Trusted Execution Environment and Host Card Emulation

Abstract

Over the years, mobile devices have become increasingly sophisticated in terms of their features and the use cases they operate. This rise in sophistication poses a major security threat because it increases the attack surface of mobile devices. Consequently, the challenge from a security point of view is to offer security assurances for applications and services hosted on these devices. In this regard, a Trusted Execution Environment (TEE) as a technology provides an execution and storage platform on the device, which is isolated from the rest of the operating system and other applications, and is intended to be trustworthy. This provides security assurances in terms of the confidentiality and integrity for applications and their related data, running on the TEE. In this chapter, we explore what constitutes a TEE and the various security features a TEE is expected to provide. We also highlight standardisation efforts relating to TEEs. Example implementations of TEEs are contrasted along with Host Card Emulation (HCE) used in Near-Field Communication (NFC). NFC card emulation has traditionally relied on a TEE in the form of tamper-resistant Secure Element (SE) chip, whereas HCE allows an application on the host CPU of the mobile device to emulate a smart card. HCE introduces new security risks and this chapter considers how these can be managed to an acceptable level.