Trusted ZoneIn Trusted Execution Environment (TEE)

2012/10/17 John

PrefaceAs the mobile market matures and expands, an increasing number of security concerns demand attention. With end-users using their smart-phone for a variety of “lifestyle” applications, there is a proliferation of security needs that result from the use of an open environment.

Content protection, corporate environments, connectivity, and the rise of financial transactions in the mobile market exacerbate these security concerns, which are relevant not just to the end-user. Service providers, mobile network operators, OS and application developers, device manufacturers, platform providers, and silicon vendors are all key stakeholders in this market—and thus have a vested interest in seeing proper security implemented.

Trusted Execution Environment(TEE)

GlobalPlatform, the organization which standardizes the management of applications on secure chip technology, has published a white paper that outlines the benefits of introducing and standardizing the Trusted Execution Environment (TEE) in mobile devices.

Trusted Zone(TZ) The security technology from ARM that enables the construction of a Normal world and a Secure world.

Trusted Foundation(TF) Trusted Foundations is the leading and proven Trusted Execution Environment (TEE), which protects any application or service through hardware-based security by Trusted Logic Mobility.

OverviewTrustZone® to separate the “Secure World” from the “Normal World”:

● The Secure World contains the Trusted Execution Environment that runs Secure Services;

● The Normal World runs Client Applications that access the secure services.

The product includes built-in services that provide off-the-shelf security functionality, such as secure data storage and a cryptographic provider. The product also allows deployment of custom services, which can, for example, implement the heart of a Digital Rights Management scheme.

Overview

Overview

Overview

Boot ProcessFor the overall security of the device, it is important that the device implements a Secure Boot process and that the debug interface is controlled. This usually implies that the OEM:● burns some key and other ids during the device manufactory,● signs the bootloader and the Trusted Foundations image with a secure

boot key,● disables the JTag interface.

This list is not exhaustive; the OEM should contact Nvidia for further details on how to enable the Secure Boot proce ss and how to configure the hardware at the manufactory to reach the appropriate security level.

Boot Process

Building Secure Service

Building Secure Service

Building Secure Service

Integration into normal world OS

Texas Instruments - M-Shield Mobile Security Technology

Texas Instruments - M-Shield Mobile Security Technology

Nvidia - Tegra TEE

Nvidia - Tegra TEE

Qualcomm - SecureMSMQualcomm SnapDragon™ provides a fully certifiable security on basis of the ARM® TrustZone® technology.

Example, NetflixNetflix revolutionizes the way people watch TV shows and movies

With more than 27 million streaming members in the United States, Canada, Latin America, the United Kingdom, Ireland and the Nordics, Netflix, Inc. (NASDAQ: NFLX) is the world's leading internet subscription service for enjoying movies and TV programs. For one low monthly price, Netflix members can instantly watch movies and TV programs streamed over the internet to PCs, Macs and TVs. Among the large and expanding base of devices streaming from Netflix are the Microsoft Xbox 360, Nintendo Wii and Sony PS3 consoles; an array of Blu-ray disc players, internet-connected TVs, home theatre systems, digital video recorders and internet video players; Apple iPhone, iPad and iPod touch, as well as Apple TV and Google TV. In all, over 800 devices that stream from Netflix are available.

Example, Netflix

Example, Netflix

Example, Netflix

Example, Netflix

Example, Netflix

Example, Netflix

Example, Netflix

Example, Netflix

Example, Netflix

Example, Netflix

Example, Netflix

Example, Netflix