Enhancing Trust in Mobile Services Using

the Latest GlobalPlatform Standards

Julien DelplanckeGlobalPlatform Member Representative

8th ETSI Security Workshop

January 17th, 2013

1

©2012 @GlobalPlatform_ www.linkedin.com/company/globalplatform

GlobalPlatform Today

GlobalPlatform is the standard for managing applications on secure chip technology…

Trusted

Execution

Environment (TEE)

Secure

Element (SE)AND

… across several markets and in converging sectors

Environment (TEE)Element (SE)

GlobalPlatform Members

Trusted Execution Environment Update

4

What is a TEE?

• TEE provides hardware-based

isolation from rich operating

systems (OS) such as Android,

Windows Phone and Symbian

• TEE runs on the main device Rich OS Application Environment Trusted Execution Environment

Trusted Trusted Trusted

Open to malware and

rooting / jailbreaking

Isolation of sensitive

assets

• TEE runs on the main device

chipset

• TEE has privileged access to

device resources (user interface,

crypto accelerators, secure

elements…).

5

Hardware Platform

Rich OS

Trusted CoreEnvironment

GlobalPlatformTEEInternalAPI

TrustedFunctions

Payment Corporate

Client Applications

TrustedApplication

DRM

TrustedApplication

Payment

TrustedApplicationCorporate

HW Secure Resources

GlobalPlatformTEE Internal

TEE Kernel

API

GlobalPlatform TEE Client API

What is the TEE Scope in GlobalPlatform?

TEE Software Interfaces

TEE Administration

6

Functional

Compliance

Security

Certification

TEE

ConfigurationsUse cases

business requirements

GlobalPlatform TEE Compliance &

Security Certification

+TEE OS

System on Chip-based Platform Supporting GlobalPlatform TEE

Functional

GlobalPlatform-defined test

suite

GlobalPlatform-defined TEE Protection

Profile

7

+ Functional

GlobalPlatformCompliance

Security

Certification

GlobalPlatform STAMP

• Current and first focus = platform

• Final product (final smartphone, tablet…): light delta compliance and / or security

certification might be defined at a later stage

First TEE TestFestin Oct. 2012

High-Level TEE Roadmap

Rich OS Application EnvironmentRich OS Application Environment Trusted Execution EnvironmentTrusted Execution Environment

Payment CorporateClient ApplicationsApplications

TrustedApplication

DRM

Trusted

Application

Payment

Trusted

Application

Corporate

Administration

ADMINISTRATION

• Management of multiple security domains (Q1 2013)

INTERNAL APIs• Core APIs 1.0 (Q4 2011) �

8

HardwarePlatform

Rich OS

HW SecureResources

TEE Kernel and Functions

SECURITY CERTIFICATION• TEE Protection Profile (Q1 2013)

COMPLIANCE• Client & core APIs (Q4 2012) �• Additional APIs (Q2 2013)

• Core APIs 1.0 (Q4 2011) �• Trusted user interface (Q1 2013)• Debug APIs (Q1 2013)• Interface to SE (Q1 2013)• Socket API (Q2 2013)

GlobalPlatform TEE Internal APIsGlobalPlatform TEE Client API

APIs for RICH OS ENVIRONMENT

• TEE Client API (Q3 2010) �• Javascript API (Q2 2013)

TEE Security Certification

• Enabling independent entities to validate TEE security level to prove a first level of security of TEE

• Does not go up to SE / smart card level of security

• Need to prove– Isolation of TEE vs rich OS environment

– Isolation of trusted applications (TAs) between each other

– TAs are not tampering with the TEE OS

PRINCIPLES

TEE security certification scheme based on:• Common Criteria scheme • Existing lab infrastructure (ITSEF labs)

in many countries • TEE Protection Profile

– TAs are not tampering with the TEE OS

• Main attack vectors– Software attacks coming from

• Rich OS (malware, rooted device, …)

• Rogue / badly written TAs

– Few ‘easy’ hardware attacks such as

• Debug/Jtag interface

• Firmware replacement

• Not reinventing the wheel

• Use international scheme (e.g. not a country-specific scheme)

• Be lightweight to fulfill time-to-market requirements of mobile industry

9

• TEE Protection Profile• Evaluation Assurance Level (EAL)

‘TEE’: custom EAL to accommodate lightweight process

Questions?

Visit us @ www.globalplatform.org