Breaking TEE by Experience (TEEPwn)

Algemeen

In close cooperation with Raelize B.V., the Netherlands Forensic Institute (NFI) is offering a training course for breaking TEE.

Many modern devices are equipped with a Trusted Execution Environments (TEE), an isolated subsystem used for performing security sensitive tasks and handling security sensitive data (e.g., encryption keys). Digital forensic experts aiming to break into modern devices will acknowledge that a TEE is nowadays a common component in a modern security architecture. Even though a TEE is notoriously hard to secure due to the the interaction between hardware and a significant code base, it’s often even harder to analyze and understand it. It’s usually not straightforward to escalate from the non-secure world into the secure world.

Voor wie

Politiemedewerkers die werkzaam zijn binnen en ervaring hebben met het digitale werkveld van TDO  en specialist zijn binnen de gebieden van embedded en/of mobile en/of encryption.

Opbouw

The TEEPwn experience takes an offensive perspective and dives into the darker corners of TEE security. It’s designed with a system-level approach, where you will experience exploitation of powerful vulnerabilities specific for devices equipped with a TEE. Moreover, it’s hands-on, well-guided and driven by an exciting jeopardy-style game format.

• You will be taken on a journey that starts with achieving a comprehensive understanding of TEE security.
• You will learn how hardware and software cooperate in order to enforce effective security boundaries.
• You will then use this understanding for identifying interesting vulnerabilities across the entire TEE attack surface.
• You will be challenged to exploit these vulnerabilities using multiple realistic forensic scenarios.

All practical exercises are performed on our custom emulated attack platform which is based on ARM TrustZone and includes multiple TEE implementations.

Resultaat

The primary objectives are:

• gain a system-level understanding of TEE security
• identify vulnerabilities across the entire TEE attack surface
• gain hands-on experience with TEE-specific exploitation techniques
• gain a solid understanding of ARM TrustZone-based TEEs

Praktische informatie

Code: 1900243.000
Type: Training
Examineringtype: Geen

Studielast totaal: 32 sbu
Instituut: 32 sbu

Duur: < 1 week
Totaalprijs: niet individueel afneembaar

Toelichting studielast

De training wordt gevolgd bij het NFI en bedraagt 4 dagen van 8 uur waarbij de verhouding ligt van 30% theorie en 70% hands-on excercises.

Overige informatie

You will get access to a Virtual Machine (VM) which contains all the required tooling. It’s expected that not all of the exercises are finalized within the training hours. Therefore, you will have access to this VM forever so they can continue with the exercises after the training has ended.

Algemene instroomeisen

You are expected to:

• have experience with C programming
• have experience with the ARM architecture and assembly (AArch64)
• have a solid understanding of modern operating systems
• have an understanding of typical software vulnerabilities
• be familiar with reverse engineering (AArch64)
• be familiar with typical exploitation techniques

There’s no need to meet all of the above expectations. Less-experienced students can rely on our guidance, hints and solutions, whereas more experienced students will not.

Vrijstellingen

Lees de algemene informatie over vrijstelling op basis van EVC.

Aanmelden

Ben je werkzaam bij de politie? In overleg met je leidinggevende, meld je aan in Youforce Opleidingsmanagement (YOM). Is er geen geschikte startdatum beschikbaar? Plaats jezelf dan op de wachtlijst. Je ontvangt een mailbericht als er nieuwe startdata beschikbaar zijn.