In the rapidly evolving digital world, security and privacy are (or at least should be) more important than ever. The proliferation of digital devices and the increasing velocity of sensitive data have necessitated the development of better and more secure ways of protecting information. A Trusted Execution Environment (TEE) is one such solution, providing additional authenticable security for devices and applications. This blog post will explore what a TEE is, what types exist, how they work, and their benefits, limitations, and use cases.
- A Trusted Execution Environment (TEE) is a secure area of a computer or device that ensures the execution of code is protected from external threats.
- Use cases of TEEs include securing payment transactions, protecting PII and cloud storage encryption.
- Attestation allows you to prove that a TEE is running the exact program you want it to and that your code hasn’t been tampered with.
- AWS Nitro Enclaves are cloud-based TEEs designed to process confidential data.
- Nitro Enclaves are difficult to build and maintain as part of a larger system due to their constrained access and minimal observability. They are a major time investment for engineering teams that have competing priorities.
- Cages abstract away the difficulties of implementing Nitro Enclaves and are the easiest way to harness the power of TEEs.
What is a Trusted Execution Environment?
A TEE is an environment for executing code in which those running the code can have high levels of trust in that surrounding environment because it is insulated from the rest of the device.
Technical Definition of a TEE
A Trusted Execution Environment (TEE), also known as a Secure Enclave, is a highly constrained compute environment that allows for cryptographic verification (attestation) of the code being executed. TEEs are designed with no persistent storage, no shell access, and no network connectivity by default. As a result, they provide a completely isolated environment with heavily restricted external access, making it possible to run sensitive workloads securely.
How Does a TEE Work?
TEEs establish a distinct, isolated environment on a computing device solely dedicated to processing and storing sensitive data. By utilizing isolation, this secure environment is shielded from tampering and unauthorized access, even in the event of a compromise of the primary operating system.
What is Attestation?
Attestation lets you ensure that the program running within the TEE is the one you intended to run. The TEE calculates several checksums of the program and signs it with a secret key, and you can verify the signature with the corresponding public key.
Before deploying your code within a TEE, you can sign the bundle with a secret key. The process of cryptographic attestation then allows you to validate that the code running within the enclave is the same bundle that you signed at build time.
Typically, verifying attestation is a complex process and requires in-depth encryption knowledge to implement safely.
Different Types of TEEs:
There are several types of TEEs, including hardware-based TEEs (e.g. Intel SGX), software-based TEEs, and cloud-based TEEs (e.g. AWS Nito Enclaves). Hardware-based TEEs are built into the device's hardware and provide a high level of security, while software-based TEEs are implemented using software and may not be as secure as their hardware-based counterparts. Cloud-based TEEs are used to secure data in the cloud and are based on virtualization technology.
Benefits of Trusted Execution Environments:
Developers working with sensitive workloads often require robust security guarantees, and TEES are a valuable tool for this purpose. By using TEEs, developers can ensure that their code remains untampered by malicious actors through attestation.
In addition to providing the benefits of typical containerized compute environments such as Amazon ECS or Kubernetes, Secure Enclaves offer additional security guarantees from attestation and heavily restricted I/O. This includes features such as no persistent storage and no networking by default.
Companies that frequently need to reassure their customers about their security posture can offload a significant portion of responsibility to the architecture of TEEs, enabling them to close deals with the most security-conscious customers.
Moreover, TEEs offer developers the most secure way of deploying sensitive workloads, effectively minimizing the risk of exposure of data, applications, and storage from both insiders and third parties. As a result, TEEs are gaining popularity among security-conscious businesses and receiving significant investments from cloud and hardware vendors such as AWS, Google Cloud, IBM and Intel.
Examples of TEE Use-Cases
- Mobile payments and banking: TEEs are used to secure financial transactions made through mobile devices, such as mobile banking and payment apps.
- Government: TEEs are used to secure the processing and storage of sensitive government data, such as national ID information and classified information.
- Internet of Things (IoT): TEEs are used to secure the processing and storage of sensitive data generated by IoT devices, such as home security systems and wearable devices.
- Nitro Enclaves use cases: Securing Private Keys, Tokenisation and Multi-party computation
Technical Limitations and Challenges of TEE Implementation
Building and maintaining TEEs as part of a larger system can be challenging, requiring a considerable engineering effort to get started. The restricted access and limited I/O options mean that integrating the TEE with the rest of the system can be time-consuming. Additionally, due to their limited observability, it can be challenging to develop scalable, fault-tolerant systems.