Assistant Professor Antonio Bianchi [Now at Purdue] was recently awarded an NSF Grant entitled "Vetting and Improving the Usage of Trusted Execution Environments for Authentication in Mobile Devices." The objective of this project is to explore how it is possible to use Trusted Execution Environments (TEEs) to implement "root-resilient" authentication protocols, i.e., authentication protocols effective against root-attackers.
This project is divided into three main tasks:
- performing a comprehensive study of the existing Application Programming Interfaces (APIs) that developers of mobile apps can use to interact with TEEs;
- developing an automated analysis system that will be used to perform a large-scale study assessing the security of TEE-based authentication protocols implemented by existing applications; and
- implementing an authentication framework helping developers in using TEEs for authentication purposes.
This three-year project, which has been awarded $174,972, has the potential to improve the security of millions of mobile device users by enabling root-resilient authentication in thousands of mobile application programs.