TEE, SE, smartphones, ...

General topics

• ETSI - Security Week/Security Workshop
• GSM- Brookson - gsm security
• Anand R. Prazad - NEC - various security books - chairman of 3GPP SA3 (mobile communications security standardization group)
• 3GPP SA3 Security - includes SECAM (ISO CC for 3GPP)
• GSMA
• Prism-break.org - ensure your privacy
• DE - gsmmap.org
• DE - srlabs.de - Karsten Nohl
• OSMOCOM - security
• DE - Harald Welte - LaForge at GnuMonks
• FR - P1 Labs
• FR - PT Security
• GSM-inside - all the gsm secrets ...
• SilentCircle.com
• Cryptophone.de
• Gold-Lock - IL - used by IDF
• Skycure - iPhone honeypot with cloud sourcing - Yair Amit
• Skycure's blog
• Passban - multifactor authentication on mobile devices

Security solutions

• A trusted execution environment (TEE) is a secure area of a main processor. It guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. A TEE as an isolated execution environment provides security features such as isolated execution, integrity of applications executing with the TEE, along with confidentiality of their assets. A TEE offers an execution space that provides a higher level of security for trusted applications running on the device than a rich operating system (OS) and more functionality than a secure element (SE). See Wikipedia
• SEs are an evolution of the traditional chip that resides in smart cards. A SE is a tamper-resistant platform (typically a one chip secure microcontroller) capable of securely hosting applications and their confidential and cryptographic data. There are different form factors of SE: embedded and integrated SEs, SIM/UICC, smart microSD as well as smart cards. See Global Platform

TEEs

Intel

• SGX - Wikipedia - a set of security-related instruction codes that are built into some Intel CPUs that allow user-level and operating system code to define protected private regions of memory, called enclaves
• x86 Core-i - Core-i is the x86-64 family from Intel
• x86 Ryzen - Ryzen is the x86-64 family from AMD
• x86 Xeon - Intel
• x86 EPYC - AMD
• Nokia Citadel protection for federated ML based on SGX

ARM

• ARM Cortex-M - TrustZone
• ARM Cortex-A - TrustZone

Apple

• Apple wallet
• Apple ID - use by US goverment
• Apple IOS Secure Enclave (SE) - remarkable confusion with gsm's 'secure element' abbreviation
• Is a secure coprocessor (Apple T2 Security Chip) that includes a hardware-based key manager, isolated from the main processor.
• Is a hardware feature of certain versions of iPhone, iPad, Mac, Apple TV, Apple Watch and HomePod.

Android

• Android - security
• Android - hardware-backed keystore
• Android - gatekeeper
• Performs device pattern/password authentication in a TEE. Gatekeeper enrolls and verifies passwords via an HMAC with a hardware-backed secret key.
• Trusty - security
• Trusty is a secure Operating System (OS) that provides a TEE for Android. Trusty runs on the same processor as the Android OS, but Trusty is isolated from the rest of the system by both hardware and software. Trusty and Android run parallel to each other.
• Authentication - gatekeeperd/keystoreservice - gatekeeper/keymaster (in TEE)

Samsung

SamsungKnox

• SamsungKnox

SE for Android

KU-Leuven Distrinet

• Sancus - TEE based on MSP430 extension with FPGA
• Sancus on Github
• Sancus tutorial

Other

• Trustonic - founded by ARM, G&D and Gemalto to deliver TEE for ARM (ARM Trustzone)
• Microsoft on Github
• DE - Certgate - secure microSD
• Fortanix
• FR - Trusted Logic
• DE - Device Insight - M2M management
• Wandera - firewall on mobile

Hacking

• Zimperium - Android security
• MobiSec tools (Linux distro) - DARPA/OWASP (check out Remnux too)
• See also NIST guides ...

Rooting, jailbreaking etc

Jailbreaking iPhone

• Greenpois0n - jailbreaking iOS