Remote Credential Management with Mutual Attestation for Trusted Execution Environments

Shepherd, Carlton; Akram, Raja Naeem; Markantonakis, Konstantinos

doi:10.1007/978-3-030-20074-9_12

Cited by 7 publications

(4 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similarly, Literature [9] and [10] implement identity authentication management between credential migration devices through a trusted service provider. Carlton et al [11] demonstrated the necessity of mutual authentication in the credential migration service for the first time, and used formal tools to model their proposed mutual authentication protocol, proving the security of the protocol process. Tan and Song [12], [13] proposed a key migration protocol that supports mutual authentication between trusted roots, which achieves identity binding of both migration parties by adding device attributes in the authentication process between the source and target devices to the service provider.…”

Section: Related Workmentioning

confidence: 99%

MA-TEECM: Mutual Anonymous Authentication-Based Credential Migration Technology for Mobile Trusted Execution Environments

Wang

Yan

2023

IEEE Access

View full text Add to dashboard Cite

ARM TrustZone is the most widely used mobile trusted execution environment (TEE) technology today. Its hardware-enabled isolated execution environment provides reliable assurance of secure storage of credentials in mobile devices. However, the research on managing credentials stored in the TEE throughout the lifecycle of mobile devices has received little attention in recent years, and the credentials in TEE generally face usability problems caused by the mobile device lifecycle events. Aiming at the risk of information disclosure caused by the third-party service providers in the traditional credential migration scheme, this paper presents a mutual anonymous authentication-based credential migration framework for mobile trusted execution environments. First, we propose a peer-to-peer credential migration model between mobile terminals based on TrustZone and SGX, which solves the single point of failure caused by attacks on trusted third parties that act as credential transfer stations and managers in traditional solutions; Second, we propose an identity authentication protocol between TEEs based on mutual anonymous authentication, and a detailed authentication process is designed based on the universal mobile TEE model; Third, we build a formal verification model using High-Level Protocol Specification Language (HLPSL). Finally, the formal and informal security analysis indicate that the improved scheme meets the expected security requirements and is secure against several known attacks.

show abstract

Section: Related Workmentioning

confidence: 99%

MA-TEECM: Mutual Anonymous Authentication-Based Credential Migration Technology for Mobile Trusted Execution Environments

Wang

Yan

2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Mutual or bi-directional RA has been proposed for attesting and bootstrapping secure channels between two devices-shown in Fig. 2-using ARM TrustZone [13], [25], TPMs [26], [27], and PUFs as trust anchors [10]. In other work, the Seda [28] and SANA [29] systems address RA of device swarms by constructing an efficient topological path between its constituents and aggregating the responses for V. The reader is referred to Ambrosin et al [30] for a recent comprehensive survey of collective attestation schemes.…”

Section: Remote Attestation and Related Workmentioning

confidence: 99%

LIRA-V: Lightweight Remote Attestation for Constrained RISC-V Devices

Shepherd¹,

Markantonakis²,

Jaloyan³

2021

Preprint

Self Cite

View full text Add to dashboard Cite

This paper presents LIRA-V, a lightweight system for performing remote attestation between constrained devices using the RISC-V architecture. We propose using read-only memory and the RISC-V Physical Memory Protection (PMP) primitive to build a trust anchor for remote attestation and secure channel creation. Moreover, we propose a bi-directional attestation protocol for trusted device-to-device communication, which is subjected to formal symbolic verification using SCYTHER. We present the design, implementation and evaluation of LIRA-V using an off-the-shelf RISC-V microcontroller and present performance results to demonstrate its suitability. To our knowledge, we present the first remote attestation mechanism suitable for constrained RISC-V devices, with applications to the Internet of Things (IoT) and Cyber Physical Systems (CPS).

show abstract

“…Researchers should also be aware of emerging mobile TEE applications in recent research. Examples include secure mobile deep learning [84], protecting cryptocurrency wallets [51], authenticating adverts from mobile advertising networks [88], preserving the integrity of system logs [137,75], direct TEE-to-TEE communication with remote attestation [138,139], protecting healthcare data [135], and confidential image processing [33]. Such proposals could reflect possible commercial services and serve as future attack targets.…”

Section: Future Directionsmentioning

confidence: 99%

Physical Fault Injection and Side-Channel Attacks on Mobile Devices: A Comprehensive Analysis

Shepherd,

Markantonakis,

van Heijningen

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Today's mobile devices contain densely packaged system-on-chips (SoCs) with multi-core, highfrequency CPUs and complex pipelines. In parallel, sophisticated SoC-assisted security mechanisms have become commonplace for protecting device data, such as trusted execution environments (TEEs), full-disk and file-based encryption. Both advancements have dramatically complicated the use of conventional physical attacks, which has required the development of specialised attacks. In this survey, we consolidate recent developments in physical fault injections (FIAs) and side-channel attacks (SCAs) on modern mobile devices. In total, we comprehensively survey over 50 fault injection and side-channel attack papers published between 2009-2021. We evaluate the prevailing methods, compare existing attacks using a common framework, identify several challenges and shortcomings, and suggest future directions of research. Part of this work was presented to the European Commission during the EU Horizon 2020 EXFILES project (No. 88315) [43].

show abstract

Remote Credential Management with Mutual Attestation for Trusted Execution Environments

Cited by 7 publications

References 19 publications

MA-TEECM: Mutual Anonymous Authentication-Based Credential Migration Technology for Mobile Trusted Execution Environments

MA-TEECM: Mutual Anonymous Authentication-Based Credential Migration Technology for Mobile Trusted Execution Environments

LIRA-V: Lightweight Remote Attestation for Constrained RISC-V Devices

Physical Fault Injection and Side-Channel Attacks on Mobile Devices: A Comprehensive Analysis

Contact Info

Product

Resources

About