Remote Credential Management with Mutual Attestation for Trusted Execution Environments
This addresses a critical security gap for systems relying on TEEs, though it is incremental as it builds on existing TEE and attestation concepts.
The paper tackles the problem of remotely managing credentials between Trusted Execution Environments (TEEs) by proposing novel protocols for backups, updates, migration, and revocation using mutual attestation, with formal verification finding no attacks.
Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the challenge of remotely managing credentials between TEEs remains largely unaddressed in existing literature. In this work, we present novel protocols using mutual attestation for supporting four aspects of secure remote credential management with TEEs: backups, updates, migration, and revocation. The proposed protocols are agnostic to the underlying TEE implementation and subjected to formal verification using Scyther, which found no attacks.