GlobalPlatform Trusted Execution Environment (TEE) for Mobile Kevin Gillick Executive Director, GlobalPlatform @GlobalPlatform_ www.linkedin.com/company/globalplatform
GlobalPlatform Overview
GlobalPlatform Positioning GlobalPlatform is the standard for managing applications on secure chip technology Trusted Execution Environment AND Secure Element Across several market sectors and in converging sectors Premium Content
GlobalPlatform At-a-Glance What is the output of GlobalPlatform? Specifications technical industry guidelines Configurations applying the guidelines to different market sectors Security Certifications streamlining security requirements & testing Industry Compliance Program confirming a product s functionality aligns to GlobalPlatform technology Educating the Industry white papers & technical documents Workshops specification training & educational
Our Collaborative Industry Partners
GlobalPlatform Members TM
The TEE for Mobile
Threats are Real In one year, Android malware up 580%, 23 of the top 500 apps on Google Play deemed high risk How to hack a cell phone to have free internet How to hack a cell phone into a spy device (YouTube) How to hack a cell phone to have free phone calls? Control a cell phone remotely and make free calls with the Bluetooth Hack (You Tube) Data hacking somebody viewing or stealing information stored on your phone e.g. phone numbers, bank account details and emails.
What is a Trusted Execution Environment (TEE)? Open to malware and rooting / jailbreaking Rich OS Application Environment Client Applications GlobalPlatform TEE Client API Rich OS Hardware Platform Trusted Execution Environment Trusted Application DRM Isolation of sensitive assets Trusted Application Payment Trusted Application Corporate GlobalPlatformTEEInternal API Trusted Core Trusted Environment TEE Kernel Functions HW Secure Resources TEE provides hardware-based isolation from rich operating systems (OS) such as Android TEE runs on the main device chipset and relies on hardware roots of trust (crypto keys and secure boot) TEE has privileged access to platform and device resources (user interface, memory controller, video / audio hardware, crypto accelerators, biometry ) Technology already massively deployed Premium content protection is currently a major use case
TEE Use Cases Smartphones, tablets, set-top boxes, automotive, etc. Normal World Secure World Use cases Content Protection IP streaming DRM Key protection Content protection Mobile Financial Services mbanking Online payment User authentication Transaction validation Almost all recent mobile devices support TEE technology Corporate / Government Secure networking Secure email BYOD User authentication Data encryption
TEE Specifications Available Rich OS Application Environment Client Applications Trusted Execution Environment Trusted Application DRM Trusted Application Payment Trusted Application Corporate V1.0 Dec 2011 GlobalPlatform TEE Functional API GlobalPlatform TEE TEE Client API API Rich OS GlobalPlatform TEE Internal APIs Trusted Core Trusted Environment Trusted Core Functions Trusted Environment Functions TEE Kernel Hardware Platform HW Secure Resources HW Keys, Secure Storage, Trusted UI (Keypad, Screen), Crypto accelerators, NFC controller, Secure Element, etc.
GlobalPlatform Support from Trusted Computing Group (TCG) White paper: TPM Mobile with TEE for Comprehensive Mobile Device Security Whitepaper introduces how GlobalPlatform TEE and TCG s Mobile Trusted Module (TPM MOBILE) can work together in mobile devices to provide security and enhanced services to users The TPM MOBILE standard continues to be developed in line with mobile device security technologies, such as the GlobalPlatform TEE, in order to create something which is not just secure in principle, but secure and usable in real devices
Growing TEE Momentum More and more TEE followers within GlobalPlatform SoC and hardware IP vendors TEE OS vendors Test and security labs Service providers Device vendors Mobile network operators Trusted service managers
First Annual TEE Seminar
Enterprise and Government Use Cases Captain Josh Dixon, United States Marine Corp Systems Command to present: US Marine Corps TEE Use Cases and Opportunities
TEE Educational Materials Available White paper: The GlobalPlatform Value Proposition for the Trusted Execution Environment The Trusted Execution Environment: Delivering Enhanced Security at a Lower Cost to the Mobile Market Video interviews with industry experts: What is the TEE? Use cases driving TEE adoption What is the role of GlobalPlatform? How the TEE enables the development of secure applications How secure applications benefit from the underlying secure platform
Join Us Tomorrow! Who: Federal Government Agencies What: GlobalPlatform Government Task Force (GTF) Open Session: Enabling Access to Mobile Endpoint with a PIV Credential Where: Room 156 When: 1:30 PM to 4:30 PM
Session Topics US Government current status and challenges: Agency view NIST view GlobalPlatform experience in enabling mobile platforms for different applications: List of potential approaches (contactless card, Smart MicroSD, UICC, embedded secure element) UICC or secure element configuration Certification challenge: GlobalPlatform Composition Model to include NIST requirements Beyond the secure element: trusted execution environment Brainstorming on the different approaches and agreement on next steps
Visit us @ www.globalplatform.org White Papers Specifications Become a Member Organization kevin_gillick@globalplatform.org
Thank You!