Mobile devices are offering more and more functionalities, some of which are security-critical, such as e-commerce and banking. Modern mobile OSes are usually equipped with sand- box mechanisms to prevent malicious applications illegally gaining access to sensitive data or compromising other applications.
However, modern mobile OSes, ( i.e., the Trusted Computing Base) that mobile applications rely on, are so complex that it is difficult to ensure the absence of vulnerabili- ties which hackers can exploit to gain control of OSes and then disable their sandbox mechanisms. Thus, it’s far from trivial to provide a TEE for mobile applications.
To address this problem, design of trusted systems providing TEEs for sensitive-critical application code with small TCBs is introduced. Such design can minimize potential security vulnerabilities of TCBs which help attackers to compromise systems. To this end, mainstream CPU designers and manu- factures introduce new hardware primitives to their architectures.
Intel and AMD propose the late launch technology by extending the x86 instruction set with their respective Trusted eXecution Technology (TXT) and Secure Virtual Machine (SVM)  initiatives, which allows a software module run- ning in an environment isolated from the entire OS.
Some famous trusted systems have been implemented based on the late launch technology, such as Flicker and TrustViso. ARM presents TrustZone technology, which enables secure services to run in the “secure world” of the processor. Several trusted systems for mobile devices have been implemented leveraging ARM TrustZone technology, such as Nokia’s On- board Credentials, Sierraware’s SierraTEE], and TOPPERS Project’s SafeG.
Actually, a CPU with late launch or TrustZone security extensions only provides an “isolated” execution environment, but not a “trusted” one since it can’t attest to the user or an ex- ternal verifier that the software running inside the environment is untampered and trustworthy.
At present, the state-of-the-art for attestation is to compute a signature with an attestation key over the software’s measurement, and the software’s measurement and the attestation key are securely stored by the root of trust. Thus, the root of trust provides a way to establish trust in the execution environment. So only an isolated execution environment equipped with a root of trust is a real “trusted” execution environment (TEE).
We present the design, implementation and evaluation of the root of trust for the Trusted Execution Environment (TEE) provided by ARM TrustZone based on SRAM Physical Unclonable Functions (PUFs). We first implement a building block which provides the foundations for the root of trust: secure key storage and truly random source.
The building block doesn’t require on or off-chip secure non-volatile memory to store secrets, but provides a high-level security: resistance to physical attackers capable of controlling all external interfaces of the system on chip (SoC).
Based on the building block, we build the root of trust consisting of seal/unseal primitives for secure services running in the TEE, and a software-only TPM service running in the TEE which provides rich TPM functionalities for the rich OS running in the normal world of TrustZone.
The root of trust resists software attackers capable of compromising the entire rich OS. Besides, both the building block and the root of trust run on the powerful ARM processor. In one word, we leverage the SRAM PUF, commonly available on mobile devices, to achieve a low-cost, secure, and efficient design of the root of trust.
To read more of this external content, download the complete paper from IACR.org.