GlobalPlatform recently held their annual conference in Santa Clara, California. GlobalPlatform is an international standards organization that defines specifications for the Trusted Execution Environment (TEE), or the secure virtual operating system within the OSes of mobile devices. It also specifies requirements for Secure Elements (SE), the protected storage components within mobile devices. Used together, Trusted Apps run inside the TEE, protected from rogue apps and malware. Trusted Apps control access to data stored in SE. The use of TEE also protects confidentiality and integrity between the user input and display. The specifications are becoming widely used in the protection of premium content (digital media), financial apps, telecommunications, automotive components, healthcare devices, and transit systems.
TEE is being used to secure processing and messaging in many IoT scenarios already today, such as parking meters, food monitoring, and "smart cities" street light monitoring. On the consumer side, TEE is implemented in watches, home automation, and even cars. Remote monitoring of manufacturing, logistics, agriculture, and environments is increasingly being performed by IoT sensors. The number of Internet connected devices is rapidly rising.
Given the recent spate of record-breaking DDoS attacks launched from compromised IoT devices, expect to see greater emphasis and consumer demand for security and privacy on IoT manufacturers. Most consumers do not want their webcams and refrigerators to be involved in illegal activities, such as knocking websites off the air, or sabotaging food production.
Beyond providing specifications for execution and storage, GlobalPlatform can help with IoT security by adopting device identity standards. The IoT devices that have unwittingly participated in attacks have done so because bad actors took control using default usernames and passwords. In most cases, users aren't directly involved, so having a username/password identity scheme does not even make sense for IoT sensors.
The lifecycle for IoT device identities is quite different from human users. Some devices are designed to last a few hours, such as passive WiFi concrete hardening sensors. Some agricultural sensors are designed to last a growing season. However, in other cases, Internet-enabled durable goods and medical devices are expected to last from several years to perhaps decades. Thus, the identity lifecycle and difficultly associated with modifying attributes pose new security risks. Time will tell, but ultimately a PKI-lite certificate-based device identity paradigm may emerge, if revocation issues can be sufficiently addressed. IoT device vendors and third party service providers will likely find that device identity and access management could generate long-term subscription and fee revenues.
With regard to user authentication, GlobalPlatform and the FIDO Alliance will be cooperating with cross-certification and joint testing programs. The FIDO Alliance is an international Standards Development Organization (SDO) focused on multi-factor and mobile authentication technologies. GlobalPlatform currently provides test tools and certified test labs to perform independent security testing of TEEs. This yields qualified products. Many vendors are already building and certifying TEEs. FIDO authenticators and clients are being deployed in the TEE. Apps that run in the open, or "Rich OS" can request authentication from the FIDO client/authenticator, running securely in the TEE.
FIDO is also adding security certification. The first priority is protecting the authenticator’s keys. Security certification for FIDO will re-use other organizations’ standards, such as FIPS 140-2 and GlobalPlatform TEE. FIDO security certification will look for and confirm the use of TEE by FIDO components. FIDO certification will then include functional certification by FIDO (as it is today), and Global Platform TEE certification as a component of security.
GlobalPlatform and FIDO are planning to synchronize certification processes. Independent certified test labs will provide the testing services for both organizations. OEMs will be able to get both needed certifications much more quickly. Such an approach is a "win-win" for the mobile IAM community, as there are many common members between FIDO and GlobalPlatform, and this should reduce the cost and time needed to obtain security certifications from both organizations.
As we know, IoT devices are proliferating but security is severely lacking. The number of FIDO certified products is also beginning to grow. GlobalPlatform’s TEE will add needed runtime and I/O security to both IoT and FIDO applications. KuppingerCole recommends that both IoT device manufacturers and FIDO implementers utilize TEE to:
- improve the overall security posture of IoT devices and FIDO authenticators
- reduce the risk of malware taking over IoT devices and turning them into DDOS botnets
- increase integrity of key generation, storage, and use in FIDO authenticators
- add credibility to IoT and FIDO products in the marketplace.
KuppingerCole will continue to monitor developments in the mobile and IoT security space.
GlobalPlatform TEE specifications can be found at https://www.globalplatform.org/specificationsdevice.asp.