Using Trusted Execution Environments in Two-factor Authentication: comparing approaches

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    49 Downloads (Pure)

    Abstract

    Classic two-factor authentication has been around for a long time and has enjoyed success in certain markets (such as the corporate and the banking environ- ment). A reason for this success are the strong security properties, particularly where user interaction is concerned. These properties hinge on a security token being a physi- cally separate device. This paper investigates whether Trusted Execution Environments (TEE) can be used to achieve a comparable level of security without the need to have a separate device. To do this, we introduce a model that shows the security properties of user interaction in two-factor authentication. The model is used to examine two TEE technologies, Intel’s IPT and ARM TrustZone, revealing that, although it is possible to get close to classic two-factor authentication in terms of user interaction security, both technologies have distinct drawbacks. The model also clearly shows an open problem shared by many TEEs: how to prove to the user that they are dealing with a trusted application when trusted and untrusted applications share the same display.
    Original languageUndefined
    Title of host publicationProceedings of the Open Identity Summit 2013 (OID 2013)
    Place of PublicationBonn, Germany
    PublisherGesellschaft for Informatik
    Pages20-31
    Number of pages12
    ISBN (Print)978-3-88579-617-6
    Publication statusPublished - Sep 2013
    EventOpen Identity Summit 2013, OID 2013 - Kloster-Banz, Germany
    Duration: 9 Sep 201311 Sep 2013

    Publication series

    NameLecture Notes in Informatics
    PublisherGesellschaft for Informatik
    VolumeP-223

    Conference

    ConferenceOpen Identity Summit 2013, OID 2013
    Period9/09/1311/09/13
    Other9-11 September 2013

    Keywords

    • EWI-25012
    • trusted execution environment
    • two-factor authentication
    • METIS-306007
    • Intel Identity Protection Technology
    • ARM TrustZone
    • IR-91957
    • IPT

    Cite this