Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
GlobalPlatform TEE
3
• GlobalPlatform defines a TEE as a
secure area in the main processor of a
smart phone (or any connected device)
• Ensures sensitive data is stored,
processed, and protected in an isolated,
trusted environment
• Offers isolated safe execution of
authorized security software, known as
'trusted applications’ which enables end-
to-end security
Addressing TEE Community Needs
4
GlobalPlatform members form a collaborative body…
…to address current and future requirements for the TEE community
Specifications
Functional Compliance Program
TEE Protection Profile
Security Certifications
Benefits of Standardization
5
Defines a common foundation
• Improving stakeholder interoperability
• Protecting investments
• Simplifying app development
• Reducing costs and time to market
Avoids market fragmentation
• Certificating process and security baseline
• Evaluating and comparing different solutions
• Promoting stability and trust between stakeholders
Current Landscape
7
National agenciesWW consumer market
8
Rely on ISO standards
ISO/IEC 15408
Publishes and
maintains protection
profiles and associated
modules
Creates an open
technical community to
manage the
certification program
Open to National CBs
Evaluation
methodology and
certification process
which fit with
consumer device
lifecycles
Certification process
should be less than
100 days
GlobalPlatform TEE Security Certified Product
9
GlobalPlatform Certification confirms:
An isolated environment has been
created
The product meets the defined level of correctness and
robustness
The product protects against SW-based
attacks and exploitation of its physical boundary
Work is based on ISO standards ISO/IEC 15408
Technical Community
Protection Profile GlobalPlatform
Evaluation Methodology
Open Technical Community
10
Input from across the
technical community
Defines rules / processes and
real world implementation
methodology
Definition of threats, objectives &
security requirements
1.Specifies threats to the TEE
2.Details security threats to be met
Analysis phase -
documentation
Testing phase –
getting consistent
results across all
GP labs
Enhanced phase
– additional
penetration tests
Real World Certification
11
Adapted to the consumer connected world
• Manage chip product portfolio
• Realistic and reliable timeframe
Supports innovation & product lifecycles
• Evaluation methodology
applies to:
- SoC platforms
- Devices
- Derivatives product
Transparent & independent
• Test suite availability
• Global network of labs
A secure boot process and a Root
of Trust (RoT)
State of the art cryptography
Integrity monitoring and rollback protection
Memory management
How to Create an Isolated Environment
13
Kernel-level hardware-enforced
access control
Creates an isolated environment in
a multi-environment open device
Strong Value for Application Developers
14
Isolation from the REE
Isolation from other TAs
Controlled application
management
Integrity and confidentiality protected data
storage
Random number
generation, cryptography
and monotonic time stamps
Identification and binding of
the TEE
Trusted access to peripherals
(screen, biometrics, sensors, secure
element)
Trusted Application
Strong Value for Device Manufacturers
15
By creating an isolated environment, the GlobalPlatform TEE Security Certification Program can:
Stakeholders Benefits
17
Service providers can develop a service once and deploy everywhere, which enables a universal and consistent risk management strategy
Device manufacturers prove the security of products to an internationally recognized standard
National certification bodies can connect with experts in the field to set regional standards
Industries bodies can incorporate into their requirements, streamlining product testing
Security labs have the opportunity to play an active role in the evolution of TEE security