Towards trusted execution of multi-modal continuous authentication schemes

Shepherd, Carlton; Akram, Raja Naeem; Markantonakis, Konstantinos

doi:10.1145/3019612.3019652

Cited by 9 publications

(9 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In fact, the aim is to give to the mobile application means to verify the authenticity of the data produced by the sensor. In short, we can argue that the related work, mainly [4], [8], [9], is complementary to ours, once we deal with the same problem but from a different perspective.…”

Section: Related Workmentioning

confidence: 82%

“…Both POST messages (Key Exchange and Cipher Upload) were implemented as asynchronous tasks to allow the Android app to call them upon demand. In the mobile side, we used the SecureRandom class with a strong RNG provided by Android to generate the ECDH seed 4 .…”

Section: A the Implementationmentioning

confidence: 99%

“…Researchers are now starting to put more efforts on this subject, driven by the recent threats and data breaches, as mentioned in session I and II. In the work presented in [4], the authors focus on analysing the biometric data from mobile devices by using enclaves. They implement and evaluate three SGX-compatible learning algorithms: Naive Bayes (NB), k-Nearest Neighbour (kNN) and Logistic Regression (LR).…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Mobile App to SGX Enclave Secure Channel

Ota

Meira

Cassagnes

et al. 2019

2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)

View full text Add to dashboard Cite

The current challenge for several applications is to guarantee the user's privacy when using personal data. The broader problem is to transfer and process the data without exposing the sensitive content to anyone, including the service provider(s). In this paper, we address this challenge by proposing a protocol to combine secure frameworks in order to exchange and process sensitive data, i.e. respecting user's privacy. Our contribution is a protocol to perform a secure exchange of data between a mobile application and a trusted execution environment. In our experiments we show independent implementations of our protocol using three different encryption modes (i.e., CBC, ECB, GCM encryption). Our results support the feasibility and importance of an end-to-end secure channel protocol.

show abstract

Section: Related Workmentioning

confidence: 82%

Section: A the Implementationmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Mobile App to SGX Enclave Secure Channel

Ota

Meira

Cassagnes

et al. 2019

2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)

View full text Add to dashboard Cite

show abstract

“…Public verifiability of origin, as in [4], has not been addressed in recent TEE loggers, which could be potentially useful to authenticate system data from remote devices, e.g. generating trust scores from log data for access control [2] and continuous authentication [22,29]. Recent TEE-based schemes, i.e.…”

Section: Discussionmentioning

confidence: 99%

EmLog: Tamper-Resistant System Logging for Constrained Devices with TEEs

Shepherd

Akram

Markantonakis

2018

Information Security Theory and Practice

Self Cite

View full text Add to dashboard Cite

Remote mobile and embedded devices are used to deliver increasingly impactful services, such as medical rehabilitation and assistive technologies. Secure system logging is beneficial in these scenarios to aid audit and forensic investigations particularly if devices bring harm to end-users. Logs should be tamper-resistant in storage, during execution, and when retrieved by a trusted remote verifier. In recent years, Trusted Execution Environments (TEEs) have emerged as the go-to root of trust on constrained devices for isolated execution of sensitive applications. Existing TEE-based logging systems, however, focus largely on protecting server-side logs and offer little protection to constrained source devices. In this paper, we introduce EmLog -a tamper-resistant logging system for constrained devices using the GlobalPlatform TEE. EmLog provides protection against complex software adversaries and offers several additional security properties over past schemes. The system is evaluated across three log datasets using an off-the-shelf ARM development board running an open-source, GlobalPlatform-compliant TEE. On average, EmLog runs with low run-time memory overhead (1MB heap and stack), 430-625 logs/second throughput, and five-times persistent storage overhead versus unprotected logs.

show abstract

“…Both components may be instantiated using conventional security controls provided by modern mobile operating systems, such as application sandboxing, which we concentrate on this work. However, for further security assurances against kernel-mode (ring 0) adversaries, this may be realised using a trusted execution environment (TEE), as suggested in [16] and [24]. We also consider a context-manipulating adversary, e.g.…”

Section: Assumptions and Threat Modelmentioning

confidence: 99%

Privacy-Enhancing Context Authentication from Location-Sensitive Data

Mainali¹,

Shepherd²,

Petitcolas³

2019

Proceedings of the 14th International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

This paper proposes a new privacy-enhancing, context-aware user authentication system, ConSec, which uses a transformation of general location-sensitive data, such as GPS location, barometric altitude and noise levels, collected from the user's device, into a representation based on locality-sensitive hashing (LSH). The resulting hashes provide a dimensionality reduction of the underlying data, which we leverage to model users' behaviour for authentication using machine learning. We present how ConSec supports learning from categorical and numerical data, while addressing a number of on-device and network-based threats. ConSec is implemented subsequently for the Android platform and evaluated using data collected from 35 users, which is followed by a security and privacy analysis. We demonstrate that LSH presents a useful approach for context authentication from location-sensitive data without directly utilising plain measurements. CCS CONCEPTS• Security and privacy → Authentication; Privacy-preserving protocols; Mobile and wireless security.

show abstract

Towards trusted execution of multi-modal continuous authentication schemes

Cited by 9 publications

References 17 publications

Mobile App to SGX Enclave Secure Channel

Mobile App to SGX Enclave Secure Channel

EmLog: Tamper-Resistant System Logging for Constrained Devices with TEEs

Privacy-Enhancing Context Authentication from Location-Sensitive Data

Contact Info

Product

Resources

About