Towards trusted execution of multi-modal continuous authentication schemes

Abstract

The emergence of powerful, sensor-rich devices has led to the development of continuous authentication (CA) schemes using off-the-shelf hardware, where user behaviour is compared to past experience to produce an authentication decision with the aim of addressing challenges with traditional authentication schemes. Current CA proposals, however, have largely neglected adversaries present in a real-world deployment, namely the ubiquity of mal ware and software attacks. This has particular importance when a device cannot be trusted by a third-party, such as a corporation, that controls access to assets based on that decision. A software compromise, either on the scheme implementation or platform, may enable an adversary to modify authentication scores to alter the status of the device in reality, give insights into user behaviour, or gain unauthorised access to restricted assets. Hence, for the first time, we examine two standardised constructs that offer isolated and trusted execution - Secure Elements (SEs) and Trusted Execution Environments (TEEs) - even when an adversary has root-level privileges, and propose measures for providing trusted CA while retaining deployability. Based on these, we implement the first system for evaluating TEE-based CA on a consumer mobile device using Intel SGX, thus providing confidentiality, integrity and trust while removing the main platform from the TCB. We present an empirical evaluation of TEE-and non-TEE performance using methods proposed in related CA schemes. Our results indicate that trusted CA can be provided with no significant performance penalty, and may even offer performance benefits.