The term trusted
computing is used to collectively describe technologies enabling the
establishment of trust in local and remote computing systems by using
trustworthy components, trust anchors, to ensure the integrity of other parts
of the system. In this paper, we survey recent research and industry efforts in
designing and deploying trusted computing solutions, especially in the context
of mobile systems. Security in general and trusted computing technologies in
particular have had a very different trajectory in the history of mobile
devices compared to that of personal computers 54. Various stakeholders had
strict security requirements, some of which date back two decades ago, right at
the beginning of the explosion of personal mobile communications. For example,
standards specifications required ensuring that the device identifier resists
manipulation and change 1; regulatory guidance called for secure storage for
radio-frequency parameters calibrated during manufacture; business requirements
necessitated ways of ensuring that subsidy locks1 cannot be circumvented. These
requirements incentivized mobile device manufacturers, chip vendors, and
platform providers to deploy hardware and platform security mechanisms for
mobile platforms from early on. Hardware-based trusted execution environments
(TEEs) were seen as essential building blocks in meeting these requirements. A
TEE is a secure, integrity-protected processing environment, consisting of
processing, memory, and storage capabilities. It is isolated from the
”normal” processing environment, sometimes called the rich execution
environment (REE) 39, where the device operating system and applications run.
The term ”rich” refers to the extensive functionality and, hence, the
increased attack surface, in mass market operating systems today. TEEs enable
improved security and usability for REE applications by ensuring that sensitive
operations are restricted to the TEE and sensitive data, such as cryptographic
keys, never leave the TEE. The academic research community has been engaged in
research in hardware-based trusted computing, although not using that specific
term, for a long time dating back to the 1970s 5, 106. Recent research
efforts have focused on investigating alternative architectures for trusted
computing, developing novel trust anchors using physically unclonable functions
(PUFs), and enabling TEEs for resource-constrained devices 21, 97, 98.
Some of the results of these research activities have led to implementation
proposals and large-scale deployment via standardization bodies and industry efforts.
The Trusted Computing Group (TCG) 101 has been leading the standardization
efforts in trusted computing. Global Platform 39 is specifying TEE
functionality in mobile devices. Various application-specific standardization
bodies, such as the Car Connectivity Consortium 67,