Using Trusted Execution Environments in Two-factor Authentication: comparing approaches
| dc.contributor.author | Rijswijk-Deij, Roland van | |
| dc.contributor.author | Poll, Erik | |
| dc.contributor.editor | Hühnlein, Detlef | |
| dc.contributor.editor | Roßnagel, Heiko | |
| dc.date.accessioned | 2018-10-10T08:35:34Z | |
| dc.date.available | 2018-10-10T08:35:34Z | |
| dc.date.issued | 2013 | |
| dc.description.abstract | Classic two-factor authentication has been around for a long time and has enjoyed success in certain markets (such as the corporate and the banking environment). A reason for this success are the strong security properties, particularly where user interaction is concerned. These properties hinge on a security token being a physically separate device. This paper investigates whether Trusted Execution Environments (TEE) can be used to achieve a comparable level of security without the need to have a separate device. To do this, we introduce a model that shows the security properties of user interaction in two-factor authentication. The model is used to examine two TEE technologies, Intel's IPT and ARM TrustZone, revealing that, although it is possible to get close to classic two-factor authentication in terms of user interaction security, both technologies have distinct drawbacks. The model also clearly shows an open problem shared by many TEEs: how to prove to the user that they are dealing with a trusted application when trusted and untrusted applications share the same display. | en |
| dc.identifier.isbn | 978-3-88579-617-6 | |
| dc.identifier.pissn | 1617-5468 | |
| dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/17195 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik e.V. | |
| dc.relation.ispartof | Open Identity Summit 2013 | |
| dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-223 | |
| dc.subject | trusted execution environment | |
| dc.subject | Intel Identity Protection Technology | |
| dc.subject | IPT | |
| dc.subject | ARM TrustZone | |
| dc.subject | two-factor authentication | |
| dc.title | Using Trusted Execution Environments in Two-factor Authentication: comparing approaches | en |
| dc.type | Text/Conference Paper | |
| gi.citation.endPage | 31 | |
| gi.citation.publisherPlace | Bonn | |
| gi.citation.startPage | 20 | |
| gi.conference.date | 10.-11.09.2013 | |
| gi.conference.location | Kloster Banz | |
| gi.conference.sessiontitle | Regular Research Papers |
Dateien
Originalbündel
1 - 1 von 1