Abstract
Trusted Execution Environments (TEE) are becoming widely deployed in new smartphone generation. Running within the TEE, the Trusted Applications (TA) belong to diverse service providers. Each TA manipulates a profile, constituted of secret credentials and user’s private data. Normally, a user should be able to transfer his TEE profiles from a TEE to another compliant TEE. However, TEE profile migration implies security and privacy issues in particular for TEE profiles that require explicit agreement of the service provider. In this paper, we first present our perception of the deployment and implementation of a TEE: we organize the TEE into security domains with different roles and privileges. Based on this new model, we build a migration protocol of TEE profiles ensuring its confidentiality and integrity. To this end, we use a reencryption key and an authorization token per couple of devices, per service provider and per transfer. The proposed protocol has been successfully validated by AVISPA, an automated security protocol validation tool.
Chapter PDF
Similar content being viewed by others
Keywords
References
Coron, J.-S., Gouget, A., Icart, T., Paillier, P.: Supplemental access control (PACE v2): security analysis of PACE integrated mapping. In: Naccache, D. (ed.) Cryphtography and Security: From Theory to Applications. LNCS, vol. 6805, pp. 207–232. Springer, Heidelberg (2012)
Areno, M., Plusquellic, J.: Securing trusted execution environments with PUF generated secret keys. In: 11th International Conference on Trust, Security and Privacy in Computing and Communications, Liverpool, England, UK, pp. 1188–1193. IEEE Computer Society, June 2012
Arfaoui, G., Gharout, S., Traoré, J.: Trusted execution environments: a look under the hood. In: 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud), Oxford, UK, pp. 259–266. IEEE Computer Society, April 2014
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)
Asokan, N., Ekberg, J.E., Kostiainen, K.: The untapped potential of trusted execution environments on mobile devices. IEEE Security And Privacy 12(4), 293–294 (2013)
Baiardi, F., Cilea, D., Sgandurra, D., Ceccarelli, F.: Measuring semantic integrity for remote attestation. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 81–100. Springer, Heidelberg (2009)
Balfanz, D., Smetters, D.K., Stewart, P., Wong, H.C.: Talking to strangers: Authentication in ad-hoc wireless networks. In: Network and Distributed System Security Symposium, San Diego, California, USA. The Internet Society (2002)
Blaze, M., Bleumer, G., Strauss, M.J.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998)
Canard, S., Devigne, J., Laguillaumie, F.: Improving the security of an efficient unidirectional proxy re-encryption scheme. Journal of Internet Services and Information Security (JISIS) 1(2/3), 140–160 (2011)
Coron, J.-S., Gouget, A., Paillier, P., Villegas, K.: SPAKE: a single-party public-key authenticated key exchange protocol for contact-less applications. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J.M., Sako, K., Sebé, F. (eds.) RLCPS, WECSR, and WLC 2010. LNCS, vol. 6054, pp. 107–122. Springer, Heidelberg (2010)
Dolev, D., Yao, A.C.: On the security of public key protocols. In: 22Nd Annual Symposium on Foundations of Computer Science, SFCS 1981, Nashville, USA, pp. 350–357. IEEE Computer Society (1981)
GlobalPlatform Card technology. Card specification - v2.2.1, January 2011
GlobalPlatform Device Committee. TEE protection profile version 1.2, public release, gpd_spe_021, November 2014
GlobalPlatform Device technology. TEE system architecture, v1.0, December 2011
GlobalPlatform Device technology. Trusted user interface API, v1.0, June 2013
Kostiainen, K., Asokan, N., Afanasyeva, A.: Towards user-friendly credential transfer on open credential platforms. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 395–412. Springer, Heidelberg (2011)
Kostiainen, K., Asokan, N., Ekberg, J.-E.: Credential disabling from trusted execution environments. In: Aura, T., Järvinen, K., Nyberg, K. (eds.) NordSec 2010. LNCS, vol. 7127, pp. 171–186. Springer, Heidelberg (2012)
Kostiainen, K., Dmitrienko, A., Ekberg, J.-E., Sadeghi, A.-R., Asokan, N.: Key attestation from trusted execution environments. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 30–46. Springer, Heidelberg (2010)
Marforio, C., Karapanos, N., Soriente, C., Kostiainen, K., Capkun, S.: Secure enrollment and practical migration for mobile trusted execution environments. In: Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, Berlin, Germany, pp. 93–98. ACM Press, November 2013
Sadeghi, A.-R., Stüble, C., Winandy, M.: Property-based TPM virtualization. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 1–16. Springer, Heidelberg (2008)
Trusted Computing Group. TPM main specification (2015). http://www.trustedcomputinggroup.org/resources/tpm_main_specification
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 IFIP International Federation for Information Processing
About this paper
Cite this paper
Arfaoui, G., Gharout, S., Lalande, JF., Traoré, J. (2015). Practical and Privacy-Preserving TEE Migration. In: Akram, R., Jajodia, S. (eds) Information Security Theory and Practice. WISTP 2015. Lecture Notes in Computer Science(), vol 9311. Springer, Cham. https://doi.org/10.1007/978-3-319-24018-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-24018-3_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24017-6
Online ISBN: 978-3-319-24018-3
eBook Packages: Computer ScienceComputer Science (R0)