Secure Enrollment and Practical Migration for Mobile Trusted Execution Environments
Abstract
Smartphones can implement various security services from mobile banking to security tokens used for physical access control. System-wide trusted execution environments (TEEs), like ARM TrustZone, allow implementation of these services that withstand malware and operating system compromise. While researchers and developers have focused on secure storage and processing of credentials on such mobile TEEs, secure and practical bootstrapping of security services has been overlooked. The goal of this paper is to put forward the problem of secure user enrollment in the context of mobile system-wide TEEs. We explain why user identity binding to a mobile device is challenging on current smartphone platforms, and argue that current mobile device architectures do not facilitate secure enrollment and migration for such TEEs. We outline possible architecture changes that would enable the realization of secure and practical enrollment, and thus enable more widespread secure deployment of various mobile security services. © 2013 ACM.
People
BibTex
@inproceedings{marforio2013secure,
author = {Marforio, Claudio and Karapanos, Nikolaos and Soriente, Claudio and Kostiainen, Kari and Capkun, Srdjan},
title = {{Secure Enrollment and Practical Migration for Mobile Trusted Execution Environments}},
booktitle = {Proceedings of the Third ACM workshop on Security and privacy in smartphones {\&} mobile devices},
address = {Berlin, Germany},
year = 2013,
month = nov,
publisher = {Association for Computing Machinery},
doi = {10.1145/2516760.2516764},
url = {https://doi.org/10.1145/2516760.2516764}
}Research Collection: 20.500.11850/70806