TrustTokenF: a Generic Security Framework for
Mobile Two-factor Authentication Using TrustZone
Yingjun Zhang, Shijun Zhao, Yu Qin, Bo Yang and Dengguo Feng
Trusted Computing and Information Assurance Laboratory
Institute of Software, Chinese Academy of Sciences
Beijing, China
Email: zhangyingjun@tca.iscas.ac.cn
Abstract—We give a detail analysis of the security issues
when using mobile devices as a substitution of dedicated hard-
ware tokens in two-factor authentication (2FA) schemes and
propose TrustTokenF, a generic security framework for mobile
2FA schemes, which provides comparable security assurance
to dedicated hardware tokens, and is more flexible for token
management. We first illustrate how to leverage the Trusted
Execution Environment(TEE) based on ARM TrustZone to pro-
vide essential security features for mobile 2FA applications, i.e.,
runtime isolated execution and trusted user interaction, which
resist software attackers who even compromise the entire mobile
OS. We also use the SRAM Physical Unclonable Functions (PUFs)
to provide persistent secure storage for the authentication secrets,
which achieves both high-level security and low cost. Based on
these security features, we design a series of secure protocols
for token deployment, migration and device key updating. We
also introduce TPM2.0 policy-based authorization mechanism to
enhance the security of the interface from outside world into the
trusted tokens. Finally, we implement the prototype system on
real TrustZone-enabled hardware. The experiment results show
that TrustTokenF is secure, flexible, economical and efficient for
mobile 2FA applications.
Keywords—two-factor authentication; Trusted Execution Envi-
ronment; TrustZone; SRAM PUF; trusted user interaction; TPM2.0
policy-based authorization.
I. INTRODUCTION
Two-factor authentication (2FA) is increasingly used to
strengthen the security of password-based authentication
schemes. Dedicated hardware tokens like smart cards, as a
secondary authentication factor, can provide high-level security
due to their strict physical separation from external untrusted
environment, both for runtime execution and persistent storage.
However, the high cost of secure hardware and the burden of
carrying multiple tokens, additional interface equipments (USB
cables or NFC readers) makes them less popular to both service
providers and users.
On the other hand, mobile 2FA schemes integrate different
authentication services into one single mobile device and
require no additional secure hardware, thus achieving both
flexibility and low cost, hence are commonly seen as an ideal
substitution of dedicated hardware tokens.
The most popular mobile 2FAs are SMS-based schemes.
The authentication server generates an One Time Password
(OTP), and sends it to the mobile device via Short Messaging
Service (SMS). These schemes have been widely deployed
by global Internet service providers like Google, Facebook,
Twitter and large banks. The OTPs could also be generated on
client side, like the Google Authenticator app [1], which are
currently used by many third-party service providers.
However, modern mobile OSes, as the Trusted Computing
Base (TCB) that mobile 2FA applications rely on, are so
complex that it is difficult to ensure the absence of vulnera-
bilities. Considering the current trend in privilege escalation
exploits for mobile platforms [2], compromise of mobile
OSes has become commonplace. Root attackers could easily
intercept the communication channel like SMS, or corrupt
2FA applications like Google Authenticator for malicious
authentications. Various attacks to mobile 2FA applications
have been reported recently [3], indicating the increasingly
serious security challenges for mobile 2FA schemes.
To secure mobile services despite mobile OS compromise,
researchers have proposed using Trusted Execution Environ-
ment (TEE) to provide isolated execution for applications.
Several mobile payment services have leveraged dedicated
TEEs based on SIM card secure element (SE) to store their
credentials and perform sensitive operations, like Google
Wallet [4] and PayPass. Unfortunately, SEs still face some
insurmountable security issues. On the one hand, SEs delegate
the access control function to mobile OSes due to the limited
memory space, which can be bypassed by root attackers,
leading to illegal access. On the other hand, lacking control
ability over I/O peripherals, SEs cannot build a trusted user
interaction path, which may lead to PIN-stealing, spoofing and
relay attacks. Such attacks to Google Wallet have been reported
in [6].
TrustZone [7], another kind of TEE based on security
extensions to ARM System-On-Chip (SoC), with full control
ability over all system resources including processor, memory
and peripherals, has the potential to realize some advanced
security features for mobile 2FA, like thorough authorization
management for authentication secrets and trusted user interac-
tion. However, unlike dedicated hardware tokens, TrustZone-
based TEE doesn’t provide secure storage features as it shares
the external non-volatile memory with mobile OS. Current
trusted systems and secure services based on TrustZone usually
assume the availability of a unique device key only accessible
in TEE for secure storage [22], [23], [5]. Unfortunately, such
secure device keys are not always available on mobile devices
[8], which is necessary for mobile 2FA schemes to prevent
cloning attackers from reconstructing the authentication secrets
on other devices to impersonate the victims.
下载后可阅读完整内容,剩余7页未读,立即下载
weixin_38733597
- 粉丝: 8
- 资源: 909
我的内容管理
展开
最新资源
- 十种常见电感线圈电感量计算公式详解
- 军用车辆:CAN总线的集成与优势
- CAN总线在汽车智能换档系统中的作用与实现
- CAN总线数据超载问题及解决策略
- 汽车车身系统CAN总线设计与应用
- SAP企业需求深度剖析:财务会计与供应链的关键流程与改进策略
- CAN总线在发动机电控系统中的通信设计实践
- Spring与iBATIS整合:快速开发与比较分析
- CAN总线驱动的整车管理系统硬件设计详解
- CAN总线通讯智能节点设计与实现
- DSP实现电动汽车CAN总线通讯技术
- CAN协议网关设计:自动位速率检测与互连
- Xcode免证书调试iPad程序开发指南
- 分布式数据库查询优化算法探讨
- Win7安装VC++6.0完全指南:解决兼容性与Office冲突
- MFC实现学生信息管理系统:登录与数据库操作
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
