MA-TEECM: MUTUAL ANONYMOUS AUTHENTICATIONBASED CREDENTIAL MIGRATION TECHNOLOGY FOR MOBILE TRUSTED EXECUTION ENVIRONMENTS

Abstract

ARM TrustZone is the most widely used mobile trusted execution environment (TEE)
technology today. Its hardware-enabled isolated execution environment provides reliable
assurance of secure storage of credentials in mobile devices. However, the research on managing
credentials stored in the TEE throughout the lifecycle of mobile devices has received little
attention in recent years, and the credentials in TEE generally face usability problems caused by
the mobile device lifecycle events. Aiming at the risk of information disclosure caused by the
third-party service providers in the traditional credential migration scheme, this paper presents a
mutual anonymous authentication- based credential migration framework for mobile trusted
execution environments. First, we propose a peer-to-peer credential migration model between
mobile terminals based on TrustZone and SGX, which solves the single point of failure caused
by attacks on trusted third parties that act as credential transfer stations and managers in
traditional solutions; Second, we propose an identity authentication protocol between TEEs
based on mutual anonymous authentication, and a detailed authentication process is designed
based on the universal mobile TEE model; Third, we build a formal verification model using
High-Level Protocol Specification Language (HLPSL). Finally, the formal and informal security

analysis indicate that the improved scheme meets the expected security requirements and is
secure against several known attacks