GlobalPlatform

Confidential ©

2017

Supporting the Development of a Global

TEE Certification Program

The TEE Ecosystem

2

GlobalPlatform TEE

3

• GlobalPlatform defines a TEE as a

secure area in the main processor of a

smart phone (or any connected device)

• Ensures sensitive data is stored,

processed, and protected in an isolated,

trusted environment

• Offers isolated safe execution of

authorized security software, known as

'trusted applications’ which enables end-

to-end security

Addressing TEE Community Needs

4

GlobalPlatform members form a collaborative body…

…to address current and future requirements for the TEE community

Specifications

Functional Compliance Program

TEE Protection Profile

Security Certifications

Benefits of Standardization

5

Defines a common foundation

• Improving stakeholder interoperability

• Protecting investments

• Simplifying app development

• Reducing costs and time to market

Avoids market fragmentation

• Certificating process and security baseline

• Evaluating and comparing different solutions

• Promoting stability and trust between stakeholders

Setting Security Standards

6

Current Landscape

7

National agenciesWW consumer market

8

Rely on ISO standards

ISO/IEC 15408

Publishes and

maintains protection

profiles and associated

modules

Creates an open

technical community to

manage the

certification program

Open to National CBs

Evaluation

methodology and

certification process

which fit with

consumer device

lifecycles

Certification process

should be less than

100 days

GlobalPlatform TEE Security Certified Product

9

GlobalPlatform Certification confirms:

An isolated environment has been

created

The product meets the defined level of correctness and

robustness

The product protects against SW-based

attacks and exploitation of its physical boundary

Work is based on ISO standards ISO/IEC 15408

Technical Community

Protection Profile GlobalPlatform

Evaluation Methodology

Open Technical Community

10

Input from across the

technical community

Defines rules / processes and

real world implementation

methodology

Definition of threats, objectives &

security requirements

1.Specifies threats to the TEE

2.Details security threats to be met

Analysis phase -

documentation

Testing phase –

getting consistent

results across all

GP labs

Enhanced phase

– additional

penetration tests

Real World Certification

11

Adapted to the consumer connected world

• Manage chip product portfolio

• Realistic and reliable timeframe

Supports innovation & product lifecycles

• Evaluation methodology

applies to:

- SoC platforms

- Devices

- Derivatives product

Transparent & independent

• Test suite availability

• Global network of labs

Real World Protection: Withstanding Attacks

12

A secure boot process and a Root

of Trust (RoT)

State of the art cryptography

Integrity monitoring and rollback protection

Memory management

How to Create an Isolated Environment

13

Kernel-level hardware-enforced

access control

Creates an isolated environment in

a multi-environment open device

Strong Value for Application Developers

14

Isolation from the REE

Isolation from other TAs

Controlled application

management

Integrity and confidentiality protected data

storage

Random number

generation, cryptography

and monotonic time stamps

Identification and binding of

the TEE

Trusted access to peripherals

(screen, biometrics, sensors, secure

element)

Trusted Application

Strong Value for Device Manufacturers

15

By creating an isolated environment, the GlobalPlatform TEE Security Certification Program can:

Publicly Available Information

16

Stakeholders Benefits

17

Service providers can develop a service once and deploy everywhere, which enables a universal and consistent risk management strategy

Device manufacturers prove the security of products to an internationally recognized standard

National certification bodies can connect with experts in the field to set regional standards

Industries bodies can incorporate into their requirements, streamlining product testing

Security labs have the opportunity to play an active role in the evolution of TEE security

TEE Resources

18

visit www.globalplatform.org

• White papers

• Videos

• Infographics

• Specifications

• Tech documents

• Certification