Prove & Run – TEE-based BYOD/COPE solution 1
77, avenue Niel, 75017 Paris, France
TEE-based BYOD/COPE solution for smartphones and tablets
Dominique Bolignano
Prove & Run – TEE-based BYOD/COPE solution 2
BYOD/COPE
• Need for a BYOD (Bring Your Own Device) or COPE (Corporate Owned Personally Enabled),
• Existing products are expensive, lack of user-friendliness and are often not secure enough.
• i.e. based on hardware, and/or on secure versions of Android or Linux, etc.
• Main features: • Secure mail and chat • Voice encryption • Remote administration • Vertical applications
Prove & Run – TEE-based BYOD/COPE solution 3
BYOD/COPE
• Proposed logical architecture: • An unconstrained personal zone that can updated easily • A secure professional zone • Certifiable
Android (or any rich OS)
Prove & Run – TEE-based BYOD/COPE solution 4
BYOD/COPE
• Proposed logical architecture: • An unconstrained personal zone that can updated easily • A secure professional zone • Certifiable
Android (or any rich OS)
Secure OS
Android (or any rich OS)
Prove & Run – TEE-based BYOD/COPE solution 5
BYOD/COPE
• Proposed logical architecture: • An unconstrained personal zone that can updated easily • A secure professional zone • Certifiable
Android (or any rich OS)
Secure OS
Android (or any rich OS)
Trusted Computing Base (TCB)
Prove & Run – TEE-based BYOD/COPE solution 6
Ideal Case : Flexible and Secure World
Android (or any rich OS)
ARM Cortex A
TEE
TrustZoneTM Secure World
TCB
Prove & Run – TEE-based BYOD/COPE solution 7
Ideal Case (continued)
Android (or any rich OS)
ARM Cortex A
TEE Layer (Userland)
TrustZoneTM Secure World
TEE Kernel (ProvenCoreTM)
TCB
Prove & Run – TEE-based BYOD/COPE solution 8
Using a more Traditional TEE
Android (or any rich OS)
ARM Cortex A
HyperVisor (ProvenVisor)
Android (or any rich OS)
TEE Layer (Userland)
TrustZoneTM Secure World
TEE Kernel (ProvenCoreTM)
TCB
Prove & Run – TEE-based BYOD/COPE solution 9
Alternative Case
TrustZoneTM Secure World
TEE Kernel (ProvenCoreTM)
Android (or any rich OS)
ARM Cortex A
Security services
HyperVisor (ProvenVisor)
Android (or any rich OS)
Android (or any rich OS)
Android (or any rich OS)
TCB
Prove & Run – TEE-based BYOD/COPE solution 10
Portability with containers… but less secure
Android (or any rich OS)
Hardware
TEE Layer (Userland)
TEE Kernel (ProvenCoreTM)
TCB
Prove & Run – TEE-based BYOD/COPE solution 11
Security is a serious matter
• Many think they achieve security • Just because they:
• encrypt, • sign, • use TLS, • or use a secure element.
• But security is much more than that.
Prove & Run – TEE-based BYOD/COPE solution 12
On the use of formal methods for cybersecurity • Security chain:
• Cryptographic algorithms • Cryptographic protocols • Physical attacks-resistant subsystems (e.g. secure elements) • Robustness of the Trusted Computing Base (TCB) to logical attacks
• Issues with errors and vulnerabilities, particularly in operating systems:
• An already alarming situation which is still degrading (e.g. the NIST database statistics).
Prove & Run – TEE-based BYOD/COPE solution 13
The main challenge is to secure the software • Situation on the software side needs to be improved …
• For security, every default/bug in either the architecture, design, configuration or implementation is a potential source of attack
• It is thus not possible to directly protect against attacks OSes such as iOS, Android, Linux, large RTOS ... There are issues with:
• Size of the software stack to secure • “Trusted Computing Base” (TCB) includes kernel whose size and complexity are too big
to build trust (and correctness of security properties) • A basic partial answer:
• Making weaknesses more difficult to exploit • Constraining the software
• Drawbacks: user experience and security level. • The global answer:
• Defining a security architecture with a well defined and reduced-in-scope TCB • Applying formal methods to this TCB
• Software development tools • Ability to get as close as possible to “Zero Bug”
• Ability to demonstrate security (proof and certification)
Prove & Run – TEE-based BYOD/COPE solution 14
Conclusions
• BYOD and COPE can be achieved with higher security and lower cost (same is true for IoT),
• Using secure and broadly deployed COTS
• High level certification in progress,
• Different architectures to address a fragmented phone market,
• Exploiting both the TEE technology and the TEE value chain
Prove & Run – TEE-based BYOD/COPE solution 15
THANK YOU FOR YOUR TIME QUESTIONS? Prove & Run S.A.S. [email protected] 77, avenue Niel, 75017 Paris, FRANCE