Using a Trusted Execution Environment (TEE) to Protect Host Card Emulation Solutions
HCE enables mobile applications to offer secure payment card and authentication solutions without the need for a payment card to be physically present. HCE is the architecture that provides a virtual representation of payment cards using only software. Before HCE, payment cards had to be physically present for a transaction to be carried out using the in-built Secure Element (SE).
However, with this flexibility comes the risk of attack. Smartphones are vulnerable because their operating systems are rich in functionality but are not always designed with advanced security in mind. Therefore, users can unintentionally compromise their smartphones by accessing untrusted sources through internet browsing, downloading malware, or connecting to insecure Wi-Fi networks.
Secure Elements Versus Trusted Execution Environments
A Secure Element (SE) is efficient in protecting data but only at a limited scale. An SE has limited memory and computational capabilities−a major drawback given increased demand for processing power and high-performance user experience, especially during biometric authentication. An SE is also unable to communicate with a user through a Trusted User Interface (TUI) for secure PIN and biometric authentication.
The Trusted Execution Environment (TEE) is a hardware-isolated environment designed to keep data and processes secure by separating them from the main operating system. TEEs are built into the majority of modern smartphones; for example, Trustonic’s TEE is integrated into 2 billion devices during manufacture.
In comparison to an SE, the TEE offers better performance, memory and processing power. And, because the TEE is a hardware-isolated environment, it can deliver high-performance security and computational power, without the need for another chip to be integrated in the system.
The software modules that run in a TEE are called Trusted Applications (TAs). Only authorized TAs can be installed and run in the TEE, to ensure the integrity of TAs. Multiple TAs can run separately from one another in a single TEE, and each TA has its own storage to guarantee integrity, persistency and confidentiality. The TEE also has privileged access to the device’s resources, such as the TUI, to ensure that all communication between the TEE and these resources is secure and confidential.
The TEE provides advanced security for HCE-based mobile payment implementations. HCE-based solutions rely on the backend for security purposes. However, smartphones are not always connected to the internet, so the device must store payment credentials for when it’s offline and be able to manipulate these credentials when processing a payment. Therefore, when a device is offline and there’s no protection in place from the backend, this presents a potential attack surface.
Although payment card providers have introduced various security measures in recent years to counteract attacks, many still rely on the basic security of the Rich Execution Environment (REE), which is the main operating system such as Android. However, as we have seen, the REE can be exploited. Malware may be present on the REE where the HCE solution is installed, leaving sensitive data such as payment credentials vulnerable. And, if an attacker has access to all of the REE’s data, they could impersonate the user and process new payments through the user’s account.
HCE solutions often rely on software protection measures, such as white box cryptography and code obfuscation, to mitigate against attacks. But, given enough time, a determined attacker can break this security. Because the TEE is hardware-based, it provides a much higher level of security than software protection.
The TEE provides an end-to-end secure chain for HCE solutions, including secure authentication, secure storage and processing, and the secure communication of assets between the HCE application and server. Using the TEE:
- The HCE server can verify that a legitimate customer made the request
- The HCE server can send confidential, encrypted information for the TEE to store securely
- the user initiating the payment can be authorized using the TUI and biometrics
- All sensitive payment data can be processed securely, ensuring none is leaked from the secure world
Therefore, only by leveraging a TEE can HCE-based mobile payments solutions achieve the most secure solution for mobile payments.
Trustonic is working in partnership with Dejamobile and Cartes Bancaires on a new Generic Secure Trusted Application. This GlobalPlatform-compliant solution will make it easy for developers to deliver the highest level of security available on mobile devices, and provide a simple, fast and secure user authentication experience. To learn how Trustonic is working with its partners to strengthen the security of HCE payments using the TEE, see our news post on Innovating HCE Mobile Payments with Cartes Bancaires.
