MultiTEE: Distributing Trusted Execution Environments
Authors: 
Simon Ott, Benjamin Orthen, Alexander Weidinger, Julian Horsch, Vijayanand Nayani, Jan-Erik EkbergAuthors Info & Claims
Simon Ott, Benjamin Orthen, Alexander Weidinger, Julian Horsch, Vijayanand Nayani, Jan-Erik EkbergAuthors Info & ClaimsPages 1617 - 1629
Abstract
The adoption of wearable technologies, such as smartwatches or wristbands, is rising. End-users expect to use all of their devices in an interconnected and seamless manner to conduct digital transactions, e.g., to pay or identify via their smartwatches, and not only via their smartphones. As sensitive transactions are usually protected by hardware-enforced isolation mechanisms, such as Trusted Execution Environments (TEEs), this brings new challenges of interconnecting TEEs to collaboratively conduct such transactions. We therefore propose MultiTEE, a distributed TEE architecture for heterogeneous device clusters, enabling secure data exchange and cooperation between TEEs. MultiTEE relies on lightweight, secure channels between TEEs, combined with remote attestation for the integrity verification of software stacks, as well as a memory-safe implementation. This enables an interface between Trusted Applications (TAs) of the distributed TEE similar to the interfaces of classic, single device TEEs. To demonstrate the feasibility of our solution, we built a Proof of Concept (PoC), partially implementing the upcoming European Digital Identity (EUDI) wallet to show the usage of heterogeneous device clusters for electronic identification. We evaluate our solution regarding performance and security.
References
[1]
Android Open Source Project (AOSP). 2023. Trusty TEE. Retrieved March 23, 2023 from https://source.android.com/docs/security/features/trusty
[2]
ARM. 2018. Trusted Board Boot Requirements CLIENT (TBBR-CLIENT) Armv8-A.
[3]
ARM Limited. 2017. TrustZone technology for the ARMv8-M architecture.
[4]
Arm Limited. 2019. Arm TrustZone Technology. https://developer.arm.com/ip-products/security-ip/trustzone.
[5]
Maurice Bailleu, Dimitra Giantsidi, Vasilis Gavrielatos, Do Le Quoc, Vijay Nagarajan, and Pramod Bhatotia. 2021. Avocado: A Secure In-Memory Distributed Storage System. In USENIX Annual Technical Conference. The Usenix Association, Virtual Conference, 65--79.
[6]
Philippe Boos and Marc Lacoste. 2020. Networks of trusted execution environments for data protection in cooperative vehicular systems. In Vehicular Ad-hoc Networks for Smart Cities. Springer, 99--109.
[7]
Marcus Brandenburger, Christian Cachin, Rüdiger Kapitza, and Alessandro Sorniotti. 2018. Blockchain and trusted computing: Problems, pitfalls, and a solution for hyperledger fabric. arXiv preprint arXiv:1805.08541 (2018).
[8]
Marcus Brandenburger, Christian Cachin, Rüdiger Kapitza, and Alessandro Sorniotti. 2019. Trusted computing meets blockchain: Rollback attacks and a solution for hyperledger fabric. In 2019 38th Symposium on Reliable Distributed Systems (SRDS). IEEE, Lyon, France, 324--32409.
[9]
European Commission. 2021. Digital Identity for all Europeans. Retrieved May 4, 2023 from https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/european-digital-identity_en
[10]
World Wide Web Consortium et al. 2019. Verifiable credentials data model 1.0: expressing verifiable information on the web. Retrieved May 11, 2023 from https://www.w3.org/TR/vc-data-model/?#core-data-model
[11]
Danny Dolev and Andrew Yao. 1983. On the security of public key protocols. IEEE Transactions on information theory 29, 2 (1983), 198--208.
[12]
Jason A Donenfeld. 2017. Wireguard: next generation kernel network tunnel. In NDSS. San Diego, CA, USA, 1--12.
[13]
Jan-Erik Ekberg, Kari Kostiainen, and N. Asokan. 2014. The Untapped Potential of Trusted Execution Environments on Mobile Devices. IEEE Security & Privacy 12, 4 (2014), 29--37.
[14]
Linux Foundation. 2023. Yocto Project. Retrieved May 15, 2023 from https://www.yoctoproject.org/
[15]
Linux Foundation. 2023. Zephyr Project. Retrieved May 15, 2023 from https://zephyrproject.org/
[16]
Dimitra Giantsidi, Maurice Bailleu, Natacha Crooks, and Pramod Bhatotia. 2022. Treaty: Secure Distributed Transactions. In 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, IEEE/IFIP, Maryland, MD, USA, 14--27.
[17]
GlobalPlatform. 2019. TEE Internal Core API Specification, Version 1.2.1. https://globalplatform.org/specs-library/tee-internal-core-api-specification-v1-2/
[18]
GlobalPlatform. 2020. TEE Protection Profile v1.3 | GPD_SPE_021. https://globalplatform.org/specs-library/tee-protection-profile-v1-3/.
[19]
GlobalPlatform. 2022. TEE System Architecture v1.3 | GPD_SPE_009. https://globalplatform.org/specs-library/tee-system-architecture/.
[20]
Trusted Computing Group. 2019. Trusted Platform Module 2.0: A Brief Introduction.
[21]
Tony Hansen and Donald E. Eastlake 3rd. 2011. US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF). RFC 6234.
[22]
ARM Holding. 2009. ARM Security Technology, Building a Secure System using TrustZone Technology.
[23]
International Data Corporation (IDC). 2021. Worldwide Quarterly Wearable Device Tracker.
[24]
Jinsoo Jang and Brent Byunghoon Kang. 2019. Securing a communication channel for the trusted execution environment. computers & security 83 (2019), 79--92.
[25]
Jin Soo Jang, Sunjune Kong, Minsu Kim, Daegyeong Kim, and Brent Byunghoon Kang. 2015. Secret: Secure channel between rich execution environment and trusted execution environment. In NDSS. 1--15.
[26]
Nadim Kobeissi, Georgio Nicolas, and Karthikeyan Bhargavan. 2018. Noise Explorer: Fully Automated Modeling and Verification for Arbitrary Noise Protocols. Cryptology ePrint Archive, Paper 2018/766. https://eprint.iacr.org/2018/766 https://eprint.iacr.org/2018/766.
[27]
Nadim Kobeissi, Georgio Nicolas, and Karthikeyan Bhargavan. 2019. Noise Explorer: Fully automated modeling and verification for arbitrary Noise protocols. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 356--370.
[28]
Adam Langley, Mike Hamburg, and Sean Turner. 2016. Elliptic Curves for Security. RFC 7748.
[29]
Arm Limited. 2023. Trusted Firmware-A. Retrieved May 15, 2023 from https://github.com/ARM-software/arm-trusted-firmware
[30]
Arm Limited. 2023. Trusted Firmware-M. Retrieved May 15, 2023 from https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/
[31]
Joshua Lind, Ittay Eyal, Peter Pietzuch, and Emin Gün Sirer. 2016. Teechan: Payment channels using trusted execution environments. arXiv preprint arXiv:1612.07766 (2016), 1--14.
[32]
Nicholas D Matsakis and Felix S Klock. 2014. The Rust Language. ACM SIGAda Ada Letters 34, 3 (2014), 103--104.
[33]
mcu tools. 2023. MCUBoot boodloader. Retrieved May 15, 2023 from https://github.com/mcu-tools/mcuboot
[34]
Antonio Muñoz, Ruben Ríos, Rodrigo Román, and Javier López. 2023. A survey on the (in)security of trusted execution environments. Computers & Security 129 (2023), 103180.
[35]
Arto Niemi, Vasile Adrian Bogdan Pop, and Jan-Erik Ekberg. 2021. Trusted Sockets Layer: A TLS 1.3 based trusted channel protocol. In Nordic Conference on Secure IT Systems. Springer, Springer, 175--191.
[36]
Yoav Nir. 2015. ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec. RFC 7634.
[37]
Yoav Nir and Simon Josefsson. 2016. Curve25519 and Curve448 for the Internet Key Exchange Protocol Version 2 (IKEv2) Key Agreement. RFC 8031.
[38]
Yoav Nir and Adam Langley. 2015. ChaCha20 and Poly1305 for IETF Protocols. RFC 7539.
[39]
Simon Ott, Monika Kamhuber, Joana Pecholt, and Sascha Wessel. 2023. Universal Remote Attestation for Cloud and Edge Platforms (ARES '23). Association for Computing Machinery, New York, NY, USA, Article 12, 11 pages.
[40]
Florian Otterbein, Tim Ohlendorf, and Marian Margraf. 2017. The german eID as an authentication token on android devices. arXiv preprint arXiv:1701.04013 (2017).
[41]
Trevor Perrin. 2018. The Noise Protocol Framework. https://noiseprotocol.org/noise.html
[42]
Sandro Pinto and Nuno Santos. 2019. Demystifying arm trustzone: A comprehensive survey. ACM computing surveys (CSUR) 51, 6 (2019), 1--36.
[43]
Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446.
[44]
Grand View Research. 2022. Wearable Technology Market Size, Share & Trends Analysis Report By Product (Head & Eyewear, Wristwear), By Application (Consumer Electronics, Healthcare), By Region (Asia Pacific, Europe), And Segment Forecasts, 2023 - 2030.
[45]
Microsoft Research. 2023. Firmware Trusted Platform Module (fTPM). Retrieved Jul 28, 2023 from https://github.com/microsoft/MSRSec/blob/master/TAs/optee_ta/fTPM/README.md
[46]
Samsung. 2015. Android security maximized by Samsung KNOX. Retrieved December 6, 2023 from https://kp-cdn.samsungknox.com/2f2fff7938aaf9a7dcf7a9e7ccd0446f.pdf
[47]
Carlton Shepherd, Raja Naeem Akram, and Konstantinos Markantonakis. 2017. Establishing mutually trusted channels for remote sensing devices with trusted execution environments. In Proceedings of the 12th International Conference on Availability, Reliability and Security. 1--10.
[48]
Sandeep Tamrakar, Jan-Erik Ekberg, Pekka Laitinen, N Asokan, and Tuomas Aura. 2011. Can hand-held computers still be better smart cards?. In Trusted Systems: Second International Conference, INTRUST 2010, Beijing, China, December 13-15, 2010, Revised Selected Papers 2. Springer, 200--218.
[49]
Trusted Computing Group. 2018. Implicit Identity Based Device Attestation.
[50]
Trusted Computing Group. 2019. Trusted Platform Module Library.
[51]
TrustedFirmware.org. 2023. OP-TEE Trusted OS. Retrieved May 15, 2023 from https://github.com/OP-TEE/optee_os
[52]
Paul Georg Wagner, Pascal Birnstill, and Jürgen Beyerer. 2020. Establishing secure communication channels using remote attestation with TPM 2.0. In International Workshop on Security and Trust Management. Springer, 73--89.
[53]
DENX Software Engineering Wolfgang Denk. 2023. U-Boot bootloader. Retrieved May 15, 2023 from https://github.com/u-boot/u-boot
Index Terms
- MultiTEE: Distributing Trusted Execution Environments
Recommendations
Remote Attestation Assurance Arguments for Trusted Execution Environments
SaT-CPS '23: Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical SystemsRemote attestation (RA) is emerging as an important security mechanism for cyber-physical systems with strict security requirements. Trusted computing at large and Trusted Execution Environments (TEEs) in particular have been identified as key ...
Trusted execution environments on mobile devices
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityA trusted execution environment (TEE) is a secure processing environment that is isolated from the normal processing environment where the device operating system and applications run. The first mobile phones with hardware-based TEEs appeared almost a ...
Establishing Mutually Trusted Channels for Remote Sensing Devices with Trusted Execution Environments
ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and SecurityRemote and largely unattended sensing devices are being deployed rapidly in sensitive environments, such as healthcare, in the home, and on corporate premises. A major challenge, however, is trusting data from such devices to inform critical decision-...
Comments
Information & Contributors
Information
Published In
July 2024
1987 pages
ISBN:9798400704826
DOI:10.1145/3634737
- Chair:
- Jianying Zhou,
- Co-chair:
- Tony Q. S. Quek,
- Program Chairs:
- Debin Gao,
- Alvaro Cardenas
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 July 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
ASIA CCS '24
Sponsor:
ASIA CCS '24: 19th ACM Asia Conference on Computer and Communications Security
July 1 - 5, 2024
Singapore, Singapore
Acceptance Rates
Overall Acceptance Rate 418 of 2,322 submissions, 18%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 573Total Downloads
- Downloads (Last 12 months)573
- Downloads (Last 6 weeks)136
Reflects downloads up to 31 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in