Abstract
A generic credential platform realized using a hardware- based trusted execution environment (TrEE) provides a usable and inexpensive way to secure various applications and services. An important requirement for any credential platform is the ability to disable and restore credentials. In this paper, we raise the problem of temporary credential disabling from embedded TrEEs and explain why straightforward solutions fall short. We present two novel credential disabling approaches: one based on the presence check of a personal element, such as SIM card, and another utilizing a semi-trusted server. We have implemented the server-based credential disabling solution for mobile phones with M-Shield TrEE.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
ARM. Trustzone, http://www.arm.com/products/processors/technologies/trustzone.php
Bellare, M., Rogaway, P., Wagner, D.: EAX: A conventional authenticated-encryption mode. Cryptology ePrint Archive: Re-port 2003/069 (September 2009), http://eprint.iacr.org/2003/069
Berger, S., Caceres, R., Goldman, K., Perez, R., Sailer, R., van Doorn, L.: vTPM - virtualizing the trusted platform module. In: Proceedings of 15th Usenix Security Symposium, pp. 305–320 (2006)
Costan, V., Sarmenta, L.F.G., van Dijk, M., Devadas, S.: The Trusted Execution Module: Commodity General-purpose Trusted Computing. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 133–148. Springer, Heidelberg (2008)
Fischl, J. (ed.): Certificate Management Service for The Session Initiation Protocol (SIP) draft-ietf-sip-certs-09. Internet Engineering Task Force (September 2009)
Farrell, S. (ed.): Securely Available Credentials Protocol. Internet Engineering Task Force, RFC 3767 (June 2004)
Heath, C.: Symbian OS Platform Security. Wiley (2006)
Holtmanns, S., Niemi, V., Ginzboorg, P., Laitinen, P., Asokan, N.: Cellular Authentication for Mobile and Internet Services. Wiley (2008)
JavaCard Technology, http://www.oracle.com/technetwork/java/javacard/overview/index.html
Kostiainen, K., Ekberg, J.-E., Asokan, N., Rantala, A.: On-board cre-dentials with open provisioning. In: Proc. of ACM Symposium on Information,Computer & Communications Security, ASIACCS 2009 (2009)
Kühn, U., Kursawe, K., Lucks, S., Sadeghi, A.-R., Stüble, C.: Secure Data Management in Trusted Computing. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 324–338. Springer, Heidelberg (2005)
Nokia. Mobile Internet Technical Architecture - MITA. IT Press, Finland (2002)
Schellekens, D., Tuyls, P., Preneel, B.: Embedded Trusted Computing with Authenticated Non-volatile Memory. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) TRUST 2008. LNCS, vol. 4968, pp. 60–74. Springer, Heidelberg (2008)
Srage, J., Azema, J.: M-Shield mobile security technology, TI White paper (2005), http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf
Sundaresan, H.: OMAP platform security features, TI White paper (July 2003), http://focus.ti.com/pdfs/vf/wireless/platformsecuritywp.pdf
Symbian signed, https://www.symbiansigned.com
Trusted Platform Module (TPM) Specifications, https://www.trustedcomputinggroup.org/specs/TPM/
van Dijk, M., Rhodes, J., Sarmenta, L., Devadas, S.: Offline untrusted storage with immediate detection of forking and replay attacks. In: STC 2007: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, pp. 41–48. ACM, New York (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kostiainen, K., Asokan, N., Ekberg, JE. (2012). Credential Disabling from Trusted Execution Environments. In: Aura, T., Järvinen, K., Nyberg, K. (eds) Information Security Technology for Applications. NordSec 2010. Lecture Notes in Computer Science, vol 7127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27937-9_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-27937-9_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27936-2
Online ISBN: 978-3-642-27937-9
eBook Packages: Computer ScienceComputer Science (R0)