Why virtual trusted execution environments are set to boost mobile payment security

Why virtual trusted execution environments are set to boost mobile payment security

Mobile payments are so omnipresent these days that it feels like a trick of the mind when you see somebody paying with cash or even with a physical card.

The fact that we’ve become so used to mobile payments so quickly is an incredible thing. We do it almost without thinking. But there’s also a rather unsettling correlation between the normalcy of digital transactions and the sophistication of attacks that seek to intercept and exploit them. Remember, the mobile phone was not originally designed or intended to securely make and receive payments.   

That’s why enhanced security is needed to protect the most sensitive mobile transactions and operations. And it doesn’t get much more advanced than virtual trusted execution environments (vTEEs) which provide dynamic, payment-industry-proven layers of security to stop evolving threats. 

As we’ve just launched our own vTEE here at Licel, we thought we’d explain why we believe that as our collective payment habits shift to mobile, the security paradigm must evolve, too.

What is a vTEE and what can it do?

A vTEE is a secure, isolated execution environment that offers rich cryptographic and security features to trusted applications, enabling them to carry out sensitive mobile transactions and operations. It can be used to stop attackers from stealing ultra-sensitive data including payment credentials and tokenised cards.

Let’s take a look at the Licel vTEE for a moment to give you a better understanding of exactly how a vTEE can work and what it can do.

As you can see from the illustration above, the Licel vTEE operates within the mobile application itself, but it can still communicate with the Android or iOS operating systems. It comes with a secure storage area where your most sensitive key material and assets can be kept safely. But the truth is that the vTEE is much more dynamic than a safe. A good example of this dynamism is its Software-based Cryptographic Module (SBCM) which implements cryptographic algorithms for white-box cryptography and also offers cryptographic features like RSA, ECC, and AES.  

One of the most integral components of the Licel vTEE is a Trusted Virtual Machine which sits within it. This virtual machine works almost like a mini operating system and is where your trusted applets reside. Importantly, this virtual machine is also connected to - and can leverage - our mobile app security solution, DexProtector. That means that as well as built-in vTEE security mechanisms such as device binding and white-box cryptography, it can defend itself with DexProtector’s code and resource hardening, RASP, integrity control, and other measures. 

The benefits to mobile payment security of being able to leverage all of these defensive mechanisms are pretty clear. Sensitive mobile transactions require multiple layers of security, and the vTEE can call on those different layers.

If you imagine for a second that your physical passport is a representation of an application, then you’ll be able to visualise the different anti-tampering measures it can leverage, such as watermarks, hologram images, and unique ID numbering. But by far the most impressive anti-tampering measure of all is the chip that is built into it that enables quick and easy verification. This chip is the vTEE inside your application.

What’s the difference between a vTEE and a TEE?

Most trusted execution environments are physical bits of hardware. The “v” in vTEE stands for virtual, and there’s one key reason why we created a virtual trusted execution environment: it is much more agile and flexible than a legacy hardware TEE. 

We should caveat this by making it clear that we’re big believers that the best technology embraces harmony between hardware and software. Indeed, without hardware it wouldn’t have been possible for us to create the vTEE. But it's also true that hardware TEEs tend to come up against the same issue time and again; upgrades and fixes can take a very long time if and when vulnerabilities are discovered. 

This isn’t the case with a virtual TEE. While a TEE might be out of action for weeks or even months, a vTEE could be upgraded and be back in action in days or even hours. 

This agility represents a significant reinforcement that can save you from huge time and financial expenditure, not to mention the associated reputational damage of being offline for so long.

How vTEEs can revolutionise mobile payment security

There are two innovative payment technologies in particular that can benefit massively today from the depth of security that vTEEs can provide. One is SoftPOS solutions that allow vendors to accept payments on their mobile device, and the other is mobile wallets. Let’s take a look at both of these use cases.   

SoftPOS (or software point of sale) solutions are booming.They provide a great deal of flexibility to vendors as they can use their own mobile device as a payment terminal rather than having to invest in and maintain a card reader. 

A vTEE can greatly enhance SoftPOS security as it provides a secure enclave within the solution’s software architecture. This means that sensitive operations such as PIN entry and payment processing are conducted in an isolated and secure environment. This is vitally important as it means that sensitive credentials and payment information remain secure even if the device or OS are somehow compromised. The secure execution area also prevents malware from interfering with payment transactions. 

Mobile wallets are completely commonplace already, and trends such as Apple opening up NFC in the EU are set to increase competition even further in this sector. But there are serious risks to sensitive data if wallets don’t use enhanced protection (like that offered by vTEEs.) 

As with SoftPOS solutions, secure storage is a big part of this enhanced mobile payment security for wallets. vTEEs can securely store payment credentials, cryptographic keys, and other sensitive user data from unauthorised access and tampering. With sensitive operations like authentication and transaction signing taking place in a secure environment, the risk of mobile fraud is also significantly reduced. 

As you might be aware if you’ve read our articles regularly, here at Licel we place a lot of value on integrity. So much so, that we think without integrity there’s actually no such thing as security. Adding yet more layers of integrity control - on top of those already offered by DexProtector - was a big motivation behind us developing our own vTEE. For both SoftPOS solutions and mobile wallets, the vTEE can be instrumental in making sure transactions are genuine and no tampering has taken place. 

It’s also worth noting that a vTEE can be massively beneficial for both SoftPOS and mobile wallet developers from a regulatory point of view. For PCI MPoC (in the case of SoftPOS) and EMVCO SBMP and EMVCO SBMP TEE (for mobile wallets), trusted execution environments are listed as necessary defensive mechanisms to prevent attacks. And so utilising a vTEE can go a long way in achieving compliance and certification. 

We had our vTEE put through its paces by an independent lab, the result of which was that we attained an EMVCo SBMP TEE Security Evaluation Certificate. If you’re looking for a vTEE for your solution, then our recommendation is to go with an evaluated and approved product as it will save you a lot of time and money on your certification journey.

Future use cases of vTEEs

The most obvious opportunities for vTEEs right now lie in mobile payment security for the reasons outlined above. However, it’s not hard to think of lots of other potential applications and solutions that would benefit from the enhanced data privacy, protection against tampering, and integrity of sensitive processes and information that vTEEs offer. 

Digital IDs are a good example. Countries around the world are working hard to develop mobile-based IDs that could be used for accessing electronic Government services, ePrescriptions, and digital passports, among other things. Clearly, if an attacker were able to fraudulently tamper with such an ID, the results would be fairly catastrophic both for individual citizens and for the wider impact on trust in such digital initiatives. A vTEE could make sure that sensitive day-to-day operations carried out with Digital IDs are isolated and secure from outside interference. 

vTEEs could also be used to provide a secure environment for training AI models and protecting data from tampering. It might also protect AI models from reverse engineering attempts by securing both the model and its parameters. 

And what about AR and VR operations? vTEE functionality could be a perfect fit for the secure rendering of sensitive data for both and providing a secure environment for executing code while protecting against malware and other malicious activities.

Cyber attacks are getting more sophisticated year-on-year, and the stakes have never been higher in terms of losses to mobile fraud and what a successful attack can do to business reputations. 

We see vTEEs as timely reinforcements to even the odds, applying several more layers of depth and integrity to existing mobile channel protection and future-proofing innovative mobile payment solutions. 

We’re incredibly excited about their potential impact in the coming years.

Find out more about the Licel vTEE, and feel free to get in touch with us if you have further questions

Licel vTEE