Cited By
View all- Kurnikov APaverd AMannan MAsokan N(2018)Keys in the CloudsProceedings of the 13th International Conference on Availability, Reliability and Security10.1145/3230833.3234518(1-10)Online publication date: 27-Aug-2018
Architectures for Enhancing Authentication Privacy and Security using Trusted Computing
Authors: 
Ranjbar A. Balisane, Ravishankar Borgaonkar, Ahmad Atamli-Reineh, Andrew MartinAuthors Info & Claims
Article No.: 10, Pages 1 - 7
Abstract
When it comes to remote authentication, after the initial login, progressively major service providers no longer rely on a single variable for authentication (such as password or fingerprint) but rely on user meta-data to raise the trust in the session or continuously authenticate their users utilizing data such as location information, user behaviour analytic, etcetera. However, these meta-data as well as the authentication variables used by the service providers are often a source of concern from a privacy preservation point of view. While these data are stored, an intruder or a service provider can access user's fingerprint, location information, device type and model which can all harm user privacy.
To improve the privacy protection available for users and authentication security while providing usable security, this paper provides analyses of existing authentication architectures and those that use Trusted Computing (TC) like technologies. We highlight a number of challenging threats present in the current architectures. Then we propose a novel architecture for authentication using TC, addressing the issues discussed. The new architecture ensures user authentication template will be under the user's control and will not be revealed to any third party, including to authentication service providers while providing the user with assurances.
References
[1]
Ahmad Atamli-Reineh, Ravishankar Borgaonkar, Ranjbar A. Balisane, Giuseppe Petracca, and Andrew Martin. 2016. Analysis of Trusted Execution Environment usage in Samsung KNOX. ACM SysTEX '16 (2016).
[2]
Ahmad Atamli-Reineh and Andrew Martin. 2015. Securing Application with Software Partitioning: A Case Study Using SGX. In Springer SecureComm'15, Bhavani Thuraisingham, XiaoFeng Wang, and Vinod Yegneswaran (Eds.). Chapter Securing A, 605--621.
[3]
Ranjbar A. Balisane and Andrew Martin. 2016. Trusted Execution Environment-Based Authentication Gauge (TEEBAG). ACMNSPW'16 (2016).
[4]
James Ball. 2013. NSA Stores metadata of millions of web users for up to a year, secret files show. (sep 2013). https://www.theguardian.com/world/2013/sep/30/nsa-americans-metadata-year-documents
[5]
Steven M. Bellovin and Michael Merritt. 1992. Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. IEEE S&P (1992).
[6]
Ernie Brickell, Jan Camenisch, and Liqun Chen. 2004. Direct Anonymous Attestation. In ACM CCS'04.
[7]
Conor P Cahill, Jason Martin, Matthew W Pagano, Vinay Phegade, and Anand Rajan. 2011. Client-based Authentication Technology: User-centric Authentication Using Secure Containers. In ACM DIM'11.
[8]
Dinei Florencio and Cormac Herley. 2007. A Large-scale Study of Web Password Habits. ACM WWW '07 (2007).
[9]
T Halevi, T K Kuppusamy, M Caiazzo, and N Memon. 2015. Investigating users' readiness to trade-off biometric fingerprint data. IEEE ISBA 2015 (2015).
[10]
Blake Ives, Kenneth R. Walsh, and Helmut Schneider. 2004. The domino effect of password reuse. Commun. ACM 47, 4 (2004), 75--78.
[11]
Ben Laurie and Abe Singer. 2008. Choose the Red Pill and the Blue Pill: A Position Paper. In ACM NSPW'8.
[12]
Wenhao Li, Mingyang Ma, Jinchen Han, Yubin Xia, Binyu Zang, Cheng-kang Chu, and Tieyan Li. 2014. Building trusted path on untrusted device drivers for mobile devices. In ACM APSys '14.
[13]
Andrew Martin. 2008. The ten-page introduction to Trusted Computing. Technical Report RR-08-11. Oxford University Computing Laboratory. 1--8 pages.
[14]
Jonathan M. McCune, Bryan J. Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. 2008. Flicker: an Execution Infrastructure for TCB Minimization. In ACM 3rd SIGOPS/EuroSys.
[15]
Thomas Nyman, Jan-Erik Ekberg, and N. Asokan. 2014. Citizen Electronic Identities using TPM 2.0. ACM TrustED '14 (2014).
[16]
Bryan Parno, Jonathan M. McCune, and Adrian Perrig. 2010. Bootstrapping Trust in Commodity Computers. In IEEE S&P.
[17]
SianiPearson. 2002. Trusted Computing Platforms, the Next Security Solution. Technical Report. Hewlett-Packard. 17 pages. http://www.hpl.hp.com/techreports/2002/HPL-2002-221.pdf
[18]
Kasper B Rasmussen, Marc Roeschlin, Ivan Martinovic, and Gene Tsudik. 2014. Authentication Using Pulse-Response Biometrics. NDSS (2014).
[19]
Rolf Lindemann, Davit Baghdasaryan, and Eric Tiffany. 2014. FIDO UAF Protocol Specification v1.0. (2014). https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-protocol-v1.0-ps-20141208.html
[20]
Frank Stajano. 2011. Pico: No more passwords!. In Springer Security Protocols XIX, Vol. 7114.
[21]
Yagiz Sutcu, Husrev Taha Sencar, and Nasir Memon. 2005. A Secure Biometric Authentication Scheme Based on Robust Hashing. ACMMM&Sec '05 (2005).
[22]
Amit Vasudevan, Emmanuel Owusu, Zongwei Zhou, James Newsome, and Jonathan M. McCune. 2012. Trustworthy execution on mobile devices: What security properties can my mobile platform give me? Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 7344 LNCS (2012), 159--178.
[23]
Johannes Winter. 2012. Experimenting with ARM TrustZone Or: How I met friendly piece of trusted hardware. In IEEE TrustCom.
[24]
Qiang Yan, Jin Han, Yingjiu Li, Jianying Zhou, and Robert H.Deng. 2015. Leakage-resilient password entry: Challenges, design, and evaluation. Computers & Security 48 (2015).
[25]
Zongwei Zhou, Virgil D. Gligor, James Newsome, and Jonathan M. McCune. 2012. Building Verifiable Trusted Path on Commodity x86 Computers. In IEEE S&P.
- Architectures for Enhancing Authentication Privacy and Security using Trusted Computing
Recommendations
Trusted execution environment-based authentication gauge (TEEBAG)
NSPW '16: Proceedings of the 2016 New Security Paradigms WorkshopWe present a new approach to authentication using Trusted Execution Environments (TEEs), by changing the location of authentication from a remote device (e.g. remote authentication server) to user device(s) that are TEE enabled. The authentication takes ...
Research and Security Analysis of Anonymous Identity Authentication in Trusted Computing
NISS '09: Proceedings of the 2009 International Conference on New Trends in Information and Service ScienceThis paper introduces two anonymous identity authentication solution adopted by the Trusted Computing Group, i.e. privacy certification authority (Privacy CA) and direct anonymous attestation scheme (DAA). Both of the two solutions provide a means for ...
Addressing leakage of re-encryption key in proxy re-encryption using trusted computing
INTRUST'10: Proceedings of the Second international conference on Trusted SystemsProxy re-encryption is a cryptographic primitive enabling a proxy holding a re-encryption key to convert a ciphertext originally intended for Alice (delegator) into an encryption of the same message for Bob (delegatee). Proxy re-encryption is a useful ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
October 2017
55 pages
ISBN:9781450350976
DOI:10.1145/3152701
Copyright © 2017 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
- SIGOPS: ACM Special Interest Group on Operating Systems
- USENIX Assoc: USENIX Assoc
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 28 October 2017
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
Conference
SOSP '17
Sponsor:
- SIGOPS
- USENIX Assoc
Upcoming Conference
EuroSys '25
- Sponsor:
- sigops
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 249Total Downloads
- Downloads (Last 12 months)7
- Downloads (Last 6 weeks)1
Reflects downloads up to 01 Jan 2025
Other Metrics
Citations
Cited By
View all- Kurnikov APaverd AMannan MAsokan N(2018)Keys in the CloudsProceedings of the 13th International Conference on Availability, Reliability and Security10.1145/3230833.3234518(1-10)Online publication date: 27-Aug-2018
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in