Nell’iperspazio con Rocket: il Framework Web di Rust!
Standardizing the tee with global platform and RISC-V
1. December 8-10 | Virtual Event
Standardizing the TEE with GlobalPlatform and RISC-V
Gil Bernabeu
Technical Director
GlobalPlatform
#RISCVSUMMIT
2. 3
Industry Focused
Common Goal
Reduced time to market for digital services
Successful Collaboration
20 years of implementations
Established Standards
Over 150 technical documents available
GlobalPlatform is a member-driven
technical community
Chip
Manufacturers
Device
Manufacturers
Regulators
Certification
Bodies
Laboratories
IoT Cloud
Platform
Providers
Application
Developers
Service
Providers
4. 5
Protection of
Digital Services
Certification of
Secure Components
Secure Remote
Management of
Digital Services
By addressing these
requirements, GlobalPlatform:
• Speeds up alignment between service providers and device
manufacturers on technical and commercial interests
• Offers a simpler route to market
GlobalPlatform’s technology provides a range of authentication, connectivity, privacy and security solutions
Key Requirements for a Successful Secure Deployment
1 2 3
5. 6
Protecting Digital Services:
Secure Components and Device Trust Architecture
Protection of Digital Services
Secure Component
Secure
Element
Trusted
Execution
Environment
At Device
Level
Device Trust
Architecture
MCU
6. 7
Protection of Digital Services – Secure Component
GlobalPlatform protects digital services by standardizing and certifying two secure component
technologies (secure component = hardware + firmware + root of trust)
7.6 billion Secure
Elements (SEs) deployed
in 2019 were based on
GlobalPlatform
specifications
Secure Element (SE) Trusted Execution Environment
(TEE)
1 billion
GlobalPlatform-compliant
TEE-enabled processors
shipped for the
smartphone market in
2019
Total amount of deployed SEs based
on GlobalPlatform technology since
2010 to over 42 billion
7. 8
VAN.2
GlobalPlatform’s Answer to Cover Different Security Market
Requirements
VAN.5
VAN.3
GlobalPlatform TEE Protection Profile
GlobalPlatform SE Protection Profile
under evaluation
GlobalPlatform MCU ROT Protection Profile
under public review
Robustness
• Levels are not related to a specific technology
• Levels are aligned with attack Methodology Penetration Testing
• Product differentiation is possible with clear level of protection of assets
Trusted Execution Environment Technical Community
(lab, vendor, expert) open to national Certification Bodies created back in
2016
8. 9
New Scope of Work at an Enhanced Level
• Last year we have decided to also cover
Secure MCU in our road map for
addressing enhanced level
– This is a good way to secure IoT due to the
dissemination of secure MCU into IoT devices
• Our MCU Protection Profile is under final
review
– Your comments are welcome!
– Public Review Ends: 07 Dec 2020
• The GlobalPlatform enhanced attack
methodology is now under revision to
cover this additional design
https://globalplatform.org/specifications/for-public-review/
9. 10
GlobalPlatform TEE
GlobalPlatform defines a TEE as a secure area in the main silicon of a connected device to
enable a minimal trusted computing base (TCB)
• Provides high-performance hardware
security with zero additional Bill of Material
(BoM)
• Offers isolated safe execution of authorized
security software, known as 'trusted
applications’ which enable end-to-end
security
• Protects sensitive data in transit, while
processed and when stored
10. 11
• Isolation from the Regular Execution Environment (REE)
TEE Security Features
Broad security features to protect Trusted Applications (TAs)
Application management control
Random number generation, cryptography and monotonic time
Hardware-based device binding
Integrity and confidentiality of protected data storage
Privileged access to hardware and peripherals (e.g. sensors, crypto engines)
• Isolation from other Trusted Application
Trusted
Application
11. 12
The Trusted Execution Environment (TEE) (1 of 2)
• Protected by hardware mechanisms
– Isolate the TEE from the REE
– Only allowed communication uses defined entry
points
– No single hardware implementation
• High performance
– TEE code runs on a full function CPU
• Fast communications mechanisms
– TEE may be able to access REE memory
– Hardware protects TEE memory from REE
• Multiple simultaneously active Trusted
Applications in the TEE
12. 13
The Trusted Execution Environment (2 of 2)
• Standardized by GlobalPlatform
– Portable across platforms
• Everything in the TEE is defined for security
first, then speed
• Executables running in TEE are validated
before execution
• Secure storage mechanism for secrecy
– Authenticity, integrity and confidentiality
• TEE Protection Profile defined by
GlobalPlatform
– Defines the level of hardware protection that is
required
– See later
13. 14
Hardware Isolation is a Must
• The defining feature of the TEE is hardware
protection
• Software based protections can be hacked,
properly defined hardware protections cannot
– How can you hack a set of silicon gates?
• Hardware ensures only valid entry points can
be called
– No side-channel access to secure resources from the
REE
• Standard does not define how hardware
protection is implemented
– CPU modes
– Separate CPU
• Hardware protection is no use without secure
software
– A careless programmer can destroy security
• Software carefully guards the pinch points /
Software uses the hardware protections
– Guards the pinch points
– Limits access to secrets
– Minimizes interfaces to the REE
– Minimizes side channel attacks in some cases
• Provides the Trusted Execution Environment
(TEE) for secure code
14. 15
Based on Multiple TEE Hardware Implementations
PCB C
On-SoC
On-Chip
Security
Subsystem
µProcessing
Core(s)
Peripherals
OTP Fields
RAM
Crypto
Accelerators
ROM
Key
TEE Component REE Component Shared Component
PCB B
PCB A
On-SoC
Crypto
Accelerators
ROM
On-SoC
External
Memories
External
Security
Co-Processor
µProcessing
Core(s)
Peripherals
OTP Fields
RAM
Crypto
Accelerators
ROM
µProcessing
Core(s)
RAM
External
Memories
OTP Fields
Peripherals
External
Memories
Discussion started
with RISC-V to look on
new potential HW
implementations
15. 16
TEE Software Architecture
REE
Applicatio
n
REE
Applicatio
n
REE
Application Client
Application
Shared
Memory
Public
Device
Drivers
REE
Comms.
Agent
TEE Client API
Rich OS
Components
Trusted
Device
Drivers
TEE
Comms.
Agent
Trusted Kernel
Trusted Core
Framework
Trusted OS Components
TEE Internal Core API and extensions
Shared
Memory
View
Trusted
Application
REE
Applicatio
n
REE
Applicatio
n
Trusted
Application
Public Peripherals Trusted Peripherals
Switchable Peripherals
Message
s
Isolation
defined
by
TEE
Protection
Profile
Platform Hardware
TEE Protocols
17. 18
• The original (“high-level”) TUI provided a limited set of use cases and screen layout support:
– PNG image display
– PIN entry
– PIN and Password Entry
• Designed for initial TUI use cases with layout design implemented by device vendors
• The new version (GlobalPlatform TEE TUI “Low Level” – April 2018) supports
– Direct access for TAs to isolated display framebuffer
Allows the Trusted Application FULL control of how and what it displays
No un-trusted or other TA software can access the displayed data
– Direct access for TAs to peripherals and event based isolated input
Allowing the Trusted Application FULL control of how it reacts to user inputs
No un-trusted or other TA software can access the input data streams
GlobalPlatform TEE Trusted User Interface (TUI):
A New Version
Label
Security Indicator
mylogin < correction
cancel validate
login
**** < correction
password
Virtual Keyboard
Label
Security Indicator
Cancel Validate
18. 19
• Good biometrics are harder to steal and use than PIN or password, and much easier to remember
if and only if securely implemented
• GlobalPlatform TEE Biometric API
– Design validated for fingerprint sensors
– Open to be used as a generic biometric interface for other biometry types
• No un-trusted or TA software can access the biometric data
• No un-trusted or TA software can inject false/stolen biometric material
• Support for multiple users and multiple fingerprints
• Each Trusted Application (TA) gets to set its own rules for
– what a fingerprint does
– and how long it may do it
GlobalPlatform TEE Biometric API
(an extension of GlobalPlatform TEE TUI Low Level)
TEE
with Trusted User
Interface
Un-Trusted
The User’s Device
My Trusted App
in the TEE
20. 21
Management of the TEE
• TEE Management Framework has been designed on 3 layers
1) Administration Operations
The management of Trusted Applications and Security Domains
2) Security Model
Defines the Actors and Security Mechanisms
3) Protocol(s)
The encoding of administrator operations
Secure sessions with a Security Domain
Support multiple deployment models +
ASN.1 command and OTrP model
21. 22
TEE Protection Profile and Modules are Available
New PP TEE v1.3
Covers from the ROT to the APIs
Evaluated by the French scheme
• SFR improvement and now rely on GP Crypto requirements
• AVA_VAN_AP.3 replaces AVA_TEE.2
• Aligned with latest Attack methods catalog
• Includes 2 PP Modules
We are also finalizing:
• Secure Media Path TEE PP modules
• Trusted User Interface TEE PP modules
• Biometrics TEE PP module
22. 23
An isolated environment has been created
GlobalPlatform Security
Certification confirms
The product meets the defined level of
correctness and robustness
The product protects against SW-based
attacks and exploitation of its physical
boundary
GlobalPlatform TEE Security Certification
Work is based on ISO
standards ISO/IEC 15408
GlobalPlatform stays ahead of widespread attacks and state-of-the-art countermeasures.
23. 24
Microcontroller (MCU) Root of Trust and Protection Profile
Application
Application
Root of Trust
Application
Root of Trust
RoT Services
Secure Partition Manager
Library / OS
Kernel
Secure Processing Environment (SPE)
Non-Secure Processing
Environment (NSPE)
Isolation boundary
Client API
Implementation
Defined
Internal API Internal API Implementation Defined
Internal
API
TOE
Application Processor
TEE
Microcontroller (MCU)
High-End & Mid-End
IoT Devices
Low-End
IoT Devices
MCU – Root Of Trust
TEE Concepts Adapted to Microcontrollers
Scope of Protection Profile
24. 25
• Leveraging GlobalPlatform TEE specifications for RISC-V architecture secure hardware
enclave
• GlobalPlatform TEE specifications are architecture-agnostic
– With focus on meeting isolation and secure trust goals rather than how hardware can
achieve these objectives
• 1st identified item: define a new “lightweight” configuration for IoT TEE configuration
– Pick and choose the minimal needed set from existing GlobalPlatform specifications
– Ideal for software and devices targeted at a particular use case and reduced use of
resources rather than “generic” environment of today’s TEEs
• Project example for secure hardware enclave: https://keystone-enclave.org/
• First open-source framework for architecting and building customized TEEs with secure
hardware enclaves based on RISC-V
RISC-V and GlobalPlatform Starting Working Together
25. 26
Summary
• Service providers are now widely using GlobalPlatform TEE APIs to develop
digital services
• The Protection Profile and the security certification defines a clear base
line to allow service providers to calculate precisely their risk
• Collaboration with RISC-V will create new devices supporting TEE and will
accelerate digital service deployment
• GlobalPlatform TEE technology is now widely deployed in
different markets over different hardware architecture