DocumentCode :
3703960
Title :
TrustTokenF: A Generic Security Framework for Mobile Two-Factor Authentication Using TrustZone
Author :
Yingjun Zhang;Shijun Zhao;Yu Qin;Bo Yang;Dengguo Feng
Author_Institution :
Trusted Comput. &
Volume :
1
fYear :
2015
Firstpage :
41
Lastpage :
48
Abstract :
We give a detail analysis of the security issues when using mobile devices as a substitution of dedicated hardware tokens in two-factor authentication (2FA) schemes and propose TrustTokenF, a generic security framework for mobile 2FA schemes, which provides comparable security assurance to dedicated hardware tokens, and is more flexible for token management. We first illustrate how to leverage the Trusted Execution Environment(TEE) based on ARM TrustZone to provide essential security features for mobile 2FA applications, i.e., runtime isolated execution and trusted user interaction, which resist software attackers who even compromise the entire mobile OS. We also use the SRAM Physical Unclonable Functions (PUFs) to provide persistent secure storage for the authentication secrets, which achieves both high-level security and low cost. Based on these security features, we design a series of secure protocols for token deployment, migration and device key updating. We also introduce TPM2.0 policy-based authorization mechanism to enhance the security of the interface from outside world into the trusted tokens. Finally, we implement the prototype system on real TrustZone-enabled hardware. The experiment results show that TrustTokenF is secure, flexible, economical and efficient for mobile 2FA applications.
Keywords :
"Authentication","Mobile communication","Hardware","Random access memory","Mobile handsets","Secure storage"
Publisher :
ieee
Conference_Titel :
Trustcom/BigDataSE/ISPA, 2015 IEEE
Type :
conf
DOI :
10.1109/Trustcom.2015.355
Filename :
7345263
Link To Document :
بازگشت