Applications of Trusted Execution Environments (TEEs)

 |  Login

Show simple item record

dc.contributor Aalto-yliopisto fi
dc.contributor Aalto University en
dc.contributor.advisor Paverd, Andrew, Dr., Aalto University, Department of Computer Science, Finland
dc.contributor.advisor Ekberg, Jan-Erik, Dr., DarkMatter LLC, Finland Tamrakar, Sandeep 2017-06-10T09:02:45Z 2017-06-10T09:02:45Z 2017
dc.identifier.isbn 978-952-60-7463-4 (electronic)
dc.identifier.isbn 978-952-60-7464-1 (printed)
dc.identifier.issn 1799-4942 (electronic)
dc.identifier.issn 1799-4934 (printed)
dc.identifier.issn 1799-4934 (ISSN-L)
dc.description.abstract Trust is vital for arbitrary entities to interact and cooperate. These entities may have different security requirements. Trust allows them to ensure that they will behave correctly and fulfill each other's security requirements as well as assure their privacy. A Trusted Execution Environment (TEE) is one available technology that can be used to establish trust between entities. TEEs are widely deployed on device platforms, and recently they have also begun to appear on server platforms.  In multilateral scenarios, hardware-based TEEs allow us to build efficient protocols and systems for ensuring security requirements of the non-trusting entities and assuring their privacy. In this dissertation, I consider two separate use cases where trust is required at the user's end: hosting credentials such as electronic identity on users' devices (e.g. mobile phones), and using NFC-enabled devices for hosting public transport ticketing credentials. I present a TEE-based architecture for hosting different types of credentials securely on users' devices, and using them from the devices over various communication channels (e.g. USB and NFC). I also show how to use TEEs to assure user-to-device binding, and attest the level of security on devices for remote credential provisioning. These solutions are supported by implementations on real mobile devices with hardware TEEs based on ARM TrustZone. I also show an example of how to use TEEs to ensure users' data privacy while accessing services on third-party infrastructure. For this, I consider the use case of cloud-based mobile malware checking where users submit queries about their mobile applications to an untrusted server, which processes users' queries in a TEE and returns the results without learning anything about the content of the queries. A prototype of this service was built using two different hardware TEE platforms: ARM TrustZone and Intel SGX.  The work described in this dissertation takes advantage of the programmability offered by TEEs to implement application-specific security functionality. However, other non-programmable trusted hardware, such as TPMs, can also be used as trust anchors. I compare and contrast programmable versus non-programmable trusted hardware, considering the functionality and interfaces each offers. Further, I present a categorization of credentials based on their migration policies and discuss possible mechanisms to migrate/share credentials among other devices belonging to the same users. I also discuss the importance of a trusted path for user-to-TEE interactions and present an overview of the currently available mechanisms to establish a trusted path. Finally, I describe how to leverage a combination of TEEs on users' devices as well as the infrastructure to enhance the security of applications and further develop new types of services. en
dc.format.extent 119 + app. 105
dc.format.mimetype application/pdf en
dc.language.iso en en
dc.publisher Aalto University en
dc.publisher Aalto-yliopisto fi
dc.relation.ispartofseries Aalto University publication series DOCTORAL DISSERTATIONS en
dc.relation.ispartofseries 105/2017
dc.relation.haspart [Publication 1]: Sandeep Tamrakar, Jan-Erik Ekberg, Pekka Laitinen, N. Asokan and Tuomas Aura. Can Hand-Held Computers Still Be Better Smart Cards?. In International Conference on Trusted Systems (InTrust 2010), pages 200 – 218, December 2010. DOI: 10.1007/978-3-642-25283-9_14
dc.relation.haspart [Publication 2]: Sandeep Tamrakar, Jan-Erik Ekberg, and N. Asokan. Identity Verification Schemes for Public Transport Ticketing with NFC Phones. In Proceedings of the Sixth ACMWorkshop on Scalable Trusted Computing, Chicago, Illinois, USA, pages 37 – 48, October 2011. DOI: 10.1145/2046582.2046591
dc.relation.haspart [Publication 3]: Jan-Erik Ekberg and Sandeep Tamrakar. Mass Transit Ticketing with NFC Mobile Phones. In International Conference Trusted Systems (InTrust 2011), Beijing, China, pages 48 – 65, November 2011. DOI: 10.1007/978-3-642-32298-3_4
dc.relation.haspart [Publication 4]: Sandeep Tamrakar and Jan-Erik Ekberg. Tapping and Tripping with NFC. In International Conference on Trust and Trustworthy Computing (TRUST 2013), Won the Best Paper Award, London, UK, pages 115 – 132, June 2013. DOI: 10.1007/978-3-642-38908-5_9
dc.relation.haspart [Publication 5]: Sandeep Tamrakar, Jan-Erik Ekberg, Pekka Laitinen. On Rehoming the Electronic ID to TEEs. In IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-15), Helsinki, Finland, pages 49 – 56, Volume:1, August 2015. DOI: 10.1109/Trustcom.2015.356
dc.relation.haspart [Publication 6]: Sandeep Tamrakar, Jian Liu, Andrew Paverd, Jan-Erik Ekberg, Benny Pinkas, and N. Asokan. The Circle Game: Scalable Private Membership Test Using Trusted Hardware. In ACM Asia Conference on Computer and Communications Security (ASIACCS) 2017, Honorable Mention, Abu Dhabi, UAE, pages 31 – 44, April 2017. DOI: 10.1145/3052973.3053006
dc.subject.other Computer science en
dc.title Applications of Trusted Execution Environments (TEEs) en
dc.type G5 Artikkeliväitöskirja fi Perustieteiden korkeakoulu fi School of Science en
dc.contributor.department Tietotekniikan laitos fi
dc.contributor.department Department of Computer Science en
dc.subject.keyword Trusted Execution Environment en
dc.subject.keyword TEE en
dc.subject.keyword security en
dc.identifier.urn URN:ISBN:978-952-60-7463-4
dc.type.dcmitype text en
dc.type.ontasot Doctoral dissertation (article-based) en
dc.type.ontasot Väitöskirja (artikkeli) fi
dc.contributor.supervisor N. Asokan, Prof., Aalto University, Department of Computer Science, Finland
dc.opn Leppänen, Ville, Prof., University of Turku, Finland
dc.contributor.lab Secure Systems en
dc.rev Mayrhofer, René, Prof., Johannes Kepler University, Austria
dc.rev Markantonakis, Konstantinos, Prof., University of London, UK 2017-06-19

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search archive

Advanced Search

article-iconSubmit a publication


My Account