Open-TEE is No Longer Virtual: Towards Software-only Trusted Execution Environments Using White-box Cryptography

BIÇAKCI K., Ak I. K. , Ozdemir B. A. , Gozutok M.

1st IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (IEEE TPS-ISA), Los-Angeles, Şili, 12 - 14 Aralık 2019, ss.177-183 identifier identifier


Trusted Execution Environments (TEEs) provide hardware support to isolate the execution of sensitive operations on mobile phones for improved security. However, they are not always available to use for application developers. To provide a consistent user experience to those who have and do not have a TEE-enabled device, we could get help from Open-TEE, an open-source GlobalPlatform (GP)-compliant software TEE emulator. However, Open-TEE does not offer any of the security properties hardware TEEs have. In this paper, we propose WhiteBox-TEE which integrates white-box cryptography with Open-TEE to provide better security while still remaining complaint with GP TEE specifications. We discuss the architecture, provisioning mechanism, implementation highlights, security properties and performance issues of WhiteBox-TEE and propose possible revisions to TEE specifications to have better use of white-box cryptography in software-only TEEs.