The need to safeguard sensitive data and ensure the confidentiality of transactions has never been more critical. The Trusted Execution Environment (TEE) emerges as a pivotal technology in the demand for increased data privacy. In this blog, we will delve into the world of TEE, understand what it is, and explore its applications as a privacy-enhancing technology.
What is a Trusted Execution Environment?
TEE is a secure and isolated area within a computer or mobile device's central processing unit (CPU). It’s designed to execute code and processes in a highly protected environment, ensuring that sensitive data remains secure and isolated from all other software in the system. It achieves this level of security via special hardware that keeps data encrypted while in use in main memory. This ensures that any software or user even with full privilege only sees encrypted data at any point in time.
How Does TEE Work?
Using special hardware, TEEs encrypt all data that exits to the main memory. And decrypt back any data returning before processing, allowing the code and analytics to operate on plaintext data. This means that TEE can scale very well compared to other pure cryptographic secure computation approaches.
TEEs also offer a useful feature called remote attestation. This means remote clients can establish trust on the TEE by verifying the integrity of the code and data loaded in the TEE and establish a secure connection with it.
How Can Media Companies Benefit From TEEs?
TEEs are an attractive option for media companies who want to safely scale their data operations in a secure environment. TEEs offer the following benefits:
- Tamper-Resistance: The hardware-based security of TEE provides tamper-resistant execution of code.
- Secure Communication: Remote attestation provides a way to establish trust between TEEs and remote entities, enabling secure communication.
- User Trust: TEE builds trust among users, assuring them that their data and transactions are protected.
Now, let’s look at a real-world example of data collaboration using a TEE. In our last blog post, we saw that one way to perform the secure matching in the IAB’s Open Private Join & Activation proposal is using an MPC protocol. Another way to perform this secure matching is using a TEE. With TEE, only one helper server is involved. First, the advertiser and the publisher establish the trust of the TEE via remote attestation. Then, they -each forward their encrypted PII data to the TEE server which decrypts them and performs the match on plaintext data.
TEEs come with their own privacy risks. They are vulnerable to side-channel attacks, such as memory access pattern attacks, which can be exploited to reveal information about the underlying data. Adding side-channel protections can help counter these attacks, but significantly increases the computational overhead. Fortunately, despite this TEEs scale very well.
In an industry facing ongoing scrutiny over data privacy concerns, TEEs are becoming a standard. This PET technology will continue to evolve and we expect to see it playing an increasingly vital role in data collaboration.