►
From YouTube: IETF99-TUTORIAL-TEEP-20170716-1345
Description
TEEP TUTORIAL at IETF99
2017/07/16 1345
https://datatracker.ietf.org/meeting/99/proceedings/
A
A
A
A
D
A
D
E
E
E
E
E
Okay,
but
I
want
to
start
a
little
bit
slower
specifically
since
what
most
of
us
will
have
been
typically
working
on
in
the
IDF
has
been
communication
security
protocols,
so
we
we
want
to
deal
with
problems
that
it's
interesting,
that
those
two
get
out
of
sync.
We
want
to
deal
with
confidentiality
protection,
we
care
about
integrity,
we
care
about
authentication
and
there
are
some
classical
components
that
are
needed
for
that.
E
We
need
the
obviously
the
protocols-
and
you
will
see
a
lot
of
this
during
the
week
with
TLS
1.3
1.3
in
a
cup.
Further
components
like
a
random
number
generator
needs
to
be
present,
because
most
of
the
security
protocols
rely
on
random
numbers
are
key
management
and
identity
management.
That's
sort
of
like
a
core
part
of
what
ITF
has
been
standardizing.
E
If
you
look
at
our
C
3
5,
5
2,
which
is
this
our
C
talking
about
how
to
write
security,
consideration
sections,
that's
what
it
talks
mostly
about,
because
that's
sort
of
the
bread
and
butter
of
this
organization,
but
it
it
doesn't,
stop
there.
Unfortunately,
so
you
also
have
to
care
about
the
system
and
software
security,
and
so
the
problems
that
you
typically
will
run
into
there.
Malicious
software.
E
Many
of
the
attacks,
specifically
in
a
server
side,
also
care
about
unauthorized
access,
sort
of
database
access
to
some
protected
resources,
and
so
you
have
a
few
other
components
that
are
needed
on
top
of
what
I
had
explained
earlier,
such
as
you
need
to
have
some
isolation
mechanism
and
that
sort
of
goes
back
into
the
world
really
early
days
of
operating
system
design.
When
you
you
didn't
want
like,
if
ms-dos
you
had
everything
in
a
single
address
space,
so
you
get
one
piece
of
software
compromised
it
basically
allowed
access
to.
E
Everything
is
needless
to
say
that
over
the
time
people
didn't
want
that,
so
they
had
memory
management
techniques.
So
every
application
has
the
illusion
of
a
virtual
of
the
full
having
full
access
to
the
address
space
which
in
reality
that
and
things
like
protected
storage,
trusted
boot
recovery
functionality
and
so
on.
So
a
couple
of
hardware
mechanisms
that
have
been
and
operate
and,
of
course,
corresponding
software
and
have
been
added
to
provide
the
provide
this
type
of
isolation.
E
It
still
goes
further
because
you
also
have
certain
classes
of
attacks
that
deal
with
the
physical
system.
So,
if
you
have
specifically
in
the
IOD
sector,
that's
out
that's
a
big
concern.
If
you
have
access
to
the
devices,
then
you
have
additional
capabilities,
and
so
you
have
sort
of
examples
like
power,
analysis
or
analysis.
We
you
you
so
you
measure
the
power
consumption
as
the
device
is
computing
cryptographic
operations
and
so
in.
In
the
worst
case,
you
can
see
from
the
from
the
power
trace
on
and
specifically,
public
key
crypto
is
very
power
hungry.
E
So
you
see
what
is
actually
being
done,
and
so
you
can
actually
in
the
worst
case,
you
can
actually
and
I
pick
zombies
on
my
laptop.
If
you
care
about
that
topic,
you
can
actually
see
what
key
what
key
is
used.
You
can
basically
read
the
key
from
the
screen.
This
is
a
static
power
analysis
technique.
Sometimes
it's
a
little
bit
more
nuanced,
so
you
need
the
differential
power
analysis
which
uses
statistical
technique.
E
Maybe
some
of
you
have
actually
I've
been
working
on
this
already,
so
those
are
sound
like
very
sophisticated
techniques,
but
they
get
more
widely
used
as
the
tools
and
the
hardware
to
do.
Mounties
attacks
get
more
common,
but
they
may
also
be
things
like
literally
looking
at
the
chip
looking
at
tapping
on
the
buses
to
see
the
communication.
That's
going
on
so
enough.
E
Obviously,
our
countermeasures,
so
one
is
using
algorithms
that
run
in
more
constant
time.
Encrypting
memory
interfaces
putting
everything
on
a
single
trip,
so
it's
more
difficult
to
snoop
on
the
buses
and
so
on
and
so
on.
So
you
have
these
three
sort
of
categories,
and
if
you,
if
you
look
at
what
the
industry
has
been
doing,
it
came
up
with
various
principles
to
deal
with
these
type
of
sort
of
security
issues,
and
one
is
obviously
an
a
big
specifically.
E
This
one
is
this
isolation
principal
and
then
delete
privilege
and
I'm
sure
you've
heard
that
before
so,
the
idea
here
is,
and
that
sort
of
a
summer
than
open
assumption
in
this
whole
work
is
that
you
have.
So
if
this
is,
let's
pick
an
example,
because
the
circles
are
probably
not
I'm,
not
very
illustrative,
but
if
you
think
about
the
tls
implementation
in
a
DLS
implementation,
you
have
many
components.
E
You
have
crypto
components
that
have
access
to
the
keys,
let's
say
an
aes
iverson,
but
you
have
many
other
components
that
actually
don't
need
to
have
access
to
keys,
for
example,
the
whole
processing
of
the
incoming
packets.
So
you
get
something
from
a
TTP
stack.
You
need
to
process
those
there's
of
course,
a
state
machine
as
well.
That
may
have
a
different
security
when
it
doesn't
need
to
have
access
to
the
same
keys.
E
So
you
may
want
to
separate
those
two
things,
and
this
is
what
this
means
and,
of
course
you
can
extend
this
to
an
entire,
a
system
like
like
the
mobile
phones
that
or
the
tablet
they
were.
If
you
think
so,
you
have
an
operating
system
like
a
Android.
You
have
lots
of
security
relevant
code,
they
as
well
like
the
ORAC
cryptographic,
algorithms,
but
all
the
apps
that
don't
necessarily
need
access
to
the
keys
of
course
directly.
So
so
that's
the
idea.
E
The
isolation
is
sort
of
separate
the
parts
that
are,
in
some
sense
non
trusted
from
the
ones
that
are
trusted
and
the
trust
term
is
a
I'm,
not
a
big
fan
of
this
trust
terminology,
but
I'm
using
it.
Nevertheless,
because
that's
what
the
industry
has
been
using,
so
trust
here
means
it's
a
little
bit
in
the
eye
of
the
beholder
of
the
developer,
what
you
consider
trusted
and
where
you
put
the
demarcation,
an
imitation
line
between
what
you
consider
trusted
and
and
what
not
so
you
as
a
developer.
E
So
if
you
develop
a
system
put
something
there
that
you
decide
what
you
consider
trusted,
what
you
put
on
the
untrusted
site
versus
a
trusted
site
trusted
by
you
to
do
whatever
that
specific
application
or
whatever
the
piece
of
software
and
hardware
is
supposed
to
do
so,
I'm
not
necessary
to
be
religious.
There's
no
of
you
know
trusted
stack
or
something
trusted
software
in
by
itself.
It's
just
the
question
of
how
much
review
did
that
software
God?
Do
you
have
any
confidence
in
in
in
the
security
quality
of
it?
E
Okay
and
ultimately,
you
want
to
reduce
the
attack
surface
on
under
those
components.
That's
the
that's!
The
idea
why
you
introduce
this
separation-
and
so
here
here
are
some
examples
on
what
people
typically
consider
and
sort
of
trusted
software
software
that
has
that
requires
more
protection.
So,
typically,
what
you
want
is
to
keep
that
part
small
as
small
as
possible,
and
you
want
to
do
a
lot
of
review
a
lot
of
testing.
Maybe
you
do
certification
and
sort
of
like
you
want
to
spend
a
lot
of
time
on
this.
E
So,
of
course,
the
effort
then
goes.
Are
you
meeting
for
some
security
software?
You
may
want
to
do
from
an
analysis
of
the
author
code
and
so
on,
so
it
can
be,
can
get
really
really
expensive
and
time-consuming.
For
the
other
part,
it's
clear
that
you
can't
do
this
for
all
of
it,
because
your
progress
will
start
pretty
much.
If
you
look
at
an
ordinary
full-blown.
What
is
we
call
it
here,
rich
OS,
like
Linux
and
and
so
on.
E
It
will
take
forever
and
for
some
of
the
components
you
may
actually
as
a
developer,
you
may
not
even
have
the
components
in
a
source
code.
You
may
actually
have
to
deal
with
libraries,
so
you
would
probably
consider
them
untrusted,
because
you
know
very
little
about
them,
okay,
and
so
so,
if
you
plot
this
on
am
sort
of
like
this
diagram,
you
have
different
attacks
that
you
worry
about
and,
depending
on
what
you're
actually
trying
to
accomplish
you,
you
care
more
about
hardware
attacks,
the
ones
that
I
mentioned
where
you.
E
Actually,
someone
takes
the
chip
apart
or
if
it's
more
side-channel
attacks
that
I
mentioned
earlier.
These
are
non
invasive
attacks,
where
you
just
snoop
on
the
power
communication,
or
you
have
just
what
just
you
have
software
attacks
we
have
buffer
overflows
and
and
returning
and
programming
attacks,
and
so
on.
E
So
what
you
want
to
avoid
is
so,
if
you,
if
you
deal
with,
for
example,
if
you
want
to
in
your
product,
if
you
want
to
deal
with
those
two
attacks-
software,
the
non-invasive
hardware
tax,
which
is
quite
common
for
IOT
devices,
you
want
to
avoid
the
case
that
someone
mounts
an
invasive
pathway
attack
once
and
then
can
actually
do
a
scalable
software
attack,
because
that
would
be.
That
would
be
obviously
very
unfortunate.
E
We
see
that
in
IOT
happening
quite
often,
so
you,
if
you
build
class
keys
in
your
IOT
devices,
same
key
in
all
devices
or
in
a
large
number
of
devices.
Someone
will
go
ahead
and
spend
the
effort
to
find
out
what
that
key
is
using
invasive
techniques,
and
then
he
can
go
and
mount
a
very
simple
software
attack,
because
obviously
he
knows
the
key.
E
He
can
then,
for
example,
compromise
the
firmware
update
mechanism,
the
dosa,
for
example,
done
you
look
at
all
of
them
and
make
you
a
risk
assessment
and
figure
out
what
you
actually
want
to
do
now,
we'll
explain
a
little
bit
later.
What
we
see
this
I
come
again
to
explain
you
what
some
of
the
technology
does
and
what
it
doesn't
do.
Okay,
getting
into
solutions,
and
one
of
this
isolation
technique
is,
is
a
trusted
execution
environment
and
what
it
and,
as
I
said
like
these
operating
systems
are
fairly
large.
E
So
you
want
to
have
some
isolation
with
those
and
the
idea
of
having
these
trusted
execution
environments.
It's
actually
fairly
old,
already
like
we're
talking
about
15
years
potentially,
so
they
are
not
it's
not
something
that
was
developed
recently,
but
it
takes
some
time
in
the
market
for
companies
and
consumers
to
actually
pick
those
up.
You,
for
example,
now
nowadays
have
them
all
in
your
devices
and
mobile
phones
and
tablets
and
so
on,
but
they
only
use
to
a
certain
extent,
because
developers
have
a
hard
time
to
use
them.
E
Unfortunately,
there
are
some
differences
in
the
way
how
different
companies
develop
that
technology,
so
I
can
obviously
specced
speak
for
arm
my
employer,
not
because
I'm
more
familiar
with
the
technology
be
developed.
There
will
also
be,
or
ever
was
a
tutorial
very
or
not
a
tutorial
presentation
at
the
buff
in
the
Chicago
ideas
meeting
from
given
by
some
Intel
guys,
and
they
are
going
to
do
a
full-blown
tutorial
about
their
technology
in
after
the
IDF
meeting
didn't
work
out
beforehand.
E
So
you
you're
encouraged
to
also
have
a
look
at
that,
because
it's
just
a
different
implementation
of
how
they
do
the
trusted
execution
environment
to
see
what
the
differences
are.
One
of
the
differences
is
we
use
in
our
in
our
trusted
execution
environment.
We
use
a
sort
of
a
trusted
boot
process
which
some
of
the
Intel
decks
Knology,
for
example,
doesn't
like
the
XJS
CX
doesn't
require
that
we
also
may
need
an
operating
system,
their
small
operating
system
that
handles
the
applications,
but
I
will
get
to
these
diagrams
a
little
later.
E
E
So
if
you
have
a
Fido
application
running
and
let's
say
a
banking
application,
the
Fido
application
is
not
supposed
to
look
into
data
and
code.
What
the
banking
application
does.
Quite
understandably,
there's
only
one
trusted
execution
environment
per
chip
in
this
in
this
model,
and
so
you
need
to
separate
these
applications
again.
So
isolation
between
isolation,
in
some
sense,
like
an
ordinary
operating
system,
also
isolates
among
applications
among
processes.
E
Yeah,
the
other
sort
of
crypto
services
are
fairly
obvious
sort
of
cryptographic,
algorithm
storage,
random
number
generation.
It's
also
it's
also
needed,
because
otherwise,
how
do
you
do
the
crypto?
So
the
figure
again
so
the
Trust's
on
T
trusts
on
base
T
is
specifically
designed
to
deal
with
these
type
of
attacks.
E
We
go
a
little
bit
into
how
arms
trusts
on
technology
works
as
an
example
of
the
of
a
trusted
execution
environment.
So
if
at
least
one
example,
so
we
don't
just
talk
in
the
abstract
in
in
the
ARM
architecture,
they
are
different.
There
are
different
types
of
so-called
profiles,
and
this
and
I
specifically
in
this
talk,
talk
about
this
profile.
That's
why
I
put
a
blue
box
around
it.
It's
a
the
a
stands
for
the
application
profile.
E
That's
the
type
of
processor
you
find
in
in
the
tablets
and
the
mobile
phones,
and
that's
also
the
version
that
has
the
trust
zone
support.
There
are
other
other
profiles
like
the
real
time
profile
or
the
microcontroller
profile
which
are
have
different.
They
also
have
trust
on
capabilities,
but
they
are
a
little
different
different
in
terms
of
how
far
they
are,
along
with
the
maturity.
So,
for
example,
the
microcontroller
profile.
That's
used
typically
for
low-end
IOT
devices
it
it
was.
The
chips
are
not
available.
E
Some
capability
there
is
not
available
in
chips.
I
can
show
it
to
you
on
a
on
a
simulator
but
not
on
a
chip.
So
it's
a
think
about
it
as
like,
while
some
of
the
stuff
is
deployed-
and
you
have
it
in
your
hand
versus
some
of
the
things
that
are
on
paper
and
big
companies
are
working
on
it
but
not
available,
you
can't
go
to
the
shop
and
buy
it
versus
complete
research
projects
which
are
technologies,
I,
don't
even
talk
about,
but
there
are
other
efforts
ongoing.
E
E
This
a
class
that
you
can
imagine
is
a
32-bit
and
64-bit
architecture
has
different
instructions
that,
and
if
you
remember
the
days
when
you
did
in
a
computer
science
class
on
computer
architectures,
you
had
on
one
hand
there
the
instructions
that
architecture-
and
probably
you
looked
at
the
Intel
instruction
set
architecture
and
arm
instructions.
It
is
just
a
little
different
because
it's
a
RISC
instruction
set
reduced
instruction
set
versus
at
sisk,
which
is
a
more
powerful
instruction
set.
E
What,
if
graphically,
what
it,
what
it
does
on
this
trust
zone?
For
for
this,
a
class
architecture
is,
as
I
mentioned.
There
is
essentially
are
two
operating
systems
running
on
a
singly
on
a
single
chip.
First
of
all,
this
is
the
the
operating
system.
You
obviously
see
as
a
user
when
you
turn
on
your
phone
like
Android,
but
then
there's
also
another
operating
system
running.
E
It
starts
running
concurrently,
it's
not
a
multi-core
processor,
it
could
be
a
multi-core
processor,
but
it's
still
the
trust
zone.
Supportive
is
sort
of
that's
what
the
errors
indicating.
It's
like
a
you,
have
a
function,
call
that
happens
here
and
then
it
switches
over
there
that
executes,
for
example,
security
functionality
in
which
is
back.
It's
not
running
concurrently
and
sort
of
monitors.
What
the
other
operating
system
is
doing,
that's
not
what
what
it
does
in
its
secure
apps
trusts,
or
these
trusted
apps
then
fit
on
this
under
secure
OS
and
the
way
it's
designed
it.
E
It
allows
developers
like
you
to
write
your
own
operating
system
or
to
get
one
an
open
source
one
or
two
by
one.
So
there
many
different
operating
systems
are
running
for
this
secure
site,
as
there
are
more
many
more
as
actually
for
the
normal
work,
and
so
these
applications
then
need
to
get
somewhere
they're
to
that
to
that
pad
in
the
secure
monitor,
make
sure
that
this
transition
happens
securely.
E
So
if
basically,
every
time
this
operating
system
says
I
need
some
security
functions,
it
needs
to
go
through
the
secure,
monitor
and
figure
out
whether
that's
actually
permissible
for
obvious
reasons.
So
there
needs
to
be
a
clear
entry
point
into
the
functions,
because
otherwise
you
could
just
jump
randomly
somewhere
into
the
code.
E
Just
for
illustration
purposes:
I'm
not
going
to
talk
about
more
about
it.
This
upcoming
trust
zone
for
this
embedded
architecture
works
differently,
because
IOT
devices
are
fairly
small,
so
they
are
not
going
to
run
to
operating
systems.
They
are
barely
running
one
so
so
that
some
some
optimizations
are
taking
place
here.
E
Are
when
I
about
the
instruction
set
architecture,
one
part
of
this
sort
of
programmers
model,
a
programmers
view
is,
besides
the
actual
instructions
that
you
can
invoke
on
on
a
processor.
There
is
another
important
part
which
is
actually
how
the
memory
model
works
and
in
the
ARM
architecture,
everything
older.
E
The
the
peripherals
in
the
different
memory
is
actually
all
mapped
into
the
full
memory
space.
So,
depending
on
whether
you
have
a
32-bit
or
64-bit,
everything
is
mapped
into
the
memory
space.
It
looks
like
you're
accessing
memory
but
in
reality,
you're
actually
accessing
different
type
of
peripherals.
E
So,
for
example,
I
squared
C
is
a
communication
mechanism
to
typically
access
external
peripherals
like
a
fingerprint
reader,
a
display
and
so
on,
and
what
then,
what
trustzone
then
does?
Is
it
basically
replicates
this
available
memory
region?
It
adds
another
bit
in
depth:
I
doubled
the
address
space,
and
so
you
can
decide
which
fast
or
which
peripheral
you
want
to
make
only
accessible
to
the
secure
word
to
the
TE
or
which
part
is
accessible
to
the
normal
operating
system,
so
that
the
separation
happens
via
the
address
and
even
to
extend
that
even
more.
E
It's
not
just
a
it's,
not
just
the
memory.
Here's
an
example
of
a
system
on
chip,
which
just
means
that
normally
you
put
a
lot
of
different
components
into
one
chip.
It
doesn't
mean
much
more
in
some
of
the
components,
for
example,
in
a
typical
system,
actually
off
chip.
So
for
a
class
processor
you
typically
have
the
memory
of
chip
DDR
Ram.
E
So
if
you
look
at
them
like
many
of
these
devices,
you
just
have
a
bus
to
the
memory,
so
obviously
from
a
security
point
of
view
that
that's
quite
important,
it
makes
a
difference
whether
you
snoop
on
a
bus
or
whether
that
passes
in
a
chip-
and
you
first
have
to
basically
open
up
the
chip
to
actually
see
something
on
an
IOT
device.
For
example
the
RAM
and
the
flash
would
actually
typically
be
on
a
single
chip.
E
So
you
it's
everything
is
packed
together,
but
what
then
Trustin
does
is
it
extends
this
protection
across
the
whole
system
off
a
whole,
the
whole
system
on
chip?
So
that's
why?
Unlike
a
smart
card,
for
example,
if
the
cue
element
it
doesn't
just
protect
the
algorithms
and
the
secrets
that
reside
on
that
chip,
but
it
actually
extends
to
the
whole
system.
If
you
want,
of
course
you
can,
you
cannot
use
it
so
here
specifically
because
it
fits
the
example.
E
E
E
Despite
our
example,
who
knows
Fido
have
you
heard
about
fire,
because
otherwise
the
examples
along
the
tricky?
You
know
a
few
notified
of
Fido,
it's
organization
and
industry
alliance
that
tries
to
define
standardized
an
authentication
protocol
to
get
rid
of
passwords
on
the
Internet,
okay,
fairly
novel
cause,
but
quite
difficult
to
do
and
the
way
they
do
it
is
they
use
public
key
cryptography,
and
so
they
create
they
define
something.
E
That's
what
you
see,
but
some
of
the
phyto
implementations
on
smartphones
could
be
a
fingerprint.
It
could
be
I've
seen
cases
where
they
use
face
recognition
and
all
sorts
of
stuff,
and
you
also
want
to
for
privacy
reasons
you
want
to
store
the
fingerprint
template.
Also
in
a
secure
place.
You
don't
want
to
make
that
accessible
to
like
apps,
for
example.
E
So
this
is
this
one
example.
So
obviously,
if
you
now
add
find
up
to
your
phone,
the
question
is
how
the
heck
do
you
get
this
application
there,
the
phyto,
the
phyto
authentication
piece,
not
not
the
piece
that
interact
with
the
web,
browser
that
passes
the
messages
and
so
on,
because
this
is
JavaScript
and
so
on.
E
So
you
get
those
and
you
can
extend
it
if
you
want
or
do
something
else,
there's
also
for
the
firmware
which
is
sort
of
like
the
lower
part
that
interfaces
with
with
the
hardware.
You
can
also
get
that
as
an
open
source,
but
there's
obviously
one
important
part
missing.
You
need
to
have
the
hardware.
You
know
you
can't
just
run
it
on
and
random
things.
You
need
to
have
a
hardware
that
allows
you
to
do
whatever
you
like,
and
here
are
two
examples
that
I
think
quite
inexpensive.
E
One
is
so
the
Raspberry
Pi,
3
sort
of
a
new
version
of
Raspberry
Pi
has
trustzone
support
and
there's
a
company
that
did
a
reverse
engineering
of
it.
So
the
guys
who
worked
on
the
Raspberry
Pi
it
went
really
eager
to
release
documentation
on
what
they
have
been
doing.
So
this
other
company
just
reverse
engineered
it
and
there's
code
available,
so
you
can
actually,
then
they
did
a
port
of
the
opti
to
the
Raspberry
Pi,
so
you
can
load
it
there
and
watch
the
video
and
to
get
some
applications
running
or
write
your
own
applications.
E
That's
sort
of
probably
the
cheapest
entry
point
a
little
bit
more
sophisticated,
but
not
much
more
expensive.
If
there's
a
nice,
there
was
a
Kickstarter
project
called
USB
armory,
which
it
looks
like
this.
It's
a
USB
stick
sized
device
with
a
ARM
processor
on
top
of
it
with
some
RAM,
and
they
also
have
trustzone
support
because
they
specifically
focused
on
the
security
applications,
and
there
are
applications
that
you
can
download
from
a
Bitcoin
wallet
through
whatever.
So
you
can.
You
can
develop
your
own
banking,
app
and
security
mechanism
also
or
phyto
client.
E
E
E
E
E
There's
also
the
question
of
which
version
of
ppm
are
you
actually
using,
and
if
you
want
specifically
this
feature,
which
we
are
going
to
talk
about,
where
you
actually
have
different
vendors,
providing
different
OSS
and
whether
you
then
have
a
possibility
to
update
the
software,
which
is
something
that
I
think
TPM
was
not
really
designed
to
to
do
so.
If
I
can,
if,
if
only
you
can
update
software
on
on
whatever
hardware
security
module
you
have,
then
the
interoperability
challenge
to
work
with
a
standardized
protocol
gets
a
little
shaky
very
quickly,
and
so
I.
E
Think
me
at
this
point.
I
think
trust
zone
is
an
example
where
some
of
those
problems
arise
and
they
don't
arise
for
let's
say
some
other
software,
our
forum
for
some
other
technologies
and
I
since
the
PM
has
been
around
and
there
has
been-
maybe
not
so
much
interested
develop
such
a
protocol.
Maybe
that's
an
indication
of
a
more
closed
ecosystem.
F
F
F
This
multiple
said
here,
but
it
said
here
are
this
mainly
I
like
started
case?
Is
more
life
actually
operated
from
Weber
like
it
started
for
a
simple
from
lab
all
right,
mobile,
their
mobile
phone?
So
much
like
market
is
so
big
today
you
can
enter
a
pretend
to
not
trust
that
much
as
for
the
actual
environment.
So
now
you
have
tests
on
and
mobile
chip.
You
have
a
tea
there.
You
can
run
trust
applications.
So
what
can
trust
applications?
F
Are
you
use
a
bank
apps
to
that
I
got
a
penguin
type
of
facility
paper
on
a
song,
but
to
do
some
I.
Consider
that
not
to
have
a
use
case,
but
many
Bank
apps
use
I
use,
cheers
bank
America
many
mobile
apps.
We
have
a
message
to
operations
with
you
run.
How
do
you
protect
that
I?
Also
location
key?
How
do
you
protect
authentication
and
I'm
Hank?
We
actually
I'm
follow
I'm
from
Symantec
right
I'm,
not
promoting
anything
here.
Just
give
example
a
we
have
a
security
application
here.
F
One
time
password
application,
you
can
say
Google
Authenticator
right
manipulate,
is
goggle
indicator.
Alright,
who
are
sending
care
to
where's
the
key
start
to
that
in
a
center
parking,
a
droid
you
can
still
with
the
copy
and
client
very
easy
yep.
So
what
we
did
is
we
use.
We
put
into
act,
a
trust
application.
We
have
app
in
number
word
a
droid.
We
run
a
trust
application.
In
fact
he
today
we
have
that
it's
in
market
today
and
market
today
already,
then
there
was
a
this
little
app.
F
So
when
you
have
security
operations
in
I
Troy,
where
do
you
run
typically
use
the
case?
You
run
key
okay,
we'll
have
to
you
here
today.
Actually,
that's
a
Bible
right.
You
have
a
multiple
idea,
mark
keys
here
you
have
multiple
applications
and
you
have
applications
game
applications.
If
you
have
a
chemical
that
game
transactions,
so
our
set
of
secrets
with
you
run,
you
can
run
another
word
or
you
can
run
you
run.
Many
tight,
simple,
shut
up
can
run
a
key
that
give
you
protection,
I
psychiatric,
a
secret
operations,
Enterprise
ready
environmental
applications.
F
Banking
app
is
one
for
that.
I
also
with
that
okay,
you
say
you
run
Google
Play
and
you
turn
on
app
today
why
this
problem,
each
a
destroyed,
I,
say
the
tribal.
When
you
need
some
standard,
when
you
have
multiple
players
in
the
market,
all
right,
you
have
a
multiple
T's,
okay,
I
think,
that's
my
slide.
What
the
caps
right
watch
caps,
wanna
capture
today?
How
do
you
remotely
you
store
your
application?
You
have
no
more
apt.
F
Today's
that
analog
just
install
that's
where
the
prom
happened
today
usually
used
on
my
email,
rack,
middleware,
apps
right,
so
you
know
what
Google
does
it
to
remember
scan
right
periodically,
but
it's
another
catch
in
the
beginning,
all
right
now
you
have
a
secure
OS.
You
have
PE,
you
have
a
transfer
or
other
technology.
You
have
the
C
key
chip,
a
proper,
your
application,
even
matching
that
right
really
makes
your
seeker.
You
don't
know
what
you
to
download
and
run
anyone
can
download
the
install
you
need
somewhere
to
management,
but
it's
not
missing
right.
F
This
new
standard,
imagine
part
of
today.
You
can
run
app
through
private
apparel
that
whether
we
did
with
reparative
Allen
Parker
protocol
vendor
will
lock
in
say,
install
into
certainty
environment
like
a
problem
rather
power,
and
now
we
have
the
IOT
I
would
say
RT
more,
like
a
setup
box
set
our
Smart
TVs
once
anywhere,
you
allow
third-party
provider
applications
but
not
track
apparel
ecosystem.
Where
you
have
manufactures
you
Priya
apps,
that's
not
there's
no
problem.
There
manufacturing
scientists
in
the
web
rather
sit
down
like
this
is
thermostat.
F
You
put
a
spell
put
out
there,
there's
no
security
problem,
but
whatever
they
have
is
they
can
control
it
anyway.
It's
anonymous
I
plan
right,
but
if
you
have
plans
and
a
lot,
many
application
develop,
develop
or
money
vendor
develop.
Now
you
create
a
table
by
the
core
power
that
come
in
here
say
you
have
multiple
T's
and
at
least
62
that
I
guess
60s
track
cigarettes.
Are
you
have
multiple
service
providers,
bank,
skin
players?
Like
us
security
providers?
You
have
many
application
needing
so
there.
F
So
how
do
you
put
in
application
to
multiple
different
teas?
This
isn't
appropriate
easier
in
her
abilities
after
the
cap.
Many
application
renders
management.
Now
you
have
to
master
manufactures
om
vendors,
liquid
chips.
They
get
T
us
from
some
vendor
the
tribal
into
a
device
right,
whether
it's
a
smart
TV
or
it's
a
full.
Whatever
right,
you
have
vendors,
there's
a
chip,
vendors
who
provide
chips.
E
F
So
then,
we're
probably
key
enough
I've
set
this
one
level,
let's
say
even
never:
arty,
market
etc
matter
and
arty
is
big
enough
market
right
and
how
many
times
we
have
I
know
alone.
Our
ARM
chips
collectively
part
many
vendors.
It
gets
number
how
many
chips.
Each
year
yeah
table
16
billing
later
15
billion
each
year,
never
chips
shipped.
These
are
trusted
environment.
So,
if
you're
an
app,
you
can
leverage
that
15
billion
seeking
environment
your
app,
you
don't
have
running
at
right,
just
data
that
is
security.
F
You
don't
have
to
suffer
from
that,
but
now
that
you
have
a
p2
or
de,
we
want
to
app
almost
a
calendar
apps
running
there
quickly
install
and
manage
lateral,
which
are
the
choice
like
I.
Don't
want
to
get
to
spend
a
few
minutes
on
Panem
stream
and
whether
that's
something
you
see
the
problem.
We
need
to
have
an
interval
over
here
right.
It's
really
facilitate
many
civil
providers.
Many
application
developers
into
this
open
environment
I
can
consider
the
open
environment
well
anywhere.
You
have
open
environment
multiplayers.
You
need
interoperability.
F
F
We
proposed
in
tribal
protocol
which
remotely
manage
the
trusted
application.
You
can
install
apathetic
and
terminated
mm.
What
provide
is
our
support,
open
support
of
my
cavities,
multiple,
several
providers,
much
chip,
vendors,
open
environment
and
any
company
can
play
as
a
that
TA
or
instructor
application
manager
ELISA
it's
over
market,
that's
what
is
it
coming
up
and
the
two
property
won't
achieve
mutual
trust.
All
returning
to
the
Hannah
star
like
brand,
what
I
mean
fast
I
said:
well
I've
many
of
you
rated
TPM,
two
properties.
First,
one
remote
attestation
I
want
a
silver
provider.
F
I'm,
not
a
developer.
I
want
to
know
which
finish
our
lab.
My
applicator
one
I
know
that
really
trusted
environment
artist,
trust
right,
I
use
on
my
application
in
some
tea.
What
is
a
tea
is
Bucky
not
secure.
I
want
to
know
what
kind
of
devices
I
can
verify
so
I
inside
my
app
manager,
remote
application,
say,
remodel.
I
know
that
device
that
will
away
a
similar
provider
remote
application,
the
device,
otherwise
it
device
you
can
earn
which
providers
deliver
meal
application.
So
I
get
even
policy
I
just
transfer
application
from
this
set
of
vendors.
F
It's
a
user
choice
in
fact
choice!
That's
that
over
it
does
this
parrot
upon
a
matter
right,
but
you
give
that
policy
choice
they
can
choose
which
color
applications
you
can
install
right
so
that
there
are
data
space.
It
fills
in
against
basic.
U
en,
for
that,
remote
application,
mutually
mutual
authentication
will
leverage
a
certificate
against
certificate
scheme
or
use
here.
I
guess
give
me
this
other
way
to
do
it.
It's
open
for
discussion
as
well.
Although
we
say
this
is
Paris.
F
F
So
this
space,
the
oat
oat
ERP,
serves
up
a
two-pump
from
source
application
manager
to
the
te
side
how
the
application
can
be
remotely
virtually
acted,
verified
TM
can
verify
this
te
running
here.
It's
trustworthy
and
this
society
can
verify.
Tm
is
trustworthy.
The
beautiful
transverse
evening
allow
you
to
proceed
to
install
and
manage
your
such
applications
at
the
2000.
This
is
to
my
players
in
this.
This
are
not
in
line
protocol.
F
It's
offline
is
that
you
get
to
a
device
certificate
at
the
right
key
inside
your
price
in
te
side
that
enable
you
to
remotely
verified
by
several
providers.
I
got
a
certificate
II
used
here.
Ok
are
this
would
be
a
CA.
You
can
cause
you
on
CA,
but
you
need
to
get
your
saver
trusted
by
your
service
providers.
F
Ok,
it's
their
choice,
their
choice
and
again
the
like
need
to
verify
absolute
fraud,
remotely
sort
of
provided
at
today,
like
a
our
website,
similar
your
verified
organization
by
the
PI
certificate,
that's
trusting
of
standard
practice
against
and
practice.
Well,
let
me
strength
practice,
but
Phil
cap
here
to
remotely
manage
applications
in
o
Muhammad.
G
F
That's
a
salute
allocation
here
right,
so
you
can
more
clarified
this
a
format
of
a
certificate
as
through
a
key
verification,
so
remotely
verify
this
identity,
as
you
said,
but
it's
important
entity,
then
it's
not
the
vicinity.
It's
a
were
verified.
We
should
he
vendor
you're
running
to
atrocity
and
under
pillow.
They
you
will
see
later
is
even
further,
where
it's
a
firmware
and
people
seeing
major
part
of
verification
data.
F
Yeah,
okay,
one:
here's
the
throat
allocations.
All
the
way
we
can.
We
catch
is
verify
that
the
racks
have
secure
boot
at
sick
of
February
and
sixty
that
works
over
to
provide
a
world
get
through
that
step.
It's
another
identity,
it's
a
city,
route,
6,
February
and
security.
That
is
three
verify
the
parts
of
the
provider.
F
F
So
that
will
give
you.
So
what
are
the
design
choice
today?
We
use
the
asymmetric
key
in
the
device,
not
symmetric.
He
is
symmetric
key
and
will
promote
the
use
of
certificate.
Others
technology
may
be
possible
when
notice
different
variations
for
Roberto
verification
like
a
fighter
I,
which
use
different
three
ways
to
do
that.
Okay,
here
we
use
two
certificate
as
a
primary
choice
for
method
wise.
This
is
a
missile
particle
against
mr.
particle
emission.
F
We
will
leave
that
Network
a
layer
to
the
permutation,
so
it's
a
missile
property
finder
trust
which
authentication
I
will
choose
to
JSON
message.
Okay,
just
on
message
the
ring
which
is
Josiah.
You
can
leverage
that,
just
on
the
finding
and
the
encryption
already
funded
by
FC,
so
there's
already
standard.
We
can
leverage,
we
don't
need
a
we
are
invented
via.
So
we
need
a
little
bit
agent
in
a
number
world
to
relay
this
message.
I
got
to
Intel
into
University
property.
F
F
C
F
So
we
we
seem
like
the
latency
right
today
that
route
ERP
agent
purely
relay
agent.
It's
a
black
box,
it's
a
fun
nautical.
It
cannot
open
the
message
itself,
its
intent.
Okay,
that
so
far
way
says
support
the
right
side
on
one
te.
Some
are
asking
if
I
run
t-yong
device
possible
not
really
coming
market
today,.
F
So
you
have
I
like
that.
You
talked
about
this
okay.
I
already
is
good
to
this
on
here.
What's
needed
here,
other
coming
here
tea
and
at
erm
mutually
you,
our
message
enter
in
security.
You
clubbed
it
mate
reinterpreted
so
part
when
the
come
till
here
in
the
reach
app,
which
you
have
a
chocolatier
from
adult
later,
each
other
simply
fragment
it,
doesn't
have
to
be
a
droid
I.
Just
take
example
the
turquoise
it
here
and
you
can
miss
it
back.
You
need
to
send
additional
message
to
tea
hydration
amenity.
F
E
F
So
without
this,
that
means
you
as
a
applicant
developer.
Your
run
chest
is
a
regular
application.
You
need
to
run
how
to
target
e.
That's
a
burden
right,
but
if
this,
given,
what
do
you
call
it
just
simply
standard
API,
while
we
were
here
with
defy
API,
not
define
software
so
to
make
it
out
to
make
it
a
declare,
all
right,
no
yeah.
So
this
one
gentleman
like
the
interface
interface,
okay,
so
for
that
and
then
scope
is
either
what
else
I
cut
this
apart,
I
what
it
hard
to
scope
to
to
power.
F
Let
me
say
what
kind
of
message
will
be
exchanged
between
te
and
TM
hg
sr
measure
with
the
fun
only
there
are
JSON
message
if
I'm
at
what
the
content
should
be,
how
should
we
find
how
to
be
encrypted
to
ensure
end
and
security,
so
that
part,
with
only
this
other
place,
the
ecosystem,
which
I
say
we
need
you
have
a
secret
security
key
here
how
to
get
it
up
to
you.
You
get
a
good
talk
with
some
CA
or
your
SCA
as
along
there,
your
counterpart
trust
to
you.
F
Okay,
how
do
you
give
a
trust
management
out
of
this?
That
we
different
major
protocol
exchange
that
what
one
some
is
standard?
Now
you
can
talk
with
different
TM
managers.
Vendors
are
to
distribute
and
manager
application
like
an
Evo,
Kim
came
provider
or
your
enterprise
apps,
and
you
can
work
with
the
chest
at
beginning
managers
to
match
that.
F
So,
for
that
yep
four
minutes
flat
I
have
this
method
defined
properly.
You
can
see
here
six
message,
six
messages.
Like
a
second
messages,
we
call
a
six
message
of
six
command.
First,
one
is
to
get
the
last
eight,
so
our
time
come
in
first
step
are
the
quarry.
What
is
currently
running
at
the
rice
is
that
the
much
trustworthy,
okay
correct?
What's
our
what
key?
What's
somewhere,
it's
a
key
firmware
and
a
lot
of
the
circuit
permit,
a
application
run
a
layer
so
attic
or
whether
I
need
upgrade.
F
My
application
enter
a
key
transversal,
the
get
the
right
state
remote
a
call,
then,
if
the
clean
price,
you
start
with
a
secret
domain.
Okay,
in
this
case
P
such
a
application
running
investigate
domain.
Okay,
usually
each
application
provider
have
no
secret
domain.
Okay,
that
hard
partition
today.
Are
you
create
secret
domain
of
the
secret
amenity
discrete
domain?
And
what
have
you
our
secret
to
learn
when
you
learn
secret
domain?
You
can
inscribe
multiple
trust
application.
These
are
cell
isolation,
I
will
say
at
a
harness,
missional
oscillation
important.
F
In
fact,
he
now
uses
secret
domain
as
a
skin
of
isolation.
The
crafty
circuit
dome
is
the
key
start,
definitely
cannot
reach
out.
Actually
each
other
applications
be
to
persecute
them.
They
usually
not
communicate
each
other,
but
you
could
it
be
pinky
tries
you
can
start
work
at
that
if
you
magic
koopa
mess,
whether
they
can
talk
to
each
other,
that
key
implementation,
but
you
can
secrete
demanding
inside
secret
to
many
style.
Applications
through
api
can
install
update
and
delete.
That
is
three
api's.
F
Ask
account
a
piaster
to
develop
our
intent,
so
three
messages
three
pairs
of
adjacent
messages,
yeah
and
then
what
other
element
you
need
the
keys
in
a
in
at
one
side,
you
have
a
key
clip
here
and
a
certificate
the
other
today,
so
you
have
a
unique
appearance
certificate
put
device
now,
I,
usually
use
trusted
by
CSO
TM.
Will
trust
T
like
this
here
root
series
of
key
certificate?
Okay,
you
trust.
F
Pca,
okay,
touch
the
air
so
that
you
have
unique
certificate
from
where
you
wanna
keep
here
an
option
certificate
when
you
put
it
that
the
for
my
side
and
will
pass
the
tea
and
a
tea
that
I
get
busted.
We
include
piece
of
information
about
a
February
trustworthy
if
we
just
sent
to
TM,
PMS
or
okay.
You
started
with
firmware
as
a
side
and
there's
tea
also
side.
Now
this
is
set
up
for
tea
and
a
tea
from
where
our
trust,
so
teams
are
now
Sergei.
F
These
are
compiled
with
my
policy
I'm,
going
to
inspire
my
application
introduce
devices
if
the
trance
of
the
compromise
are
not
trustworthy,
not
in
the
UNAM
and
I
trust.
I
do
not
distribute
my
applications
better
purpose
yeah
here
inside
this
is
really
standard
organization
certificate
on
25
which
key
ramp.
You
are
right,
that's
a
standard
one.
Should
we
provide
again
civil
provider?
Has
organizations
certificate?
You
find
your
application
so
that
key
a
divided
society
can
make
choice.
F
Where
there
is
trust
you
are,
they
can
make
a
decision
so
that
the
main
was
each
side
silver
for
outside
the
TV
side.
I
recognize
this
one.
This
is
a
multiple
wondering
relationship.
Something
we
will
follow
is
to
like
this.
It's
a
quick
lead
in
a
minute,
so
start
with
a
clean.
Are
you
choose
our
client
application?
Number
half
you
rather
I'm
a
regular
developer.
I
run
apps
top
where
the
TM
PM's
already
inside
my
first
to
trust
application.
F
You
talk
about
your
sensor,
application
manager,
so
the
Patricia
Ramanujan
aku
230,
so
you
have
the
insert
device.
Is
that
cannot
just
working
it'll?
Ask
you
got
a
kid
to
have
state
it
compact
bunch
of
information,
part
of
the
TE
and
the
Sun
we're
so
TMZ?
Okay.
This
is
classic
further.
My
policy
I
allow
you
to
proceed
to
install
RTA.
So
now
it's
a
send
a
command.
That
message
message
say:
create
a
secure
domain.
First
time
this
can't
happen
require
or
tiph
understand,
a
message.
Eet.
You
are
decrypted
and
in
courage,
secret
domain.
F
When
a
finish
since
tablet.
Back
now,
you
further
say
you
start
here:
you
can
send
a
word
just
application
as
data
okay,
applications
really
partner
data
along
with
any
personalization
theta.
You
have
acacia
Indonesia
asset,
you
personalized
or
telecentre,
over
interrupted
only
after
Raj,
cantilever
I,
don't
know
what
talk
about
data
here
only
track
detail.
Anyone
in
the
middle
is
not
able
to
open
it
so
that
some
flow
in
summarize
that
that's
a
power
statement.
Whatever
janitors
you
have
many
T's
in
in
a
secure
environment,
open
to
many
companies
develop
applications.
F
C
F
F
Cannot
clap
said
who
is
going
to
initialize
the
application?
Installation
typically
say
social
opportunity
run.
It's
a
it's
hidden,
your
search
interface,
your
external
voltage,
most
of
your
regular
application.
You
have
payment
application.
You
have
came
my
game
application,
you
memorize,
or
it's
playing
a
smart
TV,
that's
your
app
that
are
rigged
lab,
but
now
you
know
that
it's
a
mass
security,
sensitive
operations,
electron
and
transfer
app
in
the
environment
that
way
I
want
to
install
it.
That's
a
typical
usage!