Using Trusted Execution Environments in Two-factor Authentication -

Using Trusted Execution Environments in Two-factor Authentication


Classic two-factor authentication has been around for a long time and has enjoyed success in certain markets (such as the corporate and the banking environment). A reason for this success are the strong security properties, particularly where user interaction is concerned. These properties hinge on a security token being a physically separate device.

This paper investigates whether Trusted Execution Environments (TEE) can be used to achieve a comparable level of security without the need to have a separate device. To do this, we introduce a model that shows the security properties of user interaction in two-factor authentication.

The model is used to examine two TEE technologies, Intel’s IPT and ARM TrustZone, revealing that, although it is possible to get close to classic two-factor authentication in terms of user interaction security, both technologies have distinct drawbacks.

Intel IPT has a serious issue where there is no trusted input path for the user to enter data. ARM TrustZone requires careful selection of the right components by the system-on-a-chip designer that puts the parts ofthe TEE together to guarantee that it can be trusted. An added disadvantage of TrustZone is that – unlike IPT – it does not come with a dedicated software implementation, further complicating the choices for designers of a TrustZone-based TEE.

Finally, the model also clearly shows an open problem shared by many TEEs: how to prove to the user that they are dealing with a trusted application when trusted and untrusted applications share the same display.

To read more of this external content, download the complete paper from the online archives at LIPICS .

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.