Remote Credential Management with Mutual Attestation for Trusted Execution Environments

Carlton Shepherd; Raja Naeem Akram; Konstantinos Markantonakis

doi:10.1007/978-3-030-20074-9_12

Remote Credential Management with Mutual Attestation for Trusted Execution Environments

Carlton Shepherd, Raja Naeem Akram, Konstantinos Markantonakis

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

150 Downloads (Pure)

Abstract

Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the challenge of remotely managing credentials between TEEs remains largely unaddressed in existing literature. In this work, we present novel protocols using mutual attestation for supporting four aspects of secure remote credential management with TEEs: backups, updates, migration, and revocation. The proposed protocols are agnostic to the underlying TEE implementation and subjected to formal verification using Scyther, which found no attacks.

Original language	English
Title of host publication	12th IFIP International Conference on Information Security Theory and Practice (WISTP '18)
Publisher	Springer
Pages	157-173
Number of pages	17
ISBN (Electronic)	978-3-030-20074-9
ISBN (Print)	978-3-030-20073-2
DOIs	https://doi.org/10.1007/978-3-030-20074-9_12
Publication status	E-pub ahead of print - 12 May 2019
Event	12th IFIP International Conference on Information Security Theory and Practice - Brussels, Belgium Duration: 10 Dec 2018 → 11 Dec 2018

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	11469

Conference

Conference	12th IFIP International Conference on Information Security Theory and Practice
Abbreviated title	WISTP '18
Country/Territory	Belgium
City	Brussels
Period	10/12/18 → 11/12/18

Access to Document

10.1007/978-3-030-20074-9_12

Accepted ManuscriptAccepted author manuscript, 351 KB

Cite this

Shepherd, C., Akram, R. N., & Markantonakis, K. (2019). Remote Credential Management with Mutual Attestation for Trusted Execution Environments. In 12th IFIP International Conference on Information Security Theory and Practice (WISTP '18) (pp. 157-173). (Lecture Notes in Computer Science; Vol. 11469). Springer. Advance online publication. https://doi.org/10.1007/978-3-030-20074-9_12

@inproceedings{da2fb68061cc439c84fdc18ab00daafe,

title = "Remote Credential Management with Mutual Attestation for Trusted Execution Environments",

abstract = "Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the challenge of remotely managing credentials between TEEs remains largely unaddressed in existing literature. In this work, we present novel protocols using mutual attestation for supporting four aspects of secure remote credential management with TEEs: backups, updates, migration, and revocation. The proposed protocols are agnostic to the underlying TEE implementation and subjected to formal verification using Scyther, which found no attacks.",

author = "Carlton Shepherd and Akram, {Raja Naeem} and Konstantinos Markantonakis",

year = "2019",

month = may,

day = "12",

doi = "10.1007/978-3-030-20074-9_12",

language = "English",

isbn = "978-3-030-20073-2",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "157--173",

booktitle = "12th IFIP International Conference on Information Security Theory and Practice (WISTP '18)",

note = "12th IFIP International Conference on Information Security Theory and Practice, WISTP '18 ; Conference date: 10-12-2018 Through 11-12-2018",

}

Shepherd, C, Akram, RN & Markantonakis, K 2019, Remote Credential Management with Mutual Attestation for Trusted Execution Environments. in 12th IFIP International Conference on Information Security Theory and Practice (WISTP '18). Lecture Notes in Computer Science, vol. 11469, Springer, pp. 157-173, 12th IFIP International Conference on Information Security Theory and Practice, Brussels, Belgium, 10/12/18. https://doi.org/10.1007/978-3-030-20074-9_12

Remote Credential Management with Mutual Attestation for Trusted Execution Environments. / Shepherd, Carlton; Akram, Raja Naeem; Markantonakis, Konstantinos.
12th IFIP International Conference on Information Security Theory and Practice (WISTP '18). Springer, 2019. p. 157-173 (Lecture Notes in Computer Science; Vol. 11469).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Remote Credential Management with Mutual Attestation for Trusted Execution Environments

AU - Shepherd, Carlton

AU - Akram, Raja Naeem

AU - Markantonakis, Konstantinos

PY - 2019/5/12

Y1 - 2019/5/12

N2 - Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the challenge of remotely managing credentials between TEEs remains largely unaddressed in existing literature. In this work, we present novel protocols using mutual attestation for supporting four aspects of secure remote credential management with TEEs: backups, updates, migration, and revocation. The proposed protocols are agnostic to the underlying TEE implementation and subjected to formal verification using Scyther, which found no attacks.

AB - Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the challenge of remotely managing credentials between TEEs remains largely unaddressed in existing literature. In this work, we present novel protocols using mutual attestation for supporting four aspects of secure remote credential management with TEEs: backups, updates, migration, and revocation. The proposed protocols are agnostic to the underlying TEE implementation and subjected to formal verification using Scyther, which found no attacks.

U2 - 10.1007/978-3-030-20074-9_12

DO - 10.1007/978-3-030-20074-9_12

M3 - Conference contribution

SN - 978-3-030-20073-2

T3 - Lecture Notes in Computer Science

SP - 157

EP - 173

BT - 12th IFIP International Conference on Information Security Theory and Practice (WISTP '18)

PB - Springer

T2 - 12th IFIP International Conference on Information Security Theory and Practice

Y2 - 10 December 2018 through 11 December 2018

ER -