Applications of Trusted Execution Environments (TEEs)
Loading...
Journal Title
Journal ISSN
Volume Title
School of Science |
Doctoral thesis (article-based)
| Defence date: 2017-06-19
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.
Author
Date
2017
Major/Subject
Mcode
Degree programme
Language
en
Pages
119 + app. 105
Series
Aalto University publication series DOCTORAL DISSERTATIONS, 105/2017
Abstract
Trust is vital for arbitrary entities to interact and cooperate. These entities may have different security requirements. Trust allows them to ensure that they will behave correctly and fulfill each other's security requirements as well as assure their privacy. A Trusted Execution Environment (TEE) is one available technology that can be used to establish trust between entities. TEEs are widely deployed on device platforms, and recently they have also begun to appear on server platforms. In multilateral scenarios, hardware-based TEEs allow us to build efficient protocols and systems for ensuring security requirements of the non-trusting entities and assuring their privacy. In this dissertation, I consider two separate use cases where trust is required at the user's end: hosting credentials such as electronic identity on users' devices (e.g. mobile phones), and using NFC-enabled devices for hosting public transport ticketing credentials. I present a TEE-based architecture for hosting different types of credentials securely on users' devices, and using them from the devices over various communication channels (e.g. USB and NFC). I also show how to use TEEs to assure user-to-device binding, and attest the level of security on devices for remote credential provisioning. These solutions are supported by implementations on real mobile devices with hardware TEEs based on ARM TrustZone. I also show an example of how to use TEEs to ensure users' data privacy while accessing services on third-party infrastructure. For this, I consider the use case of cloud-based mobile malware checking where users submit queries about their mobile applications to an untrusted server, which processes users' queries in a TEE and returns the results without learning anything about the content of the queries. A prototype of this service was built using two different hardware TEE platforms: ARM TrustZone and Intel SGX. The work described in this dissertation takes advantage of the programmability offered by TEEs to implement application-specific security functionality. However, other non-programmable trusted hardware, such as TPMs, can also be used as trust anchors. I compare and contrast programmable versus non-programmable trusted hardware, considering the functionality and interfaces each offers. Further, I present a categorization of credentials based on their migration policies and discuss possible mechanisms to migrate/share credentials among other devices belonging to the same users. I also discuss the importance of a trusted path for user-to-TEE interactions and present an overview of the currently available mechanisms to establish a trusted path. Finally, I describe how to leverage a combination of TEEs on users' devices as well as the infrastructure to enhance the security of applications and further develop new types of services.Description
Supervising professor
N. Asokan, Prof., Aalto University, Department of Computer Science, FinlandThesis advisor
Paverd, Andrew, Dr., Aalto University, Department of Computer Science, FinlandEkberg, Jan-Erik, Dr., DarkMatter LLC, Finland
Keywords
Trusted Execution Environment, TEE, security
Other note
Parts
-
[Publication 1]: Sandeep Tamrakar, Jan-Erik Ekberg, Pekka Laitinen, N. Asokan and Tuomas Aura. Can Hand-Held Computers Still Be Better Smart Cards?. In International Conference on Trusted Systems (InTrust 2010), pages 200 – 218, December 2010.
DOI: 10.1007/978-3-642-25283-9_14 View at publisher
-
[Publication 2]: Sandeep Tamrakar, Jan-Erik Ekberg, and N. Asokan. Identity Verification Schemes for Public Transport Ticketing with NFC Phones. In Proceedings of the Sixth ACMWorkshop on Scalable Trusted Computing, Chicago, Illinois, USA, pages 37 – 48, October 2011.
DOI: 10.1145/2046582.2046591 View at publisher
-
[Publication 3]: Jan-Erik Ekberg and Sandeep Tamrakar. Mass Transit Ticketing with NFC Mobile Phones. In International Conference Trusted Systems (InTrust 2011), Beijing, China, pages 48 – 65, November 2011.
DOI: 10.1007/978-3-642-32298-3_4 View at publisher
-
[Publication 4]: Sandeep Tamrakar and Jan-Erik Ekberg. Tapping and Tripping with NFC. In International Conference on Trust and Trustworthy Computing (TRUST 2013), Won the Best Paper Award, London, UK, pages 115 – 132, June 2013.
DOI: 10.1007/978-3-642-38908-5_9 View at publisher
-
[Publication 5]: Sandeep Tamrakar, Jan-Erik Ekberg, Pekka Laitinen. On Rehoming the Electronic ID to TEEs. In IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-15), Helsinki, Finland, pages 49 – 56, Volume:1, August 2015.
DOI: 10.1109/Trustcom.2015.356 View at publisher
-
[Publication 6]: Sandeep Tamrakar, Jian Liu, Andrew Paverd, Jan-Erik Ekberg, Benny Pinkas, and N. Asokan. The Circle Game: Scalable Private Membership Test Using Trusted Hardware. In ACM Asia Conference on Computer and Communications Security (ASIACCS) 2017, Honorable Mention, Abu Dhabi, UAE, pages 31 – 44, April 2017.
DOI: 10.1145/3052973.3053006 View at publisher