Using Trusted Execution Environments for Authentication in Mobile Devices
We are studying how existing mobile applications use different technologies to improve the usability and security of the implemented authentication schemes. For instance, we are studying how, in modern devices, Trusted Execution Environments and biometric sensors can be used together to implement passwordless authentication schemes.
In theory, these technologies allow the implementation of authentication schemes resilient even against attackers able to fully compromise the operating system of a mobile device. Unfortunately, in practice, correctly using these technologies is an extremely challenging task, due to the complexity of the current APIs available to interact with them. The goal of this project is to identify shortcomings in the current usages of Trusted Execution Environments for authentication in mobile devices and propose solutions.
This project is funded by NSF.
Publications
- Broken Fingers: On the Usage of the fingerprint API in Android
Antonio Bianchi, Yanick Fratantonio, Aravind Machiry, Christopher Kruegel, Giovanni Vigna, Simon Pak Ho Chung, Wenke Lee
Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA
Feb. 2018.
