Boosting security with trusted execution environments
Software can never be perfectly secure. There will always be programming errors that attackers can exploit. Yet, perhaps with the increasing union of hardware and software security capabilities, defenders can attain more of a fighting chance in keeping sensitive data secure—even while it's in use—within secured hardware environments called trusted execution environments (TEEs), which can't be accessed even by the operating system.
A TEE is a component both physically and logically separate from the main computer. It performs cryptographic operations, including the generation and secure storage of keys, and can be accessed only through defined interfaces. TEEs enable a level of security even the creators of the hardware and software can't get around, a fact that has impeded the efforts of both hackers and law enforcement.
Hardware-enhanced security isn't a new concept, but it is showing up in new systems, including high-end servers and the cloud, and is used in new methods of security, such as large-scale blockchain.
The TEE you already have
One widely used example of hardware-enhanced security currently is Apple's Secure Enclave, which is based on its dedicated Secure Enclave Processor. SEP is now an integral part of Apple's lineup, including iPhones, iPads, and Apple Watches. Apple's SEP keeps encryption keys used by iOS and third-party apps secure. Android has its Trusty TEE. While the Trusty OS runs on the same processor as the Android OS, the Trusty TEE is isolated by hardware and software.
Almost all business PCs have a TEE, called a Trusted Platform Module (TPM), installed in them. The main application of the TPM is to ensure that the hardware and software involved in booting a computer has not been modified from the proper state. It can be and occasionally is used for other applications, including to prevent cheating on games, but TPMs are not fast enough to be used for high-volume applications.
TEE chips to cloud hardware-enhanced security standards
New generations of TEEs are capable of much more than the old crop. With newer TEEs, organizations can more securely process data in cloud workloads, collaborate with external partners on data, and move sensitive processes to more secure processing environments. Hardware and software makers hope TEEs provide a long-term solution for using sensitive data in a more secure manner on smartphones, PCs, cloud systems, and virtualized workloads.
What makes it possible for such hardware-enhanced security to function with other systems, applications, and workloads are standards. Over the years, standards groups such as the IETF (Internet Engineering Task Force) and its Trusted Execution Environment Provisioning working group have been working to develop such standards. There are also virtual trusted execution environments such as the Open-TEE, which makes it possible for developers to build trusted applications using GlobalPlatform's TEE specifications.
The industry is increasing the pace of hardware-enhanced security adoption. In 2020, Intel announced its intention to expand its Software Guard Extensions (SGX), first introduced about five years ago in its Skylake processors, to more of its systems, including Xeon Scalable processors, code-named Ice Lake.
Please read: Zero trust makes business secure by default
AMD announced earlier this year that its AMD-TEE driver supports the GlobalPlatform TEE Client API. AMD's TEE system has been around for some time within Arm security on chips, but the new TEE supports AMD processors with Arm TrustZone.
Cloud service providers are also rapidly embracing hardware-enhanced security. Just last week, Amazon Web Services announced the general availability of AWS Nitro Enclaves, which the company says makes it easier for its customers to process confidential information securely. "AWS Nitro Enclaves helps customers reduce the attack surface for their applications by providing a trusted, highly isolated, and hardened environment for data processing," according to an AWS statement.
AWS Nitro Enclaves is available on most Intel- and AMD-based Amazon EC2 instance types built on the AWS Nitro System.
For its part, Microsoft announced the general rollout of Azure confidential computing earlier this year, with the availability of DCsv2-series virtual machines. The Microsoft hardware-enhanced security runs on Intel servers enabled with SGX. With Azure confidential computing, not even cloud administrators or those with physical access to the data center can see data protected within the virtualized hardware-based TEEs.
Specialty security software, or broad industry use cases?
There are many uses for TEEs and secure enclaves, such as Apple's Secure Enclave, which secures encryption keys used by iOS and third-party apps. Full-blown TEEs, of course, are used to protect copyrighted music, movies, books, and other content. Still, there are true enterprise applications, such as securing mobile payments, securing source biometric identifiers, and enabling the secure sharing and use of sensitive information on mobile devices and, increasingly, cloud workloads, PCs, and server environments.
Another use case for TEEs is processing smart contracts, such as blockchain, which stores all of the associated workflows and terms of agreement of a transaction within the digital contract itself. As explained in "Enterprise Smart Contracts and the Rise of Off-Chain Processing," smart contract business logic executes in a TEE, or enclave, on the Azure cloud: "The TEE can bind the code to a smart contract and provide a rich set of services, including identity and key management, cryptographic services, attested data, and interaction with the outside world."
Please read: 7 best practices for closing the IT security gap
Proponents believe there will be widespread business use cases. "By combining the scalability of the cloud and ability to encrypt data while in use, new scenarios are possible now in Azure, like confidential multi-party computation where different organizations combine their datasets for compute-intensive analysis without being able to access each other's data," wrote Mark Russinovich, chief technology officer at Microsoft Azure, in a blog post. "Examples include banks combining transaction data to detect fraud and money laundering, and hospitals combining patient records for analysis to improve disease diagnosis and prescription allocation."
Trusted execution environments prove susceptible to side-channel attacks
Of course, TEEs are not attack-proof. Recently, researchers unveiled findings on how cryptographic keys can be remotely stolen from Intel CPUs running SGX, and over the past few years, a number of vulnerabilities have been found in Apple's Secure Enclave. These vulnerabilities are typically exploited through a sophisticated technique called a side-channel attack.
Still, security weaknesses are to be found in all technologies, and security technologies are no different. The question is whether the security benefits outweigh the incremental risks. When it comes to hardware-enhanced security, the same balance remains at play, and the success or failure of trusted execution environments will hinge on whether hardware makers, application developers, standards, and the implementation of those standards all work together to increase security without increasing the burden on business. And that's the very nature of this security arms race and why it's so essential that everyone figures out how to get TEEs right.
Shiva R. Dasari, HPE chief technologist, hybrid IT security, contributed to this article.
Lessons for leaders
- Some data and code is important enough to merit dedicated, secure facilities.
- High-end, specialized security features are becoming more widely available in the cloud.
- As with so many other developments, open standards will play an important part for TEEs.
Perhaps the most widely used example of hardware-enhanced security is Apple's Secure Enclave, which is based on its dedicated Secure Enclave Processor.
This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.