1,2, Pause: Lets Start by Meaningfully Navigating the Current Online Authentication Solutions Space

Loutfi, Ijlal; Jøsang, Audun

doi:10.1007/978-3-319-18491-3_12

Cited by 2 publications

(1 citation statement)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In such a federated use case, the user has to register the new device again, not to all Web accounts but only to the identity provider. However, not all Web accounts will rely on a single identity provider [34]; thus, the user still has to complete the registration for all identity providers the user is using and for Web accounts that do not rely on any identity providers. The Client-to-Authenticator-Protocol (CTAP) [35] enables multiple client devices (PC, phones, etc.)…”

Section: Related Workmentioning

confidence: 99%

Secure Authentication Key Sharing between Personal Mobile Devices Based on Owner Identity

Nishimura

Omori

Yamashita

2020

Journal of Information Processing

View full text Add to dashboard Cite

Public-key-based Web authentication can be securely implemented using modern mobile devices as secure storage of private keys with hardware-assisted trusted environments, such as a trusted execution environment (TEE). Since a private key is strictly kept secret within the TEE and never leaves the device, the user must register the key separately for each combination of device and Web account, which is burdensome for users who want to switch devices. The aim of this research was to provide a solution for key management with enhanced usability by relaxing the restriction that keys can never leave the device and allowing private keys to be shared across devices while still maintaining an acceptable level of security. We propose a secure method for sharing keys across the TEEs of devices. The method has two functions: 1) trusted third party (TTP)-based device owner identification, which involves a TTP that is responsible for supervising key sharing across devices in an authentication system, and 2) secure key copy, which enables the duplication of keys in a device that were originally stored in another device through a direct secure transport channel between the TEEs of the devices. A TTP identifies the owner of each device to mitigate the risk of the keys being illegally shared. In this study, we evaluated the secure-key-copy function of our proposed method by implementing it in the ARM TrustZone-based TEE, showing that this function is feasible for commercially available smartphones.

show abstract

Section: Related Workmentioning

confidence: 99%