Trust-in-the-Middle: Towards Establishing Trustworthiness of Authentication Proxies using Trusted Computing

TL;DR

This paper introduces Trust-in-the-Middle, a TPM-based authentication proxy system that ensures secure credential handling and trustworthiness through remote attestation and trusted computing, even if the proxy is compromised.

Contribution

It presents a novel TPM-based proxy architecture that guarantees credential security and trustworthiness using remote attestation and a trust chain built on TPM DRTM.

Findings

Secure credential storage and submission even if proxy is compromised

Trust chain verification prevents malicious modifications

Cryptographic protection of credentials during non-isolated states

Abstract

Authentication proxies, which store users' secret credentials and submit them to servers on their behalf, offer benefits with respect to security of the authentication and usability of credential management. However, as being a service that is not in control of users, one important problem they suffer is the trust problem; how users trust that their secrets are handled securely in the proxy and not revealed to third parties. In this paper, we present a solution called Trust-in-the-Middle, a TPM based proxy system which ensures that user credentials are securely stored and submitted without disclosing them even if the proxy is compromised. We build our architecture on a trust chain bootstrapped by TPM DRTM and prevent access to credentials if any entity in the chain is maliciously modified. We use remote attestation to guarantee that all critical operations on the proxy are performed securely and credentials are cryptographically protected when they are not in DRTM-supported isolation.