Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Cryptography & Utilizing ARM TrustZone® based TEE for Authentication & Cryptography Ilhan Gurel September 10th & 11th, 2014.

Published byClementine Byrd Modified over 8 years ago

Similar presentations

Presentation on theme: "Web Cryptography & Utilizing ARM TrustZone® based TEE for Authentication & Cryptography Ilhan Gurel September 10th & 11th, 2014."— Presentation transcript:

1 Web Cryptography & Utilizing ARM TrustZone® based TEE for Authentication & Cryptography
Ilhan Gurel September 10th & 11th, 2014

2 Why use a TEE? Key assets exposed Key assets protected
SMART CONNECTED DEVICE Normal App TEE Enabled App (e.g. Web Apps) Isolated space for handling high value assets Trusted App Security Critical Assets API Call on Security critical Routine Trusted App - Secured Critical Assets OPERATING SYSTEM TEE ARM TrustZone® enabled SoC

3 HIGH to Software and Hardware
Where does a TEE fit? Interfaces FULL FULL ACCESS AS NEEDED RESTRICTED Processing Power HIGH LIMITED Assurance LOW Attack Resistance MEDIUM HIGH to Software and Hardware HIGH to Physical Tampering Access Control SMART CONNECTED DEVICE OPERATING SYSTEM OPERATING SYSTEM + AV HYPERVISOR TEE SMART CARD OS SECURE ELEMENT ARM TrustZone® enabled SoC

4 TEE Uses Cases DRM (Digital Rights Management) Trusted UI
Authentication Certificate based authentication, OTP,.. Handling biometric peripherals, storing and processing biometric data securely Integrity Protection & Measurement Crypto and key management Secure key derivation, random data generation. Secure access to crypto HW accelerator Crypto operations Encapsulation of key material as well as sensitive data to ensure confidentiality and integrity Secure storage, rollback protection and more..

5 Android KitKat Keymaster as an example
Android KitKat keymaster utilizes TEE for crypto operations and key management RSA, DSA and ECDSA algorithms supported Key generation, sign, verify, import key data, get public key operations TEE specific HW module can be installed and it allows using TEE applications for the required functionality Abstract APIs Isolation of key material between client applications

6 Trustonic’s position ARM TrustZone® based TEE solutions
allow easy and cost effective deployment of TEE applications already available on millions of devices (Trustonic TEE solutions is currently running on ~250 million device the number is growing) also spreading to desktops and laptops with the adoption of ARMv8 based SoCs and ARM based AMD platform security processor (PSP) technology already being used for various uses cases as described earlier

7 Trustonic’s position (cont’d)
The solution to be adopted by W3C should be based on the use of standard JavaScript APIs and/or HTML tags have abstraction layer for low level implementations that allows the usage of TEE/SE modules allow Web applications to chose and use TEE/SE applications for crypto operations, key management as well as authentication allow checking and installing TEE/SE applications from Web applications

Download ppt "Web Cryptography & Utilizing ARM TrustZone® based TEE for Authentication & Cryptography Ilhan Gurel September 10th & 11th, 2014."

Similar presentations

Innovation Towards a next generation secure internet Private Application Ecosystems Sanjay Deshpande CEO and Chief Innovation Officer Center.

Innovation Towards a next generation secure internet Private Application Ecosystems Sanjay Deshpande CEO and Chief Innovation Officer Center.
SafeNet Luna XML Hardware Security Module

SafeNet Luna XML Hardware Security Module
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
9/11/2012Pomcor 1 Techniques for Implementing Derived Credentials Francisco Corella Karen Lewison Pomcor (http://pomcor.com/)

9/11/2012Pomcor 1 Techniques for Implementing Derived Credentials Francisco Corella Karen Lewison Pomcor (
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.

Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.
1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems.

1 Jeremy Wyant W3C DRM Workshop 23 January 2001 Establishing Security Requirements For DRM Enabled Systems.
Hardware-Rooted Security in Mobile Devices Andrew Regenscheid Lead, Hardware-Rooted Security Computer Security Division.

Hardware-Rooted Security in Mobile Devices Andrew Regenscheid Lead, Hardware-Rooted Security Computer Security Division.
Dongyan Wang GlobalPlatform Technical Program Manager

Dongyan Wang GlobalPlatform Technical Program Manager
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.

Mobile Mobile OS and Application Team: Kwok Tak Chi Law Tsz Hin So Ting Wai.
User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.

User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Similar presentations

Ads by Google