2020 Volume 28 Pages 292-301
Public-key-based Web authentication can be securely implemented using modern mobile devices as secure storage of private keys with hardware-assisted trusted environments, such as a trusted execution environment (TEE). Since a private key is strictly kept secret within the TEE and never leaves the device, the user must register the key separately for each combination of device and Web account, which is burdensome for users who want to switch devices. The aim of this research was to provide a solution for key management with enhanced usability by relaxing the restriction that keys can never leave the device and allowing private keys to be shared across devices while still maintaining an acceptable level of security. We propose a secure method for sharing keys across the TEEs of devices. The method has two functions: 1) trusted third party (TTP)-based device owner identification, which involves a TTP that is responsible for supervising key sharing across devices in an authentication system, and 2) secure key copy, which enables the duplication of keys in a device that were originally stored in another device through a direct secure transport channel between the TEEs of the devices. A TTP identifies the owner of each device to mitigate the risk of the keys being illegally shared. In this study, we evaluated the secure-key-copy function of our proposed method by implementing it in the ARM TrustZone-based TEE, showing that this function is feasible for commercially available smartphones.
