Secure Authentication Key Sharing between Personal Mobile Devices Based on Owner Identity

Nishimura, Hideo; Omori, Yoshihiko; Yamashita, Takahiro

doi:10.2197/ipsjjip.28.292

Cited by 3 publications

(1 citation statement)

References 12 publications

(11 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Tan and Song [12], [13] proposed a key migration protocol that supports mutual authentication between trusted roots, which achieves identity binding of both migration parties by adding device attributes in the authentication process between the source and target devices to the service provider. Nishimura et al [14] propose using a trusted third party to identify the owner of a personal device to prevent the sharing of authentication keys to malicious nodes. The literature mentioned above, however, all needs to assume that the thirdparty service provider is trusted.…”

Section: Related Workmentioning

confidence: 99%

MA-TEECM: Mutual Anonymous Authentication-Based Credential Migration Technology for Mobile Trusted Execution Environments

Wang

Yan

2023

IEEE Access

View full text Add to dashboard Cite

ARM TrustZone is the most widely used mobile trusted execution environment (TEE) technology today. Its hardware-enabled isolated execution environment provides reliable assurance of secure storage of credentials in mobile devices. However, the research on managing credentials stored in the TEE throughout the lifecycle of mobile devices has received little attention in recent years, and the credentials in TEE generally face usability problems caused by the mobile device lifecycle events. Aiming at the risk of information disclosure caused by the third-party service providers in the traditional credential migration scheme, this paper presents a mutual anonymous authentication-based credential migration framework for mobile trusted execution environments. First, we propose a peer-to-peer credential migration model between mobile terminals based on TrustZone and SGX, which solves the single point of failure caused by attacks on trusted third parties that act as credential transfer stations and managers in traditional solutions; Second, we propose an identity authentication protocol between TEEs based on mutual anonymous authentication, and a detailed authentication process is designed based on the universal mobile TEE model; Third, we build a formal verification model using High-Level Protocol Specification Language (HLPSL). Finally, the formal and informal security analysis indicate that the improved scheme meets the expected security requirements and is secure against several known attacks.

show abstract

Section: Related Workmentioning

confidence: 99%