Trusted Execution Environments for Data Safety
Need to schedule a doctor’s appointment? There’s an app for that. Want to pay your rent from a mobile device? There’s an app for that. Interested in adding jokes to your blogs about data security? Honestly, there’s probably an app for that too. The digital age gifts a seemingly-infinite number of software solutions for everyday challenges, but not without a cost –– the more software a device has, the more vectors it has for cyberattacks.To provide a secure refuge from software-focused cyberattacks, Pro Security from AMD, Secure Enclave processors from Apple, and Software Guard Extensions from Intel create what is called a Trusted Execution Environment (TEE).
Considered to be a vital part of security architecture in many devices — a Trusted Execution Environment (TEE) limits access to allow for the highly-trusted execution of code, keeping threats safely outside the environment.
Existing first as individual proprietary solutions, TEE implementations took on a standards-based approach starting in the mid-2000s. In 2004, a partnership between Trusted Logic and Texas Instruments produced a generic TEE. In 2006, Arm launched a TEE implementation called TrustZone that used Trusted Logic software. That same year, the Open Mobile Terminal Platform released the first recognized set of standards for TEE implementation. In 2012, GlobalPlatform and the Trusted Computer Group (TCG) founded a joint working group focusing on TEE specifications and use.
A TEE creates a separate execution environment that operates in parallel to a typical operating system like Windows or Android. Devices that use a TEE allow untrusted applications to operate in an unsecured Rich Execution Environment (REE) and trusted applications to operate in a highly secured TEE. These separate environments protect both sensitive data and code from software attacks without major performance costs to the device.
A TEE creates a trusted environment by requiring that an internal operating system, any assets, and any code be passed through a security system developed by the designers. This typically means everything in a TEE is signature checked, isolated, or unassailable. A TEE will only allow code that has been authorized, with authorization verified after a secure ROM boot, which checks the integrity and authenticity of the operating system.
Although a TEE is kept isolated, it is designed to perform in a normal environment. For example, an application running in a TEE has complete access to the main processor and memory. However, code being executed in a TEE cannot be seen or altered. Thus, a would-be attacker can be relegated to performing full-privilege malicious actions in the unsecured REE.
Overall, the inclusion of a TEE allows for greater security, a richer operating system with greater functionality, and more secure components. Any code outside of the TEE — including the operating system — cannot compromise the integrity and confidentiality of operations within the environment. A TEE also prevents hardware-based attacks by being physically separated from the rest of the system. This means a cloud service provider can be kept out of the established trusted environment.
Trusted Execution Environment support from major players
Because it unlocks options for manufacturers, software makers, service providers, and consumers — TEEs lend themselves to a wide array of devices and IT sectors. The result has been a lot of major tech companies developing trusted solutions.
Implementation requires hardware support and there are several options available in modern processors. TrustZone technology from Arm uses a system-wide approach that features hardware-enforced isolation on the CPU. AMD’s Pro Security platform is a subsystem built into the company’s processors. Hardware support from Intel involves a collection of security instructions called Software Guard Extensions being built into some of the company’s CPUs. Apple’s approach is to use a dedicated Secure Enclave Processor to handle security keys and biometric data.
Major companies have also developed different TEE implementations. One of the biggest is Google’s Trusty, which implements a TEE for the Android operating system. Compatible with TrustZone and an open-source project, Trusty is an isolated operating system that runs in parallel and on the same processor as the Android OS.
Samsung, Qualcomm, Huawei, and others have also developed commercial implementations. These implementations must meet the standards set by an organization called GlobalPlatform.
Not a perfect security solution
Although a TEE is designed to be a robust security measure, it requires full faith in trusted applications. Not all trusted applications are without vulnerabilities, which could leave devices open to attacks. For example, vulnerabilities have been identified in TrustZone and a popular TEE used on many Samsung devices called Kinibi.
One identified vulnerability is related to the fact that some TEE systems have trusted and untrusted code running on the same hardware, creating an opening for micro-architectural attacks. Another vulnerability is related to the idea that trusted code cannot, in fact, always be trusted.
Shoring up your data privacy with TripleBlind
Simply put, TEEs are another layer of security with vulnerable attack surfaces — and not a silver bullet solution. TEEs make cyberattacks more difficult, but they are hardly 100 percent secure.
As noted above, vulnerabilities have been identified in some popular TEE implementations. When a TEE is based in hardware, patching vulnerabilities can take a lot longer than patching software-based vulnerabilities. In some situations, it may not be possible to patch the hardware.
In addition to being a superior alternative to TEEs with respect to security, the software-based TripleBlind Solution is capable of addressing other shortcomings related to data privacy.
First, TEEs do not enable digital rights on sensitive data. Data shared with a collaborator for processing could still be accessed and possibly used for unauthorized purposes. Second, TEEs do not address compliance issues related to laws like General Data Protection Regulation (GDPR) in Europe and the Health Insurance Portability and Accountability Act (HIPAA) in the U.S.
The TripleBlind Solution allows users to retain possession of their data, eliminating issues related to data residency and digital rights management. Because data remains in place, the TripleBlind Solution also simplifies compliance with privacy regulations.In addition, the TripleBlind Solution compares favorably with other privacy-enhancing technologies like homomorphic encryption and tokenization.
Perhaps most importantly, our innovative technology can significantly increase the value of data collaborations. Our technology unlocks critical business insights and medical discoveries by allowing for the increased collective computation of sensitive data. Backed by organizations like Accenture and The Mayo Clinic, The TripleBlind Solution is the most complete and scalable approach to sensitive data operations –– without violating the GDPR, PDPA, or HIPAA. It allows all participants to retain possession of sensitive data and algorithms, simplifying issues related to digital rights management and compliance.
If your company is looking to get more out of its sensitive data operations, contact us today to learn more.