GlobalPlatform Trusted Execution Environment (TEE) for Mobile

Similar documents
GlobalPlatform Addressing Unique Security Challenges through Standardization

Introduction to Device Trust Architecture

Securing the System with TrustZone Ready Program Securing your Digital World. Secure Services Division

ARM European Technical Symposium The security challenges that IoT and Mobile Computing Devices are facing. Pierre Garnier, COO

Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

Make security part of your client systems refresh

Strong Authentication for Physical Access using Mobile Devices

Mobile Devices as Identity Carriers. Pre Conference Workshop October 14 th 2013

Trusted Computing Today: Benefits and Solutions

The Open Application Platform for Secure Elements.

Designing Security & Trust into Connected Devices

Google Identity Services for work

Thomas Lippert Principal Product Manager. Sophos Mobile. Spring 2017

Open Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014

Mobile Derived Credentials Purebred Information Brief

Trustzone Security IP for IoT

EM L01 Introduction to Mobile

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

How Next Generation Trusted Identities Can Help Transform Your Business

NFC Identity and Access Control

Mobile Platform Security Architectures A perspective on their evolution

NCCoE TRUSTED CLOUD: A SECURE SOLUTION

New Approaches to Connected Device Security

Provisioning secure Identity for Microcontroller based IoT Devices

Transforming Security Part 2: From the Device to the Data Center

Mobile Devices prioritize User Experience

Designing Security & Trust into Connected Devices

FIDO AS REGTECH ADDRESSING GOVERNMENT REQUIREMENTS. Jeremy Grant. Managing Director, Technology Business Strategy Venable LLP

SIERRAWARE SIERRATEE FOR MIPS OMNISHIELD

Smart Card Alliance Update. Update to the Interagency Advisor Board (IAB) June 27, 2012

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS

Trusted Computing As a Solution!

Google on BeyondCorp: Empowering employees with security for the cloud era

How to protect Automotive systems with ARM Security Architecture

What s In Your e-wallet? Using ARM IP to Enable Security in Mobile Phones. Richard Phelan Media Processing Division TrustZone Security Technology

The Trusted Execution Environment:

Federal Mobility: A Year in Review

Mobile Security Overview Rob Greer, VP Endpoint Management and Mobility Product Management Dave Cole, Sr. Director Consumer Mobile Product Management

Identity and Authentication PKI Portfolio

National Cybersecurity Center of Excellence

Cybersmart Buildings: Securing Your Investments in Connectivity and Automation

Six steps to control the uncontrollable

Introduction to GlobalPlatform Compliance Secretariat

RHM Presentation. Maas 360 Mobile device management

How Microsoft s Enterprise Mobility Suite Provides helps with those challenges

Jim Reavis CEO and Founder Cloud Security Alliance December 2017

Lecture 3 MOBILE PLATFORM SECURITY

SMART DEVICES: DO THEY RESPECT YOUR PRIVACY?

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

No More Excuses: Feds Need to Lead with Strong Authentication!

BYOD: BRING YOUR OWN DEVICE.

A NEW MODEL FOR AUTHENTICATION

ARM Security Solutions and Numonyx Authenticated Flash

How-to Guide: Tenable Nessus for BeyondTrust. Last Revised: November 13, 2018

Building Digital Key Solution for Automotive

Enhancing and Extending Microsoft SharePoint 2013 for Secure Mobile Access and Management

3-Part Guide to Developing a BYOD Strategy

Smart Card Alliance Member Webinar: Mission Expansion and Name Change. February 22, 2017

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

hidglobal.com Still Going Strong SECURITY TOKENS FROM HID GLOBAL

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

Mobile Security / Mobile Payments

Securing Enterprise or User Brought mobile devices

5G Security. Jason Boswell. Drew Morin. Chris White. Head of Security, IT, and Cloud Ericsson North America

HCE security implications. Analyzing the security aspects of HCE

IDGo Middleware and SDK for Mobile Devices

National Cybersecurity Center of Excellence (NCCoE) Mobile Application Single Sign

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

whitepaper ClickShare Security

CLOSING IN FEDERAL ENDPOINT SECURITY

Accelerate Your Enterprise Private Cloud Initiative

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition

Cyber Security and You: The Future of Physical Access in a Digital World. Chip Epps & Daniel Bailin HID Global

Authentication Technology for a Smart eid Infrastructure.

FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

Mobile software security Building trust in mobile apps

Defensible and Beyond

Identity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Practical Attack Scenarios on Secure Element-enabled Mobile Devices

Effective Strategies for Managing Cybersecurity Risks

The Road to Industry 4.0

Comodo Device Manager Software Version 4.0

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT

Mobile Field Worker Security Advocate Series: Customer Conversation Guide. Research by IDC, 2015

Building a Resilient Security Posture for Effective Breach Prevention

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Date: 13 June Location: Sophia Antipolis. Integrating the SIM. Dr. Adrian Escott. Qualcomm Technologies, Inc.

Transforming IT: From Silos To Services

FIS Global Partners with Asigra To Provide Financial Services Clients with Enhanced Secure Data Protection that Meets Compliance Mandates

Securing Today s Mobile Workforce

IBM Future of Work Forum

Windows IoT Security. Jackie Chang Sr. Program Manager

Scalable Security solutions to enable Cyber Security and to manage Digital Identities

Embedded System Security Mobile Hardware Platform Security

Trusted Computing Group

OP-TEE Using TrustZone to Protect Our Own Secrets

Transcription:

GlobalPlatform Trusted Execution Environment (TEE) for Mobile Kevin Gillick Executive Director, GlobalPlatform @GlobalPlatform_ www.linkedin.com/company/globalplatform

GlobalPlatform Overview

GlobalPlatform Positioning GlobalPlatform is the standard for managing applications on secure chip technology Trusted Execution Environment AND Secure Element Across several market sectors and in converging sectors Premium Content

GlobalPlatform At-a-Glance What is the output of GlobalPlatform? Specifications technical industry guidelines Configurations applying the guidelines to different market sectors Security Certifications streamlining security requirements & testing Industry Compliance Program confirming a product s functionality aligns to GlobalPlatform technology Educating the Industry white papers & technical documents Workshops specification training & educational

Our Collaborative Industry Partners

GlobalPlatform Members TM

The TEE for Mobile

Threats are Real In one year, Android malware up 580%, 23 of the top 500 apps on Google Play deemed high risk How to hack a cell phone to have free internet How to hack a cell phone into a spy device (YouTube) How to hack a cell phone to have free phone calls? Control a cell phone remotely and make free calls with the Bluetooth Hack (You Tube) Data hacking somebody viewing or stealing information stored on your phone e.g. phone numbers, bank account details and emails.

What is a Trusted Execution Environment (TEE)? Open to malware and rooting / jailbreaking Rich OS Application Environment Client Applications GlobalPlatform TEE Client API Rich OS Hardware Platform Trusted Execution Environment Trusted Application DRM Isolation of sensitive assets Trusted Application Payment Trusted Application Corporate GlobalPlatformTEEInternal API Trusted Core Trusted Environment TEE Kernel Functions HW Secure Resources TEE provides hardware-based isolation from rich operating systems (OS) such as Android TEE runs on the main device chipset and relies on hardware roots of trust (crypto keys and secure boot) TEE has privileged access to platform and device resources (user interface, memory controller, video / audio hardware, crypto accelerators, biometry ) Technology already massively deployed Premium content protection is currently a major use case

TEE Use Cases Smartphones, tablets, set-top boxes, automotive, etc. Normal World Secure World Use cases Content Protection IP streaming DRM Key protection Content protection Mobile Financial Services mbanking Online payment User authentication Transaction validation Almost all recent mobile devices support TEE technology Corporate / Government Secure networking Secure email BYOD User authentication Data encryption

TEE Specifications Available Rich OS Application Environment Client Applications Trusted Execution Environment Trusted Application DRM Trusted Application Payment Trusted Application Corporate V1.0 Dec 2011 GlobalPlatform TEE Functional API GlobalPlatform TEE TEE Client API API Rich OS GlobalPlatform TEE Internal APIs Trusted Core Trusted Environment Trusted Core Functions Trusted Environment Functions TEE Kernel Hardware Platform HW Secure Resources HW Keys, Secure Storage, Trusted UI (Keypad, Screen), Crypto accelerators, NFC controller, Secure Element, etc.

GlobalPlatform Support from Trusted Computing Group (TCG) White paper: TPM Mobile with TEE for Comprehensive Mobile Device Security Whitepaper introduces how GlobalPlatform TEE and TCG s Mobile Trusted Module (TPM MOBILE) can work together in mobile devices to provide security and enhanced services to users The TPM MOBILE standard continues to be developed in line with mobile device security technologies, such as the GlobalPlatform TEE, in order to create something which is not just secure in principle, but secure and usable in real devices

Growing TEE Momentum More and more TEE followers within GlobalPlatform SoC and hardware IP vendors TEE OS vendors Test and security labs Service providers Device vendors Mobile network operators Trusted service managers

First Annual TEE Seminar

Enterprise and Government Use Cases Captain Josh Dixon, United States Marine Corp Systems Command to present: US Marine Corps TEE Use Cases and Opportunities

TEE Educational Materials Available White paper: The GlobalPlatform Value Proposition for the Trusted Execution Environment The Trusted Execution Environment: Delivering Enhanced Security at a Lower Cost to the Mobile Market Video interviews with industry experts: What is the TEE? Use cases driving TEE adoption What is the role of GlobalPlatform? How the TEE enables the development of secure applications How secure applications benefit from the underlying secure platform

Join Us Tomorrow! Who: Federal Government Agencies What: GlobalPlatform Government Task Force (GTF) Open Session: Enabling Access to Mobile Endpoint with a PIV Credential Where: Room 156 When: 1:30 PM to 4:30 PM

Session Topics US Government current status and challenges: Agency view NIST view GlobalPlatform experience in enabling mobile platforms for different applications: List of potential approaches (contactless card, Smart MicroSD, UICC, embedded secure element) UICC or secure element configuration Certification challenge: GlobalPlatform Composition Model to include NIST requirements Beyond the secure element: trusted execution environment Brainstorming on the different approaches and agreement on next steps

Visit us @ www.globalplatform.org White Papers Specifications Become a Member Organization kevin_gillick@globalplatform.org

Thank You!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback