Secure Remote Credential Management with Mutual Attestation for Constrained Sensing Platforms with TEEs
Trusted Execution Environments (TEEs) are rapidly emerging as the go-to root of trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution -- surpassing related initiatives, such as Secure Elements, for constrained devices. TEEs are envisaged to provide sensitive IoT deployments with robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity via remote attestation. However, the challenge of remotely managing credentials between TEEs remains largely unaddressed in existing literature. Here, credentials must remain protected against untrusted system elements and transmitted over a secure channel with bi-directional trust assurances of their authenticity and operating states. In this paper, we present novel protocols for four key areas of remote TEE credential management using mutual attestation: backups, updates, migration, and revocation. The proposed protocols are agnostic to the TEE implementation and network architecture, developed in line with the requirements and threat model of IoT TEEs, and subjected to formal symbolic verification using Scyther, which found no attacks.
READ FULL TEXT