TU 2 ESS > HW-based Mobile Platform Security > Flashcards

HW-based Mobile Platform Security Flashcards

(11 cards)

Study These Flashcards
1
Q

Trusted Execution Environment

A
  • Isolated and integrity-protected
    from the „normal“ execution environment (Rich Execution Environment)
  • Processor, memory, storage, peripherals
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

REE vs. TEE

A
  • REE:
    -> Standard execution environment
    -> Untrusted
  • TEE:
    -> Coexistent to REE
    -> Stronger security guarantees
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

TEE Services

A
  • Platform integrity („boot integrity“)
    -> Secure boot, authenticated boot
  • Secure storage
  • Isolated execution
    -> TEE
  • Device identification
  • Device authentication
    -> Remote attestation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Architectures with single TEE

A
  • ARM TrustZone
  • TI M-Shield
  • Smart card
  • Crypto co-processor
  • Trusted Platform Module (TPM)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Architectures with multiple TEEs

A
  • Intel SGX
  • TON
  • Hypervisor
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

TEE Hardware Realization Alternatives

A
  • External Secure Element (TPM, Smart Card)
  • Embedded Secure Element
  • Processor Secure Environment (TrustZone, M-Shield)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Welche Komponenten gehören zur TCB - Platform Integrity?

A
  • Verification Root
    -> Device manufacturer public key
  • Cryptographic mechanisms
    -> Signature verification algorithm
  • Volatile memory
    -> Stores measurements for authenticated boot
  • Boot sequence
    -> Boot code certificate: certified by device manufacturer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Welche Komponenten gehören zur TCB - Secure Storage?

A
  • Cryptographic mechanisms
    -> Encryption algorithm
  • Device Key
    -> Protected memory
  • Non-volatile memory
    -> Rollback protection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Welche Komponenten gehören zur TCB - Isolated Execution

A
  • Verification Root
    -> TA code certificate (certified by device manufacturer), TA code hash
  • Cryptographic Mechanisms
  • Volatile Memory
  • Trusted application
  • TEE management layer
    -> controls TA execution
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Welche Komponenten gehören zur TCB - Device Authentication (and Remote Attestation)

A
  • Cryptographic mechanisms
  • Volatile memory
    -> Sign system state in remote attestation
  • Device key
    -> Used to protect/derive signature key
  • Non-volatile memory
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

TrustZone Example Process

A

1) Boot begins in SW Supervisor mode (set access control)
2) Copy code and keys from on-chip ROM to on-chip RAM
3) Configure address controller (protect on-chip memory)
4) Prepare for Normal World Boot
5) Jump to Normal World Supervisor for traditional boot (set NS flag to 1)
6) Set up trusted application execution
7) Execute trusted application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
TU 2 ESS
flashcards
Decks in class (9)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions