MultiTEE: Distributing Trusted Execution Environments

The adoption of wearable technologies, such as smartwatches or wristbands, is rising. End-users expect to use all of their devices in an interconnected and seamless manner to conduct digital transactions, e.g., to pay or identify via their smartwatches, and not only via their smartphones. As sensitive transactions are usually protected by hardware-enforced isolation mechanisms, such as Trusted Execution Environments (TEEs), this brings new challenges of interconnecting TEEs to collaboratively conduct such transactions. We therefore propose MultiTEE, a distributed TEE architecture for heterogeneous device clusters, enabling secure data exchange and cooperation between TEEs. MultiTEE relies on lightweight, secure channels between TEEs, combined with remote attestation for the integrity verification of software stacks, as well as a memory-safe implementation. This enables an interface between Trusted Applications (TAs) of the distributed TEE similar to the interfaces of classic, single device TEEs. To demonstrate the feasibility of our solution, we built a Proof of Concept (PoC), partially implementing the upcoming European Digital Identity (EUDI) wallet to show the usage of heterogeneous device clusters for electronic identification. We evaluate our solution regarding performance and security.