Security Pitfalls in TEE Development

The Trusted Execution Environment (TEE) is a technology which enables developers to delegate security functions to a separate secure environment, apart from the normal execution environment. The main advantage of delegating such security functions to an isolated environment such as TEE is its logical and physical separation from the Rich Execution Environment (REE) that can be prone to insecure software. TEE has gained significant interest and is widely adopted by the payment industry, media, and entertainment, as well as the Internet of Things (IoT). Most modern devices including general-purpose computers, smartphones, and TVs are equipped with TEE.

Developing secure TEEs is paramount for the secure application of the TEE technology within the automotive industry. This paper is written to support development teams, including product owners, design architects, product engineers, and security experts. The automotive manufacturers are offering vehicle-related services through back-ends and mobile applications and have recognized the need to understand the technology that they rely on.

Keysight describes the most frequent security pitfalls for TEE developers and integrators. This paper includes real-world examples for the issues we describe, based on our experience with the evaluation of over 50 different TEE solutions in the past years. Keysight also provides expert advice and best practices enabling the automotive industry to develop secure TEE-based solutions, meeting the state-of-the-art security requirements for TEE.

A lot of research has been performed in the field of TEE security. This paper is not intended to provide an exhaustive overview of such research. The cases we provide are used to illustrate the examples in order to enable you to quickly explore additional resources. For more generic software mistakes, we have provided a few examples that go beyond TEE. We finalize the paper with an outlook on the most important future TEE security topics.