Introduction to Cryptographic Techniques: Trusted Execution Environment

Hardware-based protection of data in use that can be applied anywhere

By: Betty Ann Bryanton, Canada Revenue Agency

Introduction

The increasing popularity of connected devices and the prevalence of technologies, such as cloud, mobile computing, and the Internet of Things (IoT), has strained existing security capabilities and exposed "gaps in data security" (Lowans, 2020). Organizations that handle Personally Identifiable Information (PII) must "mitigate threats that target the confidentiality and integrity of either the application, or the data in system memory" (The Confidential Computing Consortium, 2021).

As a result, Gartner predicts, "by 2025, 50% of large organizations will adopt privacy-enhancing computation (PEC)Footnote1 for processing data in untrusted environmentsFootnote2 and multiparty data analytics use cases" (Gartner, 2020). Of the several PEC techniques, Trusted Execution Environment is the only one that relies on hardware to accomplish its privacy-enhancing goal.

What is a Trusted Execution Environment?

A Trusted Execution Environment (TEE), or Secure Enclave as they are sometimes known, is an environment built with special hardware modules that allows for a secure area inside the device. This isolated environment runs in parallel with the operating system (OS). Input is passed into the TEE and computation is performed within the TEE ('secure world'), thereby protected from the rest of the untrusted system ('normal world'). These secure and isolated environments protect content confidentiality and integrity, preventing unauthorizedFootnote3 access to, or modification of, applications and data while in use.

The term 'confidential computing' is often used synonymously with TEE; they are related, but distinct. As per the Confidential Computing Consortium (CCC),Footnote4 confidential computing is enabled by the TEE; further, confidential computing provided by the hardware-based TEE is independent of topographical location (no mention of cloud, a user's device, etc.), processors (a regular processor or a separate one), or isolation techniques (e.g., whether encryption is used).

Why is hardware necessary?

"Security is only as strong as the layers below it, since security in any layer of the compute stack could potentially be circumvented by a breach at an underlying layer" (The Confidential Computing Consortium, 2021). By moving security to its lowest silicon level, this reduces potential compromise since it minimizes dependencies higher in the stack (e.g., from the OS, peripherals, and their administrators and vendors).

Why is it important?

Using a TEE allows a massive range of functionality to be provided to the user, while still meeting the requirements of privacy and confidentiality, without risking data when it is decrypted during processing. This allows users to secure intellectual property and ensure that PII is inaccessible. This protects against insider threats, attackers running malicious code, or unknown cloud providers. As such, TEEs represent a crucial layer in a layered security approach (aka defense-in-depth) and "have the potential to significantly boost the security of systems" (Lindell, 2020).

Uses

A TEE "can be applied anywhere including public cloud servers, on-premises servers, gateways, IoT devices, EdgeFootnote5 deployments, user devices, etc." (The Confidential Computing Consortium, 2021).

As per Confidential Computing: Hardware-Based Trusted Execution for Applications and Data, below is a summary of possible use cases for a TEE.

  • Keys, secrets, credentials, tokens: These high-value assets are the 'keys to the kingdom.' Historically, the storage and processing of these assets required an on-premises hardware security module (HSM), but within TEEs, applications to manage these assets can provide security comparable to a traditional HSM.
  • Multi-party computing: TEEs allow organizations, such as those offering financial services or healthcare, to take advantage of shared data (e.g., federated analytics) without compromising the data sources.
  • Mobile, personal computing, and IoT devices: Device manufacturers or application developers include TEEs to provide assurances that personal data is not observable during sharing or processing.
  • Point of sale devices / payment processing: To protect user-entered information, such as a PIN, the input from the number pad is only readable by code within the device's hardware-based TEE, thereby ensuring it cannot be read or attacked by malicious software that may exist on the device.

Benefits

  • Controlled environment: Since the TEE runs on specialized hardware, it is controlled, and it prevents eavesdropping while encrypted data is decrypted.
  • Privacy: It is possible to encrypt PII in a database; however, to process the data, it must be decrypted, at which point it is vulnerable to any attacker and to insider threats. If the data is only ever decrypted and processed inside the TEE, it is isolated from unauthorized users, thereby safeguarding data privacy.
  • Speed: Since the TEE is a secure enclave already, code or data may exist in unencrypted form in the TEE. If so, "this allows execution within the TEE to be much faster than execution tied to complex cryptography" (Choi & Butler, 2019).
  • Trust: Since the data in the TEE is not obfuscated (as in some of the other PEC techniques), this provides a comfort level that the computation and its results are correct, i.e., not having errors introduced by the obfuscation techniques.
  • Separation of concerns: As there are two distinct environments, there is a separation of workload and data administered and owned by the 'normal world' versus workload and data isolated in the 'secure world.' This protects against insider threats and potentially corrupt workloads running on the same device.
  • Decryption: If the data is encrypted in the TEE, it must be decrypted for processing; however, that decryption benefits by being contained within a tightly controlled space.

Challenges

  • Implementation: Implementation is challenging and requires customized knowledge and expertise, whether building the entire secure OS from scratch, employing a trusted OS from a commercial vendor, or implementing emerging components such as Software Development Kits (SDKs), libraries, or utilities.
  • Lack of standardization: Not all TEEs offer the same security guarantees or the same requirements for integration with existing and new code.
  • Design specification: It is the TEE developer's responsibility to ensure secure TEE design. Mere existence of a TEE is not enough.
  • Lock-in: There is potential for lock-in and dependencies with hardware vendors, TEE developers, or proprietary processing (due to lack of standardization).
  • Not bullet proof: There is the possibility for side-channel attacksFootnote6, vulnerable application code, or hardware-based security vulnerabilities, e.g., in the hardware chip, which can make the whole security model collapse.
  • Performance and cost: In comparison to setup and processing in a 'normal world', using a TEE ('secure world') negatively impacts performance and will cost more.

What's possible now?

TEEs are provided by solutions such as Intel's Software Guard eXtensions (SGX) or ARM's TrustZone; via hardware vendor Software Development Kits (SDKs); or with abstraction layers (e.g., Google's Asylo) that eliminate the requirement to code explicitly for a TEE.

Many cloud vendors (e.g., Alibaba, Microsoft, IBM, and Oracle) are now providing TEE capabilities as a dedicated low-level service aligned with their computation offerings. However, due to lack of standardization, the specifications offered by cloud vendors should be closely examined to ensure they meet the organization's desired privacy and security requirements (Fritsch, Bartley, & Ni, 2020).

What's next?

While protecting sensitive data poses significant architecture, governance, and technology challenges, using a TEE may provide a starting point for an alternative means of enhancing security from the lowest level.

However, a TEE is not plug-and-play; it is a technically challenging mechanism that "should be reserved for the highest-risk use cases" (Lowans, 2020). Nonetheless, "it is certainly harder to steal secrets from inside [a secured TEE than from the unsecured 'normal world']. It makes the attacker's job harder, and that is always a good thing" (Lindell, 2020).

Related Topics

Homomorphic Encryption, Secure Multiparty Computation, differential privacy, data anonymization, Trusted Platform Module.

Meet the Data Scientist

Register for the Data Science Network's Meet the Data Scientist Presentation

If you have any questions about my article or would like to discuss this further, I invite you to Meet the Data Scientist, an event where authors meet the readers, present their topic and discuss their findings.

Register for the Meet the Data Scientist event. We hope to see you there!

MS Teams – link will be provided to the registrants by email

Subscribe to the Data Science Network for the Federal Public Service newsletter to keep up with the latest data science news.

References

Date modified: