Using Trusted Execution Environments in Two-factor Authentication: comparing approaches

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    90 Downloads (Pure)


    Classic two-factor authentication has been around for a long time and has enjoyed success in certain markets (such as the corporate and the banking environ- ment). A reason for this success are the strong security properties, particularly where user interaction is concerned. These properties hinge on a security token being a physi- cally separate device. This paper investigates whether Trusted Execution Environments (TEE) can be used to achieve a comparable level of security without the need to have a separate device. To do this, we introduce a model that shows the security properties of user interaction in two-factor authentication. The model is used to examine two TEE technologies, Intel’s IPT and ARM TrustZone, revealing that, although it is possible to get close to classic two-factor authentication in terms of user interaction security, both technologies have distinct drawbacks. The model also clearly shows an open problem shared by many TEEs: how to prove to the user that they are dealing with a trusted application when trusted and untrusted applications share the same display.
    Original languageUndefined
    Title of host publicationProceedings of the Open Identity Summit 2013 (OID 2013)
    Place of PublicationBonn, Germany
    PublisherGesellschaft for Informatik
    Number of pages12
    ISBN (Print)978-3-88579-617-6
    Publication statusPublished - Sept 2013
    EventOpen Identity Summit 2013, OID 2013 - Kloster-Banz, Germany
    Duration: 9 Sept 201311 Sept 2013

    Publication series

    NameLecture Notes in Informatics
    PublisherGesellschaft for Informatik


    ConferenceOpen Identity Summit 2013, OID 2013
    Other9-11 September 2013


    • EWI-25012
    • trusted execution environment
    • two-factor authentication
    • METIS-306007
    • Intel Identity Protection Technology
    • ARM TrustZone
    • IR-91957
    • IPT

    Cite this