Device Technology, TEE System Architecture v1.0, December 2011. Cited 06 Mar 2016.
GlobalPlatform. GlobalPlatform Device Technology, TEE Client API Specification v1.0, July 2010. Cited 06 Mar 2016.
GlobalPlatform. GlobalPlatform Device Technology, TEE Internal API Specification, December 2011. Cited 10 Mar 2016.
GlobalPlatform. GlobalPlatform Device Technology, Trusted User Interface API Specification v1.0, June 2013. Cited 12 Mar 2016.
Intel Corporation. Intel Software Guard Extensions Programming Reference, October 2014. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf. Cited 18 Mar 2016.
Smart Card Alliance. Host Card Emulation (HCE) 101. Technical report, Smart Card Alliance, Mobile and NFC Council, August 2014. Cited 20 Mar 2016.
Doug Yeager. Added NFC Reader support for two new tag types: ISO PCD type A and ISO PCD type B, 2012. https://github.com/CyanogenMod/android_packages_apps_Nfc. Cited 06 Apr 2016.
Assad Umar, Keith Mayes, and Konstantinos Markantonakis. Performance variation in host-based card emulation compared to a hardware security element. In First Conference on Mobile and Secure Services (MOBISECSERV), pages 1–6, 2015. Cited 11 Apr 2016.
Stanley Chow, Phil Eisen, Harold Johnson, and Paul C. van Oorschot. Digital Rights Management: ACM CCS-9 Workshop, DRM 2002, Washington, DC, USA, November 18, 2002. Revised Papers, chapter A White-Box DES Implementation for DRM Applications, pages 1–15. Springer Berlin Heidelberg, Berlin, Heidelberg, 2003. Cited 16 Apr 2016.
Brecht Wyseur. White-box cryptography: Hiding keys in software. Technical report, NAGRA Kudelski Group, Switzerland, 2012. Cited 06 Apr 2016.
Android Developer Guide. Service. https://developer.android.com/reference/android/app/Service.html#WhatIsAService. Cited 16 Apr 2016.
Identification cards – Integrated circuit cards – Part 4: Organization, security and commands for interchange. Standard, International Organization for Standardization, Geneva, CH, 2013. Cited 06 Jun 2016.
Android Developer Guide. Host-based card emulation. https://developer.android.com/guide/topics/connectivity/nfc/hce.html. 16 Apr 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Umar, A., Mayes, K. (2017). Trusted Execution Environment and Host Card Emulation. In: Mayes, K., Markantonakis, K. (eds) Smart Cards, Tokens, Security and Applications. Springer, Cham. https://doi.org/10.1007/978-3-319-50500-8_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-50500-8_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-50498-8
Online ISBN: 978-3-319-50500-8
eBook Packages: Computer ScienceComputer Science (R0)