“There is an obvious need to trust the TEE to ensure service providers have the confidence and infrastructure to successfully and securely deliver mobile services to end-users,” explains GlobalPlatform’s Technical Director, Gil Bernabeu. “It is important to remember that end-users will have just one smartphone which must be able to support all the services that they select. This means that the TEE – regardless of manufacturer – must sufficiently meet the technical and business requirements of different markets and mobile services stakeholders. The GlobalPlatform TEE PP offers a ubiquitous security baseline that brings clarity, consistency and structure to the mobile environment. This in turn supports commercial efficiencies and product interoperability.”
The GlobalPlatform TEE PP specifies the typical threats a TEE needs to withstand, the security objectives that are to be met in order to counter these threats and the security functional requirements that a TEE will have to comply with in order to meet these security objectives. A security assurance level of EAL2+ has been selected; the focus is on vulnerabilities that are subject to widespread, software-based exploitation.
Gil adds: “It is important that the TEE offers security that allows service providers to develop convenient, secure services that enhance end-user experiences without necessitating additional authentication requirements. The next step is to incorporate the security requirements of the recently released GlobalPlatform Trusted User Interface Specification within the TEE PP. We also need to establish how TEE certification will be managed. Part of our current work is to engage stakeholders globally to facilitate technical dialogue and identify scalable security practices within the TEE community.”
Download the Trusted Execution Environment (TEE) Protection Profile (PP)
