TrustTokenF: a Generic Security Framework for
Mobile Two-factor Authentication Using TrustZone
Yingjun Zhang, Shijun Zhao, Yu Qin, Bo Yang and Dengguo Feng
Trusted Computing and Information Assurance Laboratory
Institute of Software, Chinese Academy of Sciences
Beijing, China
Email: zhangyingjun@tca.iscas.ac.cn
Abstract—We give a detail analysis of the security issues
when using mobile devices as a substitution of dedicated hard-
ware tokens in two-factor authentication (2FA) schemes and
propose TrustTokenF, a generic security framework for mobile
2FA schemes, which provides comparable security assurance
to dedicated hardware tokens, and is more flexible for token
management. We first illustrate how to leverage the Trusted
Execution Environment(TEE) based on ARM TrustZone to pro-
vide essential security features for mobile 2FA applications, i.e.,
runtime isolated execution and trusted user interaction, which
resist software attackers who even compromise the entire mobile
OS. We also use the SRAM Physical Unclonable Functions (PUFs)
to provide persistent secure storage for the authentication secrets,
which achieves both high-level security and low cost. Based on
these security features, we design a series of secure protocols
for token deployment, migration and device key updating. We
also introduce TPM2.0 policy-based authorization mechanism to
enhance the security of the interface from outside world into the
trusted tokens. Finally, we implement the prototype system on
real TrustZone-enabled hardware. The experiment results show
that TrustTokenF is secure, flexible, economical and efficient for
mobile 2FA applications.
Keywords—two-factor authentication; Trusted Execution Envi-
ronment; TrustZone; SRAM PUF; trusted user interaction; TPM2.0
policy-based authorization.
I. INTRODUCTION
Two-factor authentication (2FA) is increasingly used to
strengthen the security of password-based authentication
schemes. Dedicated hardware tokens like smart cards, as a
secondary authentication factor, can provide high-level security
due to their strict physical separation from external untrusted
environment, both for runtime execution and persistent storage.
However, the high cost of secure hardware and the burden of
carrying multiple tokens, additional interface equipments (USB
cables or NFC readers) makes them less popular to both service
providers and users.
On the other hand, mobile 2FA schemes integrate different
authentication services into one single mobile device and
require no additional secure hardware, thus achieving both
flexibility and low cost, hence are commonly seen as an ideal
substitution of dedicated hardware tokens.
The most popular mobile 2FAs are SMS-based schemes.
The authentication server generates an One Time Password
(OTP), and sends it to the mobile device via Short Messaging
Service (SMS). These schemes have been widely deployed
by global Internet service providers like Google, Facebook,
Twitter and large banks. The OTPs could also be generated on
client side, like the Google Authenticator app [1], which are
currently used by many third-party service providers.
However, modern mobile OSes, as the Trusted Computing
Base (TCB) that mobile 2FA applications rely on, are so
complex that it is difficult to ensure the absence of vulnera-
bilities. Considering the current trend in privilege escalation
exploits for mobile platforms [2], compromise of mobile
OSes has become commonplace. Root attackers could easily
intercept the communication channel like SMS, or corrupt
2FA applications like Google Authenticator for malicious
authentications. Various attacks to mobile 2FA applications
have been reported recently [3], indicating the increasingly
serious security challenges for mobile 2FA schemes.
To secure mobile services despite mobile OS compromise,
researchers have proposed using Trusted Execution Environ-
ment (TEE) to provide isolated execution for applications.
Several mobile payment services have leveraged dedicated
TEEs based on SIM card secure element (SE) to store their
credentials and perform sensitive operations, like Google
Wallet [4] and PayPass. Unfortunately, SEs still face some
insurmountable security issues. On the one hand, SEs delegate
the access control function to mobile OSes due to the limited
memory space, which can be bypassed by root attackers,
leading to illegal access. On the other hand, lacking control
ability over I/O peripherals, SEs cannot build a trusted user
interaction path, which may lead to PIN-stealing, spoofing and
relay attacks. Such attacks to Google Wallet have been reported
in [6].
TrustZone [7], another kind of TEE based on security
extensions to ARM System-On-Chip (SoC), with full control
ability over all system resources including processor, memory
and peripherals, has the potential to realize some advanced
security features for mobile 2FA, like thorough authorization
management for authentication secrets and trusted user interac-
tion. However, unlike dedicated hardware tokens, TrustZone-
based TEE doesn’t provide secure storage features as it shares
the external non-volatile memory with mobile OS. Current
trusted systems and secure services based on TrustZone usually
assume the availability of a unique device key only accessible
in TEE for secure storage [22], [23], [5]. Unfortunately, such
secure device keys are not always available on mobile devices
[8], which is necessary for mobile 2FA schemes to prevent
cloning attackers from reconstructing the authentication secrets
on other devices to impersonate the victims.