A Trusted Execution Environment (TEE) is a secure area within a computer system or mobile device that ensures the confidentiality and integrity of data and processes that are executed inside it. The TEE is isolated and protected from the main operating system and other software applications, which prevents them from accessing or interfering with the data and processes within the TEE. The TEE is typically used for security-sensitive operations, such as secure storage of cryptographic keys, biometric authentication, and secure mobile payments. The TEE provides a high level of assurance that sensitive data and processes remain secure and tamper-proof, even if the main operating system or other software components are compromised.
How a Trusted Execution Environment Works
Trusted Execution Environments are established at the hardware level, which means that they are partitioned and isolated, complete with busses, peripherals, interrupts, memory regions, etc. TEEs run their instance of an operating system known as Trusted OS, and the apps allowed to run in this isolated environment are referred to as Trusted Applications (TA). Untrusted apps run on an open part of the larger operating system referred to as the Rich Execution Environment (REE).
A trusted application has access to the full performance of the device despite operating in an isolated environment, and it is protected from all other applications. Data is usually encrypted in storage and transit and is only decrypted when it’s in the TEE for processing. The CPU blocks access to the TEE by all untrusted apps, regardless of the privileges of the entities requesting access.
To enhance security, two trusted applications running in the TEE also do not have access to each other’s data as they are separated through software and cryptographic functions.
Benefits of Trusted Execution Environment
TEE offers several benefits that include:
- Data Integrity & Confidentiality: Your organization can use TEE to ensure data accuracy, consistency, and privacy as no third party will have access to the data when it’s unencrypted.
- Code Integrity: TEE helps implement code integrity policies as your code is authenticated every time before it’s loaded into memory.
- Secure Collaboration: When used in conjunction with other PETs such as federated learning (FL), multiparty computation (MPC) or fully homomorphic encryption (FHE), TEE allows organizations to securely collaborate without having to trust each other by providing a secure environment where code can be tested without being directly exported. This allows you to gain more value from your sensitive data.
- Simplified Compliance: TEE provides an easy way to achieve compliance as sensitive data is not exposed, hardware requirements that may be present are met, and the technology is pre-installed on devices such as smartphones and PCs.
TEE has several major limitations as compared to software-focused privacy technologies, particularly around the financial burden of acquiring and deploying the technology, retrofitting existing solutions to use TEEs and the challenges of vendor-lock-in. In short, TEEs are inherently a hardware solution, implying that they need to be purchased, physically delivered, installed and maintained, in addition to this, special software is needed to run on them. This is a much higher “conversion” burden than software-only privacy technologies. Also, once the TEEs are installed, they need to be maintained. There is little commonality between the various TEE vendors’ solutions, and this implies vendor lock-in. If a major vendor were to stop supporting a specific architecture or, if worse, a hardware design flaw were to be found in a specific vendor’s solution, then a completely new and expensive solution stack would need to be designed, installed and integrated at great cost to the users of the technologies.
In addition to the lifecycle costs, TEE technology is not foolproof as it has its own attack vectors both in the TEE Operating System and in the Trusted Apps (they still involve many lines of code). This has been proven through several lab tests, with Quarkslab successfully exploiting a vulnerability in Kinibi, a TrustZone-based TEE used on some Samsung devices, to obtain code execution in monitor mode.