Join ACCESS EU, the first-of-its-kind digital assets security and DLT summit
JUNE 7TH, 2024 @ EURONEXT AMSTERDAM ⟶
Rob Behnke
June 27th, 2023
Programs — whether on a smartphone, on a computer, or in the cloud — are rarely running in an isolated environment. Often, these applications are running alongside dozens of other programs that use the same processor, memory, and other resources.
Ideally, programs will be well-behaved and not step on each others’ toes. Computers use logical addressing, multithreading, and other mechanisms to pretend that each application is running on its own computer.
However, these protections are not strictly enforced, and applications can interact with one another if they choose. While this is good and desirable in some cases, it represents a significant security risk in others. For example, while an application may be willing to share data with other programs, this data sharing is typically not intended to include passwords, cryptographic keys, and other sensitive information.
Trusted execution environments (or TEEs) provide a solution for this. They offer a secure environment where an application can store and use sensitive information.
The majority of an application’s functionality runs in the Rich Execution Environment (REE). The REE provides a wide range of features but is an untrusted environment where multiple programs can run alongside and interfere with one another.
While this is fine for some of the operations that a program performs — such as browsing the web — it isn’t for others. For example, one of the most sensitive operations that a cryptocurrency wallet performs is signing transactions before they are submitted to the blockchain. To generate a valid digital signature, the wallet software needs access to an account’s private key.
However, anyone with access to that key can generate a valid digital signature. If the private key is exposed to an attacker, they can drain the value stored in the account or abuse the permissions assigned to it (i.e. if the address is the owner of a smart contract).
This is where a TEE comes into the picture. A TEE is an isolated, secure section of a computer that is used to perform sensitive operations such as generating digital signatures. The cryptographic keys and code are hosted within the TEE, and the signature process involves data going in and a digital signature coming out. At no point does the private key — or other sensitive information — leave the TEE, dramatically reducing the potential risk of exposure.
A TEE can permit multiple different applications developed by different organizations to run inside of it. So why is a TEE any more secure or trusted than the REE?
A TEE has a few features that provide additional trust, including:
Secure Boot: A TEE includes a secure boot process that uses digital signatures to verify that the TEE’s code, assets, and underlying secure operating system (OS) have not been tampered with.
Authorized Apps: Only authorized apps are permitted to be installed and executed within a TEE. These authorizations are verified before an app is permitted to run.
Application Isolation: Trusted applications within a TEE can only access their own data and assets with no mechanism to access other applications’ data and assets.
A TEE can be used to implement any sensitive or high-risk functionality. In fact, most or all of a cryptocurrency wallet’s functionality could be theoretically implemented within a TEE. However, this doesn’t make sense for the majority of a wallet’s functionality and can have negative impacts on performance, upgradeability, etc.
The most common application of a TEE for blockchain solutions is implementing digital signature code for a cryptocurrency wallet. Some of the benefits that this provides include:
Private Key Protection: If a cryptocurrency wallet uses a TEE, then private keys will be stored in the TEE and never leave it. This makes it much more difficult for an attacker to access these keys and use them to sign unauthorized transactions.
Algorithmic Integrity: A malicious software update could add code to a program to steal private keys or perform other malicious functions. Code in a TEE is checked for integrity before running it, protecting against these attacks.
A TEE provides a secure environment for implementing certain key functions of an application. For example, cryptocurrency wallets may use a TEE for their digital signature code, which helps to protect the private key and the integrity of the signature process.
However, it’s important to keep in mind that the protection provided by a TEE is limited to the operations performed within a TEE. For example, consider the case where a TEE is used to generate the digital signatures for a blockchain transaction. If an attacker can modify the transaction data before it is sent to the TEE, then the TEE will sign the wrong data.
For this reason, it’s important not to overestimate the protection provided by a TEE. When performing transactions on the blockchain, check their content before and after they are sent to the TEE just in case malware in the REE changed the data being signed.
Self custody — where you manage your own private keys for blockchain accounts — is the blockchain ideal but also a significant challenge. If your private keys are lost or stolen, then an attacker can gain control over your account or you might lose access to it forever.
Using a crypto wallet that uses a TEE to protect sensitive data and code can help to reduce the risk that malware on your computer might steal your private keys or otherwise interfere with your transactions. However, it isn’t a perfect solution to securing your crypto assets. For more information, check out our blog on the Top 10 Ways to Secure Your Crypto Wallet From Hackers.