FIME discusses the TEE
Stephanie El Rhomri, NFC & Payment Vendors Business Line Manager at
FIME and Chair of GlobalPlatform’s Device Compliance Program Work Group, discusses
the role of the Trusted Execution Environment (TEE) in the secure management of
applications on mobile devices and addresses the importance of promoting confidence
and stability within the marketplace.
Why is mobile security becoming increasingly significant?
Although mobile devices today host multiple applications, many of these are non-
sensitive and the personal or financial impact of any corruption to an individual would be
Today, the mobile services marketplace is starting to witness the deployment of an
increasing amount of 'secure' applications such as identity, mobile wallets or corporate
applications that operate and are executed within the device. The consequences of a
malicious party hacking an individual's smartphone to source personal or corporate data
could be serious.
And as our mobile devices become even more sophisticated, so do the hackers. It is
therefore important that we put the right security measures in place today to stop a
major breach tomorrow.
Where does the TEE come in?
Simple operating system (OS) updates of one component do not provide sufficient
security to protect these types of sensitive applications. Instead, a clearly defined and
universally agreed 'root of trust' is needed.
A 'root of trust' is created when a set of functions are trusted by all parties engaged
in the delivery of the mobile service to maintain the integrity of the service and privacy of
the consumer's data. The TEE – a secure area that resides in the main processor of a
connected device and ensures that sensitive data is stored, processed and protected in
a trusted environment – is fundamental within the root of trust.
But how does the industry ‘know’ it can trust TEE products? As they play such a vital
security role, we need to consider what can be done to achieve confidence and stability
within this marketplace.
How is GlobalPlatform facilitating TEE adoption?
GlobalPlatform has been instrumental in standardizing TEE technology. Now the
association is turning its attention to ensuring the TEE ecosystem is stable and that
products perform as expected once live in the field. As a testing provider, FIME also
recognizes that products must perform as advertised and the only way to promote
confidence is by conducting rigorous and industry approved tests.
Over the last few years, GlobalPlatform has worked to establish a functional
compliance test program, which has seen a number of products receive the
GlobalPlatform 'Qualified' mark. FIME is delighted to have played a part in this important
program with its Global Device test tool, which streamlines the testing process and has
approved a number of products on behalf of GlobalPlatform.
In addition to this activity, in 2014, GlobalPlatform published the first Trusted Execution
Environment (TEE) Protection Profile (PP). The industry recognized document,
supported by national certification bodies worldwide, identifies the security needs of the
TEE to support different market requirements. It achieves this by combining the standard
security methodology outlined by Common Criteria, with the best practice specifications
as defined by GlobalPlatform in relation to TEE architecture and interfaces.
GlobalPlatform’s TEE PP has been officially listed in the Common Criteria portal on
its website, under the
Trusted Computing category. This important milestone means that industries using TEE
technology to deliver services such as premium content and mobile wallets, or
enterprises and governments establishing secure mobility solutions, can now formally
request that TEE products are certified against this security framework. GlobalPlatform is
also developing a TEE security certification secretariat which is set to launch later this
year. This initiative will facilitate adoption for technology providers and reinforce
GlobalPlatform’s position in driving confidence in new technologies.
What has FIME been working on recently in support of the TEE?
FIME brings together a combination of security and functional testing, and services, to
support vendors in the evaluation of their products. For FIME, this approach has the
potential to truly support the TEE marketplace, and enable the technology to achieve its
full market adoption to support the delivery of trusted applications.
FIME is witnessing a real momentum within the TEE marketplace globally. Its services
are being called upon to advise and test on TEE functionality and security. We expect
this level of engagement to increase as cloud-based payments gain traction. The TEE,
therefore, could address an immediate need in today's marketplace, if we promote and
generate confidence in our standardized, secure and qualified GlobalPlatform products.