Trusted execution environment-based authentication gauge (TEEBAG)

Proceedings of the 2016 New Security Paradigms Workshop Pub Date : 2016-09-26 DOI:10.1145/3011883.3011892

Ranjbar A. Balisane, Andrew C. Martin

{"title":"Trusted execution environment-based authentication gauge (TEEBAG)","authors":"Ranjbar A. Balisane, Andrew C. Martin","doi":"10.1145/3011883.3011892","DOIUrl":null,"url":null,"abstract":"We present a new approach to authentication using Trusted Execution Environments (TEEs), by changing the location of authentication from a remote device (e.g. remote authentication server) to user device(s) that are TEE enabled. The authentication takes place locally on the user device and only the outcome is sent back to the remote device. Our approach uses existing features and capabilities of TEEs to enhance the security of user authentication. We reverse the way traditional authentication schemes work: instead of the user presenting their authentication data to a remote device, we request the remote device to send the stored authentication template (s) to the local device. Almost paradoxically, this enhances security of authentication data by supplying it only to a trusted device, and so enabling users to authenticate the intended remote entity. This addresses issues related with bad SSL certificates on local devices, DNS poisoning, and counteracts certain threats posed by the presence of malware. We present a protocol to implement such authentication system discussing its strengths and limitations, before identifying available technologies to implement the architecture.","PeriodicalId":408939,"journal":{"name":"Proceedings of the 2016 New Security Paradigms Workshop","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2016 New Security Paradigms Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3011883.3011892","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

We present a new approach to authentication using Trusted Execution Environments (TEEs), by changing the location of authentication from a remote device (e.g. remote authentication server) to user device(s) that are TEE enabled. The authentication takes place locally on the user device and only the outcome is sent back to the remote device. Our approach uses existing features and capabilities of TEEs to enhance the security of user authentication. We reverse the way traditional authentication schemes work: instead of the user presenting their authentication data to a remote device, we request the remote device to send the stored authentication template (s) to the local device. Almost paradoxically, this enhances security of authentication data by supplying it only to a trusted device, and so enabling users to authenticate the intended remote entity. This addresses issues related with bad SSL certificates on local devices, DNS poisoning, and counteracts certain threats posed by the presence of malware. We present a protocol to implement such authentication system discussing its strengths and limitations, before identifying available technologies to implement the architecture.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于可信执行环境的身份验证标准(TEEBAG)

我们提出了一种使用可信执行环境(TEE)进行身份验证的新方法，通过将身份验证的位置从远程设备(例如远程认证服务器)更改为启用TEE的用户设备。身份验证在用户设备上本地进行，只有结果被发送回远程设备。我们的方法使用tee的现有特性和功能来增强用户身份验证的安全性。我们颠覆了传统的身份验证方案的工作方式:我们要求远程设备将存储的身份验证模板发送到本地设备，而不是用户向远程设备提供他们的身份验证数据。几乎自相矛盾的是，这增强了身份验证数据的安全性，因为它只提供给受信任的设备，从而使用户能够对预期的远程实体进行身份验证。这解决了与本地设备上的坏SSL证书、DNS中毒相关的问题，并抵消了恶意软件存在带来的某些威胁。在确定实现该体系结构的可用技术之前，我们提出了一个实现这种身份验证系统的协议，讨论了它的优点和局限性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the 2016 New Security Paradigms Workshop

自引率

0.00%

发文量