Gesellschaft für Informatik e.V.

Lecture Notes in Informatics

Open Identity Summit 2013 P-223, 20-31 (2013).

Gesellschaft für Informatik, Bonn

Copyright © Gesellschaft für Informatik, Bonn


Using Trusted Execution Environments in Two-factor Authentication: comparing approaches

Roland Van Rijswijk-Deij and Erik Poll


Classic two-factor authentication has been around for a long time and has enjoyed success in certain markets (such as the corporate and the banking environment). A reason for this success are the strong security properties, particularly where user interaction is concerned. These properties hinge on a security token being a physically separate device. This paper investigates whether Trusted Execution Environments (TEE) can be used to achieve a comparable level of security without the need to have a separate device. To do this, we introduce a model that shows the security properties of user interaction in two-factor authentication. The model is used to examine two TEE technologies, Intel's IPT and ARM TrustZone, revealing that, although it is possible to get close to classic two-factor authentication in terms of user interaction security, both technologies have distinct drawbacks. The model also clearly shows an open problem shared by many TEEs: how to prove to the user that they are dealing with a trusted application when trusted and untrusted applications share the same display.

Full Text: PDF

Gesellschaft für Informatik, Bonn
ISBN 978-3-88579-617-6

Last changed 12.03.2014 15:23:14