TEEvil: Identity Lease via Trusted Execution Environments

arXiv

Abstract

We investigate identity lease, a new type of service in which users lease their identities to third parties by providing them with full or restricted access to their online accounts or credentials. We discuss how identity lease could be abused to subvert the digital society, facilitating the spread of fake news and subverting electronic voting by enabling the sale of votes. We show that the emergence of Trusted Execution Environments and anonymous cryptocurrencies, for the first time, allows the implementation of such a lease service while guaranteeing fairness, plausible deniability and anonymity, therefore shielding the users and account renters from prosecution. To show that such a service can be practically implemented, we build an example service that we call TEEvil leveraging Intel SGX and ZCash. Finally, we discuss defense mechanisms and challenges in the mitigation of identity lease services.

People

Dr. Siniša Matetić
Doctoral Student (2015 – 2019)
SwissSign Group AG

BibTex

@UNPUBLISHED{puddu2019teevil,
	copyright = {In Copyright - Non-Commercial Use Permitted},
	year = {2019-05-09},
	type = {Working Paper},
	journal = {arXiv},
	author = {Puddu, Ivan and Lain, Daniele and Schneider, Moritz and Tretiakova, Elizaveta and Matetic, Sinisa and Capkun, Srdjan},
	size = {21 p.},
	abstract = {We investigate identity lease, a new type of service in which users lease their identities to third parties by providing them with full or restricted access to their online accounts or credentials. We discuss how identity lease could be abused to subvert the digital society, facilitating the spread of fake news and subverting electronic voting by enabling the sale of votes. We show that the emergence of Trusted Execution Environments and anonymous cryptocurrencies, for the first time, allows the implementation of such a lease service while guaranteeing fairness, plausible deniability and anonymity, therefore shielding the users and account renters from prosecution. To show that such a service can be practically implemented, we build an example service that we call TEEvil leveraging Intel SGX and ZCash. Finally, we discuss defense mechanisms and challenges in the mitigation of identity lease services.},
	language = {en},
	address = {Ithaca, NY},
	publisher = {Cornell University},
	number = {1903.00449v2},
	DOI = {10.3929/ethz-b-000358940},
	title = {TEEvil: Identity Lease via Trusted Execution Environments}
}

Research Collection: 20.500.11850/358940