Remote Credential Management with Mutual Attestation for Trusted Execution Environments

Carlton Shepherd; Raja Naeem Akram; Konstantinos Markantonakis

doi:10.1007/978-3-030-20074-9_12

Remote Credential Management with Mutual Attestation for Trusted Execution Environments

Carlton Shepherd, Raja Naeem Akram, Konstantinos Markantonakis

Research output: Chapter in Book/Report/Conference proceeding › Published conference contribution

4 Citations (Scopus)

Abstract

Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the challenge of remotely managing credentials between TEEs remains largely unaddressed in existing literature. In this work, we present novel protocols using mutual attestation for supporting four aspects of secure remote credential management with TEEs: backups, updates, migration, and revocation. The proposed protocols are agnostic to the underlying TEE implementation and subjected to formal verification using Scyther, which found no attacks.

Original language	English
Title of host publication	12th IFIP International Conference on Information Security Theory and Practice
Publisher	Springer
Number of pages	17
ISBN (Print)	978-3-030-20073-2
DOIs	https://doi.org/10.1007/978-3-030-20074-9_12
Publication status	Published - 12 May 2019

Bibliographical note

Carlton Shepherd is supported by the EPSRC and the British government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/K035584/1).

Keywords

credential management
TEEs
Security protocols

Access to Document

10.1007/978-3-030-20074-9_12

Cite this

@inproceedings{0ac8281e13af4a4f93e84c72a1433a5f,

title = "Remote Credential Management with Mutual Attestation for Trusted Execution Environments",

abstract = "Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the challenge of remotely managing credentials between TEEs remains largely unaddressed in existing literature. In this work, we present novel protocols using mutual attestation for supporting four aspects of secure remote credential management with TEEs: backups, updates, migration, and revocation. The proposed protocols are agnostic to the underlying TEE implementation and subjected to formal verification using Scyther, which found no attacks.",

keywords = "credential management, TEEs, Security protocols",

author = "Carlton Shepherd and Akram, {Raja Naeem} and Konstantinos Markantonakis",

note = "Carlton Shepherd is supported by the EPSRC and the British government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/K035584/1).",

year = "2019",

month = may,

day = "12",

doi = "10.1007/978-3-030-20074-9_12",

language = "English",

isbn = "978-3-030-20073-2",

booktitle = "12th IFIP International Conference on Information Security Theory and Practice",

publisher = "Springer ",

}

TY - GEN

T1 - Remote Credential Management with Mutual Attestation for Trusted Execution Environments

AU - Shepherd, Carlton

AU - Akram, Raja Naeem

AU - Markantonakis, Konstantinos

N1 - Carlton Shepherd is supported by the EPSRC and the British government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/K035584/1).

PY - 2019/5/12

Y1 - 2019/5/12

N2 - Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the challenge of remotely managing credentials between TEEs remains largely unaddressed in existing literature. In this work, we present novel protocols using mutual attestation for supporting four aspects of secure remote credential management with TEEs: backups, updates, migration, and revocation. The proposed protocols are agnostic to the underlying TEE implementation and subjected to formal verification using Scyther, which found no attacks.

AB - Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the challenge of remotely managing credentials between TEEs remains largely unaddressed in existing literature. In this work, we present novel protocols using mutual attestation for supporting four aspects of secure remote credential management with TEEs: backups, updates, migration, and revocation. The proposed protocols are agnostic to the underlying TEE implementation and subjected to formal verification using Scyther, which found no attacks.

KW - credential management

KW - TEEs

KW - Security protocols

U2 - 10.1007/978-3-030-20074-9_12

DO - 10.1007/978-3-030-20074-9_12

M3 - Published conference contribution

SN - 978-3-030-20073-2

BT - 12th IFIP International Conference on Information Security Theory and Practice

PB - Springer

ER -

Remote Credential Management with Mutual Attestation for Trusted Execution Environments

Abstract

Bibliographical note

Keywords

Access to Document

Fingerprint

Cite this