There are several secure processing hardware such as (1) Secure Element (SE) in smart cards, SIM, ThinC-AUTH (2) Trusted Execution Environment (TEE) in ARM processors in smartphones (3) Trusted Platform Module (TPM) in PCs in order to protect data and codes. According to different requirements in usage, those hardware are employed. ThinC-AUTH is using SE inside, where fingerprint authentication firmware and PKI manupilation works safely. The fingerprint data is also stored inside.
Secure Element (SE)
Secure element is defined as a tamper-resistant hardware/ platform against physical attacks, capable of securely hosting applications, their confidential and cryptographic data such as key management in accordance with the defined rules and security requirements.
SE provides dynamic environment where the application code, its confidential data is stored and the application code is securely executed. As an example, for a payment application all the personal data like account number, expiry date, passwords, card numbers are stored in secure element and then the safety of its secret information can be trusted upon.
Application inside the SE performs several tasks such as handshaking with the POS terminal, responding to queries received from terminal, authenticating the card, filtering data to be shared etc, but it is the SE that provides secure execution environment for applications to perform all their defined tasks.
Trusted Execution Environment (TEE)
TEE is a secure area of a main processor. It guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. A TEE as an isolated execution environment provides security features such as isolated execution, itegrity of applications executing with the TEE, along with confidentiality of their assets.
In general terms, the TEE offers an execution space that provides a higher level of security[for whom?] than a rich operating system (OS) and more functionality than a 'secure element' (SE).
Trusted Platform Module (TPM)
A TPM is an LSI chip that has security-related processing functions mounted on a PC motherboard. An industry group, Trusted Computing Group (TCG), has developed standard specifications, which are installed in PC models. RSA encryption encoding / decryption, public / encryption key pair generation, SHA-1 hash value calculation, digital signature generation / verification, etc. Values can be saved.
With these functions, it is possible to implement software tampering detection, individual identification and terminal authentication that are difficult to impersonate, and secure encryption of storage such as a hard disk. Since the TPM chip has tamper resistance, an attempt to read the encryption key stored by analyzing the inside is physically damaged and cannot be read. For this reason, even if PC is stolen, the encrypted hard disk cannot be decrypted to read the data therein.
Note
1. Physical attack
- Reverse engineering: Observe micrographs, obtain information, and misuse.
- Physical probing: Probes the signal line and reads the signal.
- Physical manipulation: Modify and abuse electronic circuits.
2. Side channel attack
Without breaking the IC card, secret information is extracted by measuring power consumption and radiated electromagnetic waves during operation.
3. Failure use attack
Using physical stimuli such as non-standard voltage, non-standard clock signal, laser irradiation, electromagnetic wave irradiation, etc., the operating IC card malfunctions and secret information is extracted.
