Credential Disabling from Trusted Execution Environments

A generic credential platform realized using a hardware- based trusted execution environment (TrEE) provides a usable and inexpensive way to secure various applications and services. An important requirement for any credential platform is the ability to disable and restore credentials. In this paper, we raise the problem of temporary credential disabling from embedded TrEEs and explain why straightforward solutions fall short. We present two novel credential disabling approaches: one based on the presence check of a personal element, such as SIM card, and another utilizing a semi-trusted server. We have implemented the server-based credential disabling solution for mobile phones with M-Shield TrEE.

[1]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[2]  Valtteri Niemi,et al.  Cellular Authentication for Mobile and Internet Services , 2008 .

[3]  N. Asokan,et al.  On-board credentials with open provisioning , 2009, ASIACCS '09.

[4]  Ahmad-Reza Sadeghi,et al.  Secure Data Management in Trusted Computing , 2005, CHES.

[5]  Srinivas Devadas,et al.  The Trusted Execution Module: Commodity General-Purpose Trusted Computing , 2008, CARDIS.

[6]  Ahmad-Reza Sadeghi,et al.  Trusted Computing - Challenges and Applications, First International Conference on Trusted Computing and Trust in Information Technologies, Trust 2008, Villach, Austria, March 11-12, 2008, Proceedings , 2008, TRUST.

[7]  Stephen Farrell Securely Available Credentials Protocol , 2004, RFC.

[8]  Bart Preneel,et al.  Embedded Trusted Computing with Authenticated Non-volatile Memory , 2008, TRUST.

[9]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.

[10]  Srinivas Devadas,et al.  Offline untrusted storage with immediate detection of forking and replay attacks , 2007, STC '07.

[11]  C. Heath Symbian OS Platform Security , 2006 .

[12]  Mihir Bellare,et al.  EAX: A Conventional Authenticated-Encryption Mode , 2003, IACR Cryptol. ePrint Arch..

[13]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.