What is A Trusted Execution Environment (TEE)?
Applications today increasingly track, store, and analyze sensitive user data across a wide range of environments, including across multiple clouds. The huge amount of data processing creates a wide attack vector that must be addressed differently from data in transit and data in storage.
To accomplish this, developers have turned to Trusted Execution Environments (TEEs) to protect applications and their data at run time. The technology goes a long way in increasing compliance with data protection regulations enhancing user privacy, and reducing the attack surface. In this post, we’ll explore Trusted Execution Environments in detail to understand what they are, what they are used for, advantages, and limitations.
What is a Trusted Execution Environment?
A Trusted Execution Environment is a secure area inside the main processor where code is executed and data is processed in an isolated private enclave such that it is invisible or inaccessible to external parties. The technology protects data by ensuring no other application can access it, and both insider and outsider threats can’t compromise it even if the operating system is compromised. This level of security is equivalent to what existing classic cryptography methods such as symmetric-key encryption, hashing and digital signature, provide.
(Source: Javier González via ResearchGate)
How a Trusted Execution Environment Works
Trusted Execution Environments are established at the hardware level, which means that they are partitioned and isolated, complete with busses, peripherals, interrupts, memory regions, etc. TEEs run their instance of an operating system known as Trusted OS, and the apps allowed to run in this isolated environment are referred to as Trusted Applications (TA). Untrusted apps run on an open part of the larger operating system referred to as the Rich Execution Environment (REE).
A trusted application has access to the full performance of the device despite operating in an isolated environment, and it is protected from all other applications. Data is usually encrypted in storage and transit and is only decrypted when it’s in the TEE for processing. The CPU blocks access to the TEE by all untrusted apps, regardless of the privileges of the entities requesting access.
To enhance security, two trusted applications running in the TEE also do not have access to each other’s data as they are separated through software and cryptographic functions.
Why Do We Need a Trusted Execution Environment?
Until TEE became a reality, running your software on someone’s servers meant that you couldn’t be sure whether or not your data was being observed or even tempered with during execution. Simply, it meant that you had to trust that your data was being kept safe.
TEE eliminates the need for trust by providing confidentiality regardless of who owns or controls the hardware you are using to run your app. The technology ensures that no one can see, modify, terminate, or manipulate the code or data. This became more of a concern as enterprises began to move to cloud and hybrid environments, and sharing resources or relying on a service provider became commonplace.
TEE today is mostly used in edge computing, where organizations need to process sensitive data such as Personally Identifiable Information (PII), credit card information, or medical records on user devices. The secure environment ensures that even if the user device is compromised, data processing will remain safe as the attacker won’t gain access.
Applications of TEE
TEEs are quite popular today and are mostly used in smartphones, tablets, and set-top boxes. Windows 11 now requires a Trusted Platform Module (TPM) – which is similar to TEE, but is physically isolated from the rest of the processing system – in order to run. IoT manufacturers have widely adopted the technology in various sectors such as automotive, industrial automation, and health to protect data.
TEE technology first came as individual proprietary solutions in the early 2000s. In 2004, Trusted Logic partnered with Texas Instruments to create a generic TEE. This was followed by ARM producing its popular TEE implementation known as TrustZone in 2006, based on Trusted Logic software. In the same year, Open Mobile Terminal Platform released the first recognized TEE set of standards.
Since then, there have been several releases of TEE technology that operate on popular operating systems such as Windows, Android, and iOS. One of the most popular is Apple’s Secure Enclave, which is now part of their iPhones and iPads lineup. Secure Enclave protects encryption keys used by iOS and third-party apps, as well as biometric information and other sensitive data. On Android, Google uses Trusty TEE, which runs parallel to the Android OS.
Benefits of Trusted Execution Environment
TEE offers several benefits that include:
- Data Integrity & Confidentiality: Your organization can use TEE to ensure data accuracy, consistency, and privacy as no third party will have access to the data when it’s unencrypted.
- Code Integrity: TEE helps implement code integrity policies as your code is authenticated every time before it’s loaded into memory.
- Secure Collaboration: When used in conjunction with other PETs such as federated learning (FL), multiparty computation (MPC) or fully hom*omorphic encryption (FHE), TEE allows organizations to securely collaborate without having to trust each other by providing a secure environment where code can be tested without being directly exported. This allows you to gain more value from your sensitive data.
- Simplified Compliance: TEE provides an easy way to achieve compliance as sensitive data is not exposed, hardware requirements that may be present are met, and the technology is pre-installed on devices such as smartphones and PCs.
TEE Limitations
TEE has several major limitations as compared to software-focused privacy technologies, particularly around the financial burden of acquiring and deploying the technology, retrofitting existing solutions to use TEEs and the challenges of vendor-lock-in. In short, TEEs are inherently a hardware solution, implying that they need to be purchased, physically delivered, installed and maintained, in addition to this, special software is needed to run on them. This is a much higher “conversion” burden than software-only privacy technologies. Also, once the TEEs are installed, they need to be maintained. There is little commonality between the various TEE vendors’ solutions, and this implies vendor lock-in. If a major vendor were to stop supporting a specific architecture or, if worse, a hardware design flaw were to be found in a specific vendor’s solution, then a completely new and expensive solution stack would need to be designed, installed and integrated at great cost to the users of the technologies.
In addition to the lifecycle costs, TEE technology is not foolproof as it has its own attack vectors both in the TEE Operating System and in the Trusted Apps (they still involve many lines of code). This has been proven through several lab tests, with Quarkslab successfully exploiting a vulnerability in Kinibi, a TrustZone-based TEE used on some Samsung devices, to obtain code execution in monitor mode.
Conclusion
Trusted Execution Environments greatly enhance mobile and cloud data security by isolating sensitive operations and providing a secure environment for analyzing data. Although the technology is not a perfect solution, it is a great security layer for companies dealing with sensitive data. To maximize on it, organizations can combine TEE with other privacy preservation measures to enhance collaboration while still maintaining compliance.
Joel Timothy
