What is TEE(Trusted Execution Environment)?

What is a Trusted Execution Environment (TEE)?
A Trusted Execution Environment creates an isolated environment, sealed off from other applications and data, for the protected execution of applications or the storage of data that requires protection. The environment can be implemented on the main processor, a dedicated processor, or a special chip. Common application areas are smartphones. For example, in some devices, biometric credentials such as fingerprints are securely stored in a TEE.

What is a Trusted Execution Environment (TEE)?

The abbreviation TEE stands for Trusted Execution Environment. It is a trusted runtime environment that is an implementation variant of the trusted computing concept. A Trusted Execution Environment can be implemented on the main processor, a separate processor, or a special chip.

Within the TEE, certain applications, also known as trusted applications (TAs), can be executed or data requiring special protection can be stored securely.

Unauthorized access to the data, the TEE working memory, or protected applications is not possible. The TEE is more secure than the Rich Operating System Execution Environment (REE), which runs the normal operating system applications. Usually, a Trusted Execution Environment is separated from the other processor areas in terms of hardware and equipped with its own firmware. The range of functions compared to the normal operating system is significantly restricted and limited to security-relevant functions.

READ:  What is a Web Application Firewall?

Trusted Execution Environments are often found in devices such as smartphones, tablets, IoT devices, or set-top boxes. There, they protect credentials, identities, cryptographic keys, digital copyrighted media, or biometric data and prevent the execution of unauthorized applications. Numerous hardware manufacturers offer trusted-execution-environment solutions. These manufacturers include Apple, ARM, AMD, Intel, and IBM.

Trusted Execution Environment – How it works

A TEE is separated from the REE (Rich Operating System Execution Environment). Exactly how this separation is realized varies from implementation to implementation. The trusted environment uses the hardware and software of the device but prevents unauthorized access to protected data and the execution of unauthorized applications. It is a secure storage and processor location. Private keys stored in the TEE cannot be read without authorization.

They use cryptographic functions to ensure that only authorized code can be executed. TEEs also provide other services such as secure access to peripheral devices or protected and encrypted communication with other components.

Trusted Execution Environment – areas of application

Trusted Execution Environment is used in numerous devices such as smartphones, tablets, IoT devices, televisions or set-top boxes. Typical application areas include digital rights management (DRM), secure execution of online transactions, storing identities and credentials, or storing biometric data such as fingerprints. For example, a TEE can be used in combination with NFC functions for secure, contactless payment.

READ:  What is an NGFW? Basics of the Next Generation Firewall (NGFW)!

The Trusted Execution Environment provides a specially protected user interface for these processes. It prevents data such as PINs, passwords, or biometric data from being exposed to the risk of unauthorized access.

Trusted Execution Environment – Advantages

A Trusted Execution Environment offers numerous advantages. Typical advantages are:

  • Secure storage of sensitive data such as credentials, identities, private keys, biometric data
  • Execution of only allowed applications
  • Higher security compared to REE
  • No additional security hardware like smartcards necessary
  • Realization of convenient authentication and payment methods