Download presentation
Presentation is loading. Please wait.
Published byVince Szilágyi Modified over 5 years ago
1
Securing Android Apps using Trusted Execution Environment (TEE) - 07/08/14
Presented by: Mike Hendrick VP Product Dev @ Sequitur Labs
2
Company Background Founding Team Experience Customers and Partners
Incorporated in 2010 Prior decade of work on mobile platforms Domain expertise in authorization/authentication Large enterprise policy frameworks Phil Attfield – CEO, (Founder Signal9, acquired by McAfee) Paul Chenard - CTO Mark Reed – COO Abhijeet Rane – VP Marketing Mike Hendrick – VP Product Dev Customers and Partners Deep Experience in Network security Embedded systems / mobile Massive scale telecom systems Boeing, T-Mobile, Qualcomm, HP AT&T Trustonic ARM (working relationship) Atmel (working relationship)
3
Overview Our Vision Develop enabling technologies and solutions to better secure and manage connected devices of today and the future. PCs Servers Tablets Smartphones IoT
4
Why does it matter? everyone is at risk.
Business enablers: Mobile + Devices + Cloud New devices and use cases Changing IT and information consumption environment for end users and enterprises Changing and diverse security and manageability requirements Traditional IT perimeter has vanished The promise of mobility can only be realized if TRUST exists between users, services and devices $5.5 million U.S. average cost of data breach.
5
TrustZone and the TEE ARM provides the reference design for the TrustZone to be incorporated by SoC manufacturers Device OEMs Trustonic provides a Trusted Execution Environment (TEE) Protects against software attack from open/Rich OS Provides scalable and secure environment for apps like user auth, anti-malware, transactions Two separate domains, normal and secure Extends across entire system Secure Processing path On/off-chip memory I/O and display Increasingly available on devices Trustonic TEE Trustonic Trustonic Microkernel Trustonic Driver Kernel Module API Trustonic Driver Kernel Module Trustonic Driver API
6
A healthy eco-system is forming around the TEE
Trustonic TEE Eco-system
7
DeadBolt™ – streamlining access to the tee
Android Application Sequitur DeadBolt™ Java Library Secure Storage TEE-SSL Authentication +++ Sequitur Trusted Applications Secure Storage TEE-SSL Authentication +++ Trustonic Trusted Execution Environment TrustZone enabled SoC
8
DeadBolt Encrypt DeadBolt Encrypt – provides data at rest encrypted storage 256 AES CBC cypher Encrypt an OutputStream Decrypt an InputStream DBCryptParams – specifies crypto parameters APK_BOUND KEY_BOUND DEV_BOUND CUSTOM_BOUND NOT_BOUND Errors Exception Version
9
DeadBolt Encrypt – Difference from Standard Android
Using FileOutputStream: FileOutputStream fos = new FileOutputStream(pictureFile); Using DBEncryptFileOutputStream: DBEncryptFileOutputStream fos = new DBEncryptFileOutputStream(picturefile, MainActivity.main_activity, new DBCryptParams(MainActivity.CryptoParamMask, MainActivity.CryptoPassword));
10
DeadBolt SSL Preform SSL encryption in the TEE
Only call is to initialize the connection DBSSL.Init(context); DBSSLSocketFactory.InitHttpsDefault(); Or Socket sock=DBSSLSocketFactory.createSocket(host,port);
11
DeadBolt Authorization (Future)
Local Authorization via Trusted User Interface Number PIN Code AlphaNumeric Passcode One Time Password – HOTP based on RFC 4226 Remote Authorization Key Pair Generation Secure delivery of Key to Server Message Signing and Encryption Message Validation and Decryption
12
Developing TEE secured apps with DeadBolt™
Sequitur simplifies the development and commercial activation of a TEE secured app Start developing app Download and include DeadBolt™ in your app (development license) Complete app development and testing Get activation license for commercial distribution Publish app on public or private app store Sequitur Developer Portal $$ Does not require developers with systems level development experience Does not require learning new platform primitives Significantly lower cost of initial and ongoing investment Rapid time to market
13
DeadBolt™ - Key benefits
Enterprise Developers Enterprise ISVs/SIs/ Consultants Device OEMs Reduce time to market and cost Easily leverage hardware based security Deliver new value to customers Deliver secure application platforms
14
Sequitur Labs Inc. Contact
Abhijeet Rane, VP Marketing, Jennifer Multari, MarCom Manager, Mike Hendrick, VP Product Development,
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.