1 / 14

Securing Android Apps using Trusted Execution Environment (TEE) - 07/08/14

Securing Android Apps using Trusted Execution Environment (TEE) - 07/08/14. Presented by: Mike Hendrick VP Product Dev @ Sequitur Labs. Company Background. Team. Founding. Incorporated in 2010 Prior decade of work on mobile platforms Domain expertise in authorization/authentication

kiral
Download Presentation

Securing Android Apps using Trusted Execution Environment (TEE) - 07/08/14

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Securing Android Apps using Trusted Execution Environment (TEE)- 07/08/14 Presented by:Mike Hendrick VP Product Dev @ Sequitur Labs

  2. Company Background Team Founding • Incorporated in 2010 • Prior decade of work on mobile platforms • Domain expertise in authorization/authentication • Large enterprise policy frameworks • Phil Attfield – CEO, (Founder Signal9, acquired by McAfee) • Paul Chenard - CTO • Mark Reed – COO • Abhijeet Rane – VP Marketing • Mike Hendrick – VP Product Dev Experience Customers and Partners • Deep Experience in • Network security • Embedded systems / mobile • Massive scale telecom systems • Boeing, T-Mobile, Qualcomm, HP • AT&T • Trustonic • ARM (working relationship) • Atmel (working relationship)

  3. Overview Our Vision Develop enabling technologies and solutions to better secure and manage connected devices of today and the future. PCs Servers Tablets Smartphones IoT

  4. Why does it matter? everyone is at risk. • Business enablers: Mobile + Devices + Cloud • New devices and use cases • Changing IT and information consumption environment for end users and enterprises • Changing and diverse security and manageability requirements • Traditional IT perimeter has vanished • The promise of mobility can only be realized if TRUST exists between users, services and devices $5.5 million U.S. average cost of data breach.

  5. TrustZone and the TEE • ARM provides the reference design for the TrustZone to be incorporated by • SoC manufacturers • Device OEMs • Trustonic provides a Trusted Execution Environment (TEE) • Protects against software attack from open/Rich OS • Provides scalable and secure environment for apps like user auth, anti-malware, transactions • Two separate domains, normal and secure • Extends across entire system • Secure • Processing path • On/off-chip memory • I/O and display • Increasingly available on devices Trustonic Trustonic Driver API Trustonic TEE Trustonic Driver Trustonic Driver Kernel Module API Trustonic Microkernel Trustonic Driver Kernel Module

  6. A healthy eco-system is forming around the TEE Trustonic TEE Eco-system

  7. DeadBolt™ – streamlining access to the tee Android Application Sequitur DeadBolt™ Java Library Secure Storage TEE-SSL Authentication +++ Sequitur Trusted Applications Secure Storage TEE-SSL Authentication +++ Trustonic Trusted Execution Environment TrustZone enabled SoC

  8. DeadBolt Encrypt • DeadBolt Encrypt – provides data at rest encrypted storage • 256 AES CBC cypher • Encrypt an OutputStream • Decrypt an InputStream • DBCryptParams – specifies crypto parameters • APK_BOUND • KEY_BOUND • DEV_BOUND • CUSTOM_BOUND • NOT_BOUND • Errors • Exception • Version

  9. DeadBolt Encrypt – Difference from Standard Android • Using FileOutputStream: FileOutputStreamfos = new FileOutputStream(pictureFile); • Using DBEncryptFileOutputStream: DBEncryptFileOutputStreamfos = new DBEncryptFileOutputStream(picturefile, MainActivity.main_activity, new DBCryptParams(MainActivity.CryptoParamMask, MainActivity.CryptoPassword));

  10. DeadBolt SSL • Preform SSL encryption in the TEE • Only call is to initialize the connection DBSSL.Init(context);DBSSLSocketFactory.InitHttpsDefault(); Or Socket sock=DBSSLSocketFactory.createSocket(host,port);

  11. DeadBolt Authorization (Future) • Local Authorization via Trusted User Interface • Number PIN Code • AlphaNumeric Passcode • One Time Password – HOTP based on RFC 4226 • Remote Authorization • Key Pair Generation • Secure delivery of Key to Server • Message Signing and Encryption • Message Validation and Decryption

  12. Developing TEE secured apps with DeadBolt™ • Sequitur simplifies the development and commercial activation of a TEE secured app • Does not require developers with systems level development experience • Does not require learning new platform primitives • Significantly lower cost of initial and ongoing investment • Rapid time to market Sequitur Developer Portal $$

  13. DeadBolt™- Key benefits

  14. Sequitur Labs Inc. • Contact • Abhijeet Rane, VP Marketing, Abhijeet.rane@seqlabs.com • Jennifer Multari, MarCom Manager, Jennifer.Multari@seqlabs.com • Mike Hendrick, VP Product Development, Mike.Hendrick@seqlabs.com • www.seqlabs.com

More Related