Blog

TEE development with no hardware - is that possible?


Joakim Bech, Tech Lead for the Security Working Group at Linaro




It is a well-known fact that it has been hard to get started with TEE development for a couple of reasons. For example, it has been hard to get access to the software because in the past TEE software has typically been proprietary and therefore kept within the company or under a non-disclosure agreement. On the hardware side it hasn’t been much better, and even today it is still hard to find hardware readily available for TEE development, at least if you intend to make a completely secure product. So wouldn’t it be great if we could emulate it all on a local desktop? The question is whether you actually need hardware for TEE development. As it turns out, QEMU, the machine emulator that can emulate a multitude of CPUs, officially received TrustZone support at the beginning of this year and QEMU currently supports TrustZone on both ARMv7-A and ARMv8-A architecture. But just the support in QEMU isn’t enough: you will still need the software for the TEE.


Read More



Ensuring TEE security: common automated security testing


Christian DAMOUR, Head of Marketing – Security at FIME and Chair of the TEE Attack Expert Working Group




TStandardized security certification of trusted execution environment (TEE) products is a big step forward. Accredited labs can already perform thorough security evaluations and the process is set to be even quicker, as part of the security review is set to be automated.


Which Security tests are being automated?

Why Automate?


Read More



New extensions to GlobalPlatform’s TEE advance video security


By Petr Peterka, CTO, Verimatrix




The TEE (trusted execution environment) was first conceived as a way of protecting valuable data assets in all categories during transmission, but since then video has become ever more predominant across both fixed and mobile IP networks. The internet as a whole has become a major transport medium even for premium video content, raising new security threats, especially illicit content redistribution.


As a result the TEE has gained a lot of traction within the broadcasting and pay-TV community, providing insulation for key security assets as well as unencrypted content itself. The TEE’s development in turn is being shaped ever more by the changing nature of the threat landscape in pay TV. One factor changing that landscape has been the emergence of ultra HD (UHD) services, raising the stakes further by making content more valuable, and with ever increasing bandwidth, also easier to pirate.


Read More



Enhancing FIDO Solutions with TEE technology


Alexander Summerer, Technology Consultant, Mobile Security, G&D




FIDO is a new authentication scheme which offers the potential to revolutionize the user authentication in various networks towards online services. Today’s online authentication is a mess because most of the websites require a username and password from the user to grant access. Given the fact that a single user has today typically dozens of user accounts and uses these on a daily basis the user experience is heavily suffering. On the other hand online services are getting frequently hacked and passwords are getting compromised which is a major security concern.


However, the new FIDO scheme allows implementing online authentication securely and in a convenient way by introducing new user verification schemes like biometric verification e.g. the fingerprint of the end-user. Additionally, FIDO provides strong authentication by introducing two-factor authentication with tokens, cards or with the TEE. Since FIDO is standardized by the FIDO Alliance it can be easily integrated into online services and FIDO components from different vendors.


Read More



Attestation and TEE: Cybersecurity controls with privacy for cloud access


By Andy Ramsden, Product Marketing Director – Trustonic




The world of mobile payments is not unlike the political situation we are currently seeing in several high profile parts of the world. Three or more forces grappling over the same territory, sometimes working together and at other times pulling in totally different directions.


Consumers typically have strong relationships with their bank, their carrier and possibly also their smartphonevendor, all of whom are vying to sell their own brand of mobile wallet. However, consumers usually wish to pay with their preferred card from their preferred bank and don’t necessarily want multiple wallets cluttering their phone’s home screen.


Read More



Attestation and TEE: Cybersecurity controls with privacy for cloud access


By Steven Sprague, CEO – Rivetz Corp.




Mobile and Internet of Things are more than marketing terms, they represent a new model of network architecture: an architecture which is based on the identity of the device and its capabilities to create and consume secure information. Identity of the device is a start but will not be enough to assure the quality of the information.


Trusted Execution in modern processors provides for the isolated execution of code that can be measured and assured to provide a level of confidence in the data produced or consumed.


Read More



Ensuring TEE integrity: trusted application validation


By Christian DAMOUR, Head of Marketing – Security at FIME and Chair of the TEE Attack Expert Working Group


Standardized security certification of trusted execution environment (TEE) products is a big step forward, but is only half of the security story. We also need confirmation that trusted applications (TAs) running on top of a certified TEE can indeed be trusted. Here, a formal scheme is still lacking when the TEE is certified according to GlobalPlatform’s scheme for TEE security.


We are dealing with two types of TAs: security enforcing and non-security enforcing. Each requires the industry to take a different approach. This topic will be discussed in greater detail during my presentation at the TEE conference.


Read More



The wait is over. It’s TEE time.


By Jon Geater, CTO at Trustonic




We're now counting down to the 3rd annual TEE seminar and things are looking very promising for those of us wanting Trust-Enhanced Applications on our mobile devices.


The first seminar was all about the design of the technology: what is it? How do we build it? What standards should we use?


Read More



Utilizing multi-TEE trusted application management for securing the IoT


By Chris Edwards, CTO of Intercede




It’s clear that mobile and IoT devices need to be protected from scalable software attacks.  Vendors and OEMs have responded to these growing threats by building in hardware security features that can provide the basis for integrity and confidentiality in systems.  However it has been challenging for service providers to access and make use of this hardware-based security to deliver and protect valuable services due to device fragmentation.


With smart phones becoming ubiquitous, they are the natural choice of client platform from which to perform identity, credential and trust relationship management for IoT entities. The risks posed by phone theft, loss or damage must be taken into consideration though, so it is vital that the full lifecycle of the devices themselves and the smartphones and credentials used to manage and protect them are fully considered.


Read More



Leveraging a TEE for Enhanced Software-Based Revenue Security


By Petr Peterka, CTO, Verimatrix




Ensuring revenue security can be quite a complex undertaking for global pay-TV operators. However, leveraging a variety of hardware security methods – including the use of a Trusted Execution Environment (TEE) – can support the fundamental requirements of any security strategy: durability and renewability.


Durability is the ability to control access or visibility into intellectual property or sensitive information such as cryptographic keys or security algorithms. The TEE allows for this durability as well as the ability for powerful and sophisticated security techniques to be performed on a capable and flexible processor.


Read More



GlobalPlatform TEE Blog: Getting Serious About Mobile Security


By Stephanie El Rhomri, NFC & Payment Vendors Business Line Manager at FIME and Chair of the GlobalPlatform Device Compliance Program Work Group




Although mobile handsets today host multiple applications, many of these are non-sensitive; the personal or financial impact of any corruption to an individual would be minimal. As the mobile services marketplace starts to witness the deployment of an increasing amount of 'secure' applications - such as identity, mobile wallets or corporate applications that operate and are executed within the device - the consequences of a malicious party hacking an individual's smartphone to source personal or corporate data could be serious.


Simple OS updates of one component do not provide sufficient security to protect these applications. Instead, a clearly defined and universally agreed 'root of trust' is needed. A 'root of trust' is created when a set of functions are trusted by all parties engaged in the delivery of the mobile service to maintain the integrity of the service and privacy of the consumer's data. The TEE is fundamental within the root of trust, as we will see in many of the presentations delivered at GlobalPlatform's TEE conference.


Read More



Smart Cards, TEEs and Derived Credentials


By Francisco Corella, Pomcor




Smart cards and mobile devices can both be used to carry cryptographic credentials. Smart cards are time-tested vehicles, which provide the benefits of low cost and widely deployed infrastructures. Mobile devices, on the other hand, are emerging vehicles that promise new benefits such as built-in network connections, a built-in user interface, and the rich functionality provided by mobile apps.


Read More



Building modern E-commerce with Bitcoin and TEE


By Steven Sprague, CEO, Rivetz.




The world continues to have major challenges to provide a simple and safe environment for consumers to shop. Over the last 20 years, since the early days of online commerce, we have only seen evolutionary changes from the mail order catalogue orders. Confirmed shipping address and voyeurism of all our shopping habits are not keeping up with the level of fraud and types of products that are now part of our everyday online shopping environment. Many people view e-commerce as simply better authentication, but more is required.


Anyone who has been to lunch in Paris is familiar with the payment terminal being presented at the table for the user to pay with their smart card. That terminal is more than just a smart card reader with a printer. It is part of the EMV security and assurance system with secure display and secure pin entry that cannot be compromised. The terminal equipment has provided a secure point of sale experience for millions of lunches but the terminal is not present for e-commerce. Even with a fancy EMV card the user has to type in their credit card into the web page with all the associated risks and costs.


Read More



Why You Should Attend GlobalPlatform's Dedicated TEE Conference


By Kevin Gillick, Executive Director, GlobalPlatform




Before we delve into why you should attend 'GlobalPlatform Presents the TEE: Next Generation Mobile Security for Today and Tomorrow' it is important to firstly understand why GlobalPlatform is hosting this event.


With a growing number of applications requiring additional security to be downloaded onto mobile devices and as the mobile services landscape continues to grow, there is demand from the industry for the ecosystem to evolve in a standardized manner to ensure scalability, speed up production time to market and reduce development costs. GlobalPlatform is taking steps to standardize the technology through the publication of industry specifications and the creation of a security certification program that qualifies the security level of a given TEE implementation. This promotes confidence and interoperability while offering assurances to application and software developers, chipset and device manufacturers that a TEE product will perform in line with GlobalPlatform standards.


Read More



Mcommerce and the TEE: A perfect match?


By Neil Garner, Chief Executive and Founder, Proxama




Mobile commerce (mcommerce) is growing, and not just in the traditional sense of using a mobile device to go online and make a purchase. Today, mcommerce incorporates a vast range of financial services including mobile wallets, peer-to-peer payments, contactless payments and using a mobile device as a point of sale (POS) terminal.


As mcommerce evolves and new stakeholders engage in the market, there is a need for stronger, more standardized security on the mobile device. We must remember that mobile phones were never designed for the range of services they offer today. The technology that enables these services such as near field communication (NFC), secure elements (SE) and the trusted execution environment (TEE), needs to be deployed to ensure the device is secure and that a consumer can carry out any financial transaction in a safe and trusted environment.


Read More



Revolutionizing consumer authentication with the TEE


By Sebastien Taveau, Chief Technology Officer of Validity




At the 'GlobalPlatform Presents the Trusted Execution Environment (TEE): Next Generation Mobile Security for Today and Tomorrow' conference 2013, Sebastien Taveau explored how specifications from the FIDO Alliance can be combined with the TEE to revolutionize consumer biometrics. In this blog, he takes a look at how the TEE can be leveraged for authentication.


Firstly, what is FIDO Alliance?

FIDO stands for 'Fast IDentity Online' and is a not-for-profit organization working to address the lack of interoperability among strong authentication devices as well as the problems users face creating and remembering multiple usernames and passwords. The organization is looking to ensure security on mobile devices without compromising speed and convenience for consumers: something that can be achieved by aligning FIDO and GlobalPlatform Specifications.


Read More



KEVIN GILLICK – Governments Under Attack


BY KEVIN GILLICK, GLOBALPLATFORM EXECUTIVE DIRECTOR




It’s no secret that government agencies are a prime target for hackers and malicious attacks that cause wide-scale disruption. And the threat is increasing. Today, we are seeing a dramatic increase in the number of organized hacks happening at a state level as cyber criminals try to crack into countries’ online assets. One initiative which is growing in popularity and compounding the security threat landscape for governments is bring your own device (BYOD).


The growth of BYOD is in response to a worldwide government effort to increase responsiveness and efficiency. Allowing employees to use their own devices can increase productivity through enabling government networks to be accessed on the move. The security level offered by these devices, however, is becoming a real and critical concern for government agencies globally as they strive to ensure data is appropriately protected.


Read More


 



Privacy / Use Policy | Copyright © 2016 GlobalPlatform. All Rights Reserved