实现多模态连续身份验证方案的可信执行

Carlton Shepherd, Raja Naeem Akram, K. Markantonakis
{"title":"实现多模态连续身份验证方案的可信执行","authors":"Carlton Shepherd, Raja Naeem Akram, K. Markantonakis","doi":"10.1145/3019612.3019652","DOIUrl":null,"url":null,"abstract":"The emergence of powerful, sensor-rich devices has led to the development of continuous authentication (CA) schemes using off-the-shelf hardware, where user behaviour is compared to past experience to produce an authentication decision with the aim of addressing challenges with traditional authentication schemes. Current CA proposals, however, have largely neglected adversaries present in a real-world deployment, namely the ubiquity of mal ware and software attacks. This has particular importance when a device cannot be trusted by a third-party, such as a corporation, that controls access to assets based on that decision. A software compromise, either on the scheme implementation or platform, may enable an adversary to modify authentication scores to alter the status of the device in reality, give insights into user behaviour, or gain unauthorised access to restricted assets. Hence, for the first time, we examine two standardised constructs that offer isolated and trusted execution - Secure Elements (SEs) and Trusted Execution Environments (TEEs) - even when an adversary has root-level privileges, and propose measures for providing trusted CA while retaining deployability. Based on these, we implement the first system for evaluating TEE-based CA on a consumer mobile device using Intel SGX, thus providing confidentiality, integrity and trust while removing the main platform from the TCB. We present an empirical evaluation of TEE-and non-TEE performance using methods proposed in related CA schemes. Our results indicate that trusted CA can be provided with no significant performance penalty, and may even offer performance benefits.","PeriodicalId":20728,"journal":{"name":"Proceedings of the Symposium on Applied Computing","volume":"175 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2017-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":"{\"title\":\"Towards trusted execution of multi-modal continuous authentication schemes\",\"authors\":\"Carlton Shepherd, Raja Naeem Akram, K. Markantonakis\",\"doi\":\"10.1145/3019612.3019652\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The emergence of powerful, sensor-rich devices has led to the development of continuous authentication (CA) schemes using off-the-shelf hardware, where user behaviour is compared to past experience to produce an authentication decision with the aim of addressing challenges with traditional authentication schemes. Current CA proposals, however, have largely neglected adversaries present in a real-world deployment, namely the ubiquity of mal ware and software attacks. This has particular importance when a device cannot be trusted by a third-party, such as a corporation, that controls access to assets based on that decision. A software compromise, either on the scheme implementation or platform, may enable an adversary to modify authentication scores to alter the status of the device in reality, give insights into user behaviour, or gain unauthorised access to restricted assets. Hence, for the first time, we examine two standardised constructs that offer isolated and trusted execution - Secure Elements (SEs) and Trusted Execution Environments (TEEs) - even when an adversary has root-level privileges, and propose measures for providing trusted CA while retaining deployability. Based on these, we implement the first system for evaluating TEE-based CA on a consumer mobile device using Intel SGX, thus providing confidentiality, integrity and trust while removing the main platform from the TCB. We present an empirical evaluation of TEE-and non-TEE performance using methods proposed in related CA schemes. Our results indicate that trusted CA can be provided with no significant performance penalty, and may even offer performance benefits.\",\"PeriodicalId\":20728,\"journal\":{\"name\":\"Proceedings of the Symposium on Applied Computing\",\"volume\":\"175 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-04-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"16\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Symposium on Applied Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3019612.3019652\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Symposium on Applied Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3019612.3019652","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 16

摘要

功能强大、传感器丰富的设备的出现导致了使用现成硬件的持续身份验证(CA)方案的发展,其中用户行为与过去的经验进行比较,以产生身份验证决策,目的是解决传统身份验证方案的挑战。然而,当前的CA提案在很大程度上忽略了现实部署中的对手,即无处不在的恶意软件和软件攻击。当设备不能被第三方(如公司)信任时,这一点尤为重要,因为第三方根据该决定控制对资产的访问。软件漏洞,无论是在方案实现上还是在平台上,都可能使攻击者修改身份验证分数,从而改变设备在现实中的状态,洞察用户行为,或获得对受限制资产的未经授权访问。因此,我们首次研究了两种提供隔离和可信执行的标准化结构——安全元素(se)和可信执行环境(tee)——即使攻击者具有根级特权,并提出了在保留可部署性的同时提供可信CA的措施。在此基础上,我们实现了第一个使用英特尔SGX在消费者移动设备上评估基于tee的CA的系统,从而在从TCB移除主平台的同时提供保密性、完整性和信任。我们使用相关CA方案中提出的方法对tee和非tee性能进行了实证评估。我们的结果表明,可以在没有显著性能损失的情况下提供可信CA,甚至可以提供性能优势。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Towards trusted execution of multi-modal continuous authentication schemes
The emergence of powerful, sensor-rich devices has led to the development of continuous authentication (CA) schemes using off-the-shelf hardware, where user behaviour is compared to past experience to produce an authentication decision with the aim of addressing challenges with traditional authentication schemes. Current CA proposals, however, have largely neglected adversaries present in a real-world deployment, namely the ubiquity of mal ware and software attacks. This has particular importance when a device cannot be trusted by a third-party, such as a corporation, that controls access to assets based on that decision. A software compromise, either on the scheme implementation or platform, may enable an adversary to modify authentication scores to alter the status of the device in reality, give insights into user behaviour, or gain unauthorised access to restricted assets. Hence, for the first time, we examine two standardised constructs that offer isolated and trusted execution - Secure Elements (SEs) and Trusted Execution Environments (TEEs) - even when an adversary has root-level privileges, and propose measures for providing trusted CA while retaining deployability. Based on these, we implement the first system for evaluating TEE-based CA on a consumer mobile device using Intel SGX, thus providing confidentiality, integrity and trust while removing the main platform from the TCB. We present an empirical evaluation of TEE-and non-TEE performance using methods proposed in related CA schemes. Our results indicate that trusted CA can be provided with no significant performance penalty, and may even offer performance benefits.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信