Prove & Run – TEE-based BYOD/COPE solution 1

77, avenue Niel, 75017 Paris, France

contact@provenrun.com

TEE-based BYOD/COPE solution for smartphones and tablets

Dominique Bolignano

Prove & Run – TEE-based BYOD/COPE solution 2

BYOD/COPE

•  Need for a BYOD (Bring Your Own Device) or COPE (Corporate Owned Personally Enabled),

•  Existing products are expensive, lack of user-friendliness and are often not secure enough.

•  i.e. based on hardware, and/or on secure versions of Android or Linux, etc.

•  Main features: •  Secure mail and chat •  Voice encryption •  Remote administration •  Vertical applications

Prove & Run – TEE-based BYOD/COPE solution 3

BYOD/COPE

•  Proposed logical architecture: •  An unconstrained personal zone that can updated easily •  A secure professional zone •  Certifiable

             

                                       

Android  (or  any  rich  OS)  

Prove & Run – TEE-based BYOD/COPE solution 4

BYOD/COPE

•  Proposed logical architecture: •  An unconstrained personal zone that can updated easily •  A secure professional zone •  Certifiable

             

                                       

Android  (or  any  rich  OS)  

Secure OS

             

                                       

Android  (or  any  rich  OS)  

Prove & Run – TEE-based BYOD/COPE solution 5

BYOD/COPE

•  Proposed logical architecture: •  An unconstrained personal zone that can updated easily •  A secure professional zone •  Certifiable

             

                                       

Android  (or  any  rich  OS)  

Secure OS

             

                                       

Android  (or  any  rich  OS)  

Trusted Computing Base (TCB)

Prove & Run – TEE-based BYOD/COPE solution 6

Ideal Case : Flexible and Secure World

             

                                       

Android  (or  any  rich  OS)  

ARM Cortex A

TEE

TrustZoneTM  Secure  World  

TCB

Prove & Run – TEE-based BYOD/COPE solution 7

Ideal Case (continued)

             

                                       

Android  (or  any  rich  OS)  

ARM Cortex A

TEE Layer (Userland)

TrustZoneTM  Secure  World  

TEE Kernel (ProvenCoreTM)

TCB

Prove & Run – TEE-based BYOD/COPE solution 8

Using a more Traditional TEE

             

                                       Android  (or  any  rich  OS)  

ARM Cortex A

HyperVisor (ProvenVisor)

Android  (or  any  rich  OS)  

TEE Layer (Userland)

TrustZoneTM  Secure  World  

TEE Kernel (ProvenCoreTM)

TCB

Prove & Run – TEE-based BYOD/COPE solution 9

Alternative Case

             

                                       

TrustZoneTM  Secure  World  

TEE Kernel (ProvenCoreTM)

Android  (or  any  rich  OS)  

ARM Cortex A

Security  services  

HyperVisor (ProvenVisor)

Android  (or  any  rich  OS)  

Android  (or  any  rich  OS)  

Android  (or  any  rich  OS)  

TCB

Prove & Run – TEE-based BYOD/COPE solution 10

Portability with containers… but less secure

             

                                       

Android  (or  any  rich  OS)  

Hardware

TEE Layer (Userland)

TEE Kernel (ProvenCoreTM)

TCB

Prove & Run – TEE-based BYOD/COPE solution 11

Security is a serious matter

•  Many think they achieve security •  Just because they:

•  encrypt, •  sign, •  use TLS, •  or use a secure element.

•  But security is much more than that.

Prove & Run – TEE-based BYOD/COPE solution 12

On the use of formal methods for cybersecurity •  Security chain:

•  Cryptographic algorithms •  Cryptographic protocols •  Physical attacks-resistant subsystems (e.g. secure elements) •  Robustness of the Trusted Computing Base (TCB) to logical attacks

•  Issues with errors and vulnerabilities, particularly in operating systems:

•  An already alarming situation which is still degrading (e.g. the NIST database statistics).

Prove & Run – TEE-based BYOD/COPE solution 13

The main challenge is to secure the software •  Situation on the software side needs to be improved …

•  For security, every default/bug in either the architecture, design, configuration or implementation is a potential source of attack

•  It is thus not possible to directly protect against attacks OSes such as iOS, Android, Linux, large RTOS ... There are issues with:

•  Size of the software stack to secure •  “Trusted Computing Base” (TCB) includes kernel whose size and complexity are too big

to build trust (and correctness of security properties) •  A basic partial answer:

•  Making weaknesses more difficult to exploit •  Constraining the software

•  Drawbacks: user experience and security level. •  The global answer:

•  Defining a security architecture with a well defined and reduced-in-scope TCB •  Applying formal methods to this TCB

•  Software development tools •  Ability to get as close as possible to “Zero Bug”

•  Ability to demonstrate security (proof and certification)

Prove & Run – TEE-based BYOD/COPE solution 14

Conclusions

•  BYOD and COPE can be achieved with higher security and lower cost (same is true for IoT),

•  Using secure and broadly deployed COTS

•  High level certification in progress,

•  Different architectures to address a fragmented phone market,

•  Exploiting both the TEE technology and the TEE value chain

Prove & Run – TEE-based BYOD/COPE solution 15

THANK YOU FOR YOUR TIME QUESTIONS? Prove & Run S.A.S. dominique.bolignano@provenrun.com 77, avenue Niel, 75017 Paris, FRANCE