Home Publications Technical Security Pitfalls in TEE Development

Security Pitfalls in TEE Development

Author: Riscure Team

The Trusted Execution Environment (TEE) is a technology, which enables developers to delegate security functions to a separate secure environment, apart from the normal execution environment. The main advantage of delegating such security functions to an isolated environment is its logical and physical separation from the Rich Execution Environment (REE) that can be prone to insecure software. TEE development has gained significant interest and is widely adopted by the payment industry, media and entertainment as well as the Internet of Things (IoT).

For example, TEEs provide three main isolation mechanisms, all of which need hardware support from the platform:

1. Separation between the TEE and REE:

This separation guarantees that the TEE’s data, code, and resources cannot be accessed by the REE. This isolation includes process execution isolation, memory isolation, I/O and peripherals (For example, control of hardware IP).

2. Separation between the TEE and TAs

This separation is required to make sure that a vulnerability in a TA, or a malicious TA, is not leveraged to attack the whole system.

3. Separation between different TAs:

This separation is similar to the previous one, but it is used to separate TAs from each other, to guarantee that a vulnerability in a TA cannot be exploited to attack other TAs.

Secure TEE development is paramount

Most modern devices including general-purpose computers, smartphones, and TVs are equipped with TEE. Secure TEE development is paramount for the secure application of the TEE technology within the automotive industry. This paper is written to support development teams, including product owners, design architects, product engineers, and security experts. Within the automotive industry, the TEE is used for applications such as In-Vehicle-Infotainment (IFI) and Advanced Driver Assistance Systems (ADAS). The automotive manufacturers are offering vehicle-related services through back-ends and mobile applications and have recognized the need to understand the technology that they rely on.

50 different TEE solutions

As the leading expert in TEE security assessments since 2011, Riscure describes the most frequent security pitfalls for TEE developers and integrators. This paper includes real-world examples for the issues we describe, based on our experience with the evaluation of over 50 different TEE solutions in the past years. Riscure also provides expert advice and best practices enabling the automotive industry to develop secure TEE based solutions, meeting the state of the art security requirements for TEE.

A lot of research has been performed in the field of TEE security. This paper is not intended to provide an exhaustive overview of such research and the cases we provide are used to illustrate the examples+ in order to enable the reader to quickly explore additional resources. For more generic software mistakes, we have provided a few examples that go beyond TEE. We finalize the paper with an outlook of the most important future TEE security topics.

Find out more about TEE development by signing in below.

Recent publications

Share This