A Solution to Make Trusted Execution Environment More Trustworthy.

Trusted Execution Environment is an execution environment that resides in connected devices and ensures that sensitive data are stored, processed, and protected isolated from general-purpose OS such as Android. The TrustZone TEE solution can achieve a medium protection level with comparatively low cost, so it is widely used. However, related researches show that the TrustZone TEE solution has security defects; for example, hardware isolation provided by TrustZone is insufficient. In this paper, we propose a security enhancement scheme based on TEE. According to the existing problems in the TrustZone TEE scheme, a corresponding protection mechanism is established to fully enhance the reliability of connected devices. In our scheme, TEE is used alongside other security technology such as secure elements and microkernel and kernel real-time protection to provide multi-layered defense mechanisms. In our scheme, we introduce a security element as the root of trust (ROT) of connected devices. The secure element is used to store sensitive data such as the first-stage bootloader, various secret keys, and the certificate of the second-stage bootloader. The secure element is also used to execute sensitive operations such as encryption and decryption. [ABSTRACT FROM AUTHOR]