TEEvil: Identity Lease via Trusted Execution Environments
This work identifies a novel threat to digital society that could facilitate fake news and vote-selling, with incremental technical implementation using existing technologies.
The paper investigates identity lease services where users rent their online identities to third parties, showing how Trusted Execution Environments and anonymous cryptocurrencies enable practical implementation with fairness, plausible deniability, and anonymity.
We investigate identity lease, a new type of service in which users lease their identities to third parties by providing them with full or restricted access to their online accounts or credentials. We discuss how identity lease could be abused to subvert the digital society, facilitating the spread of fake news and subverting electronic voting by enabling the sale of votes. We show that the emergence of Trusted Execution Environments and anonymous cryptocurrencies, for the first time, allows the implementation of such a lease service while guaranteeing fairness, plausible deniability and anonymity, therefore shielding the users and account renters from prosecution. To show that such a service can be practically implemented, we build an example service that we call TEEvil leveraging Intel SGX and ZCash. Finally, we discuss defense mechanisms and challenges in the mitigation of identity lease services.