Defence of dissertation in the field of computer science, Sandeep Tamrakar, M.Sc. (Tech.)

Title of the dissertation is: Applications of Trusted Execution Environments (TEEs)

Sandeep Tamrakar, M.Sc. (Tech.), will defend the dissertation "Applications of Trusted Execution Environments (TEEs)" on 19 June 2017 at 12 noon in Aalto University School of Science, lecture hall AS1, Maarintie 8 (former Otaniementie 17), Espoo.

Trust is vital for arbitrary entities to interact and cooperate. Entities may have different security requirements. Trust enables entities to ensure that others would behave correctly whatever the situation might be. Defining security associations involving the credentials of each entity allows the non-trusting entities to communicate with each other securely. Credentials allow entities to authenticate themselves while accessing services offered by others entities. Enforcing policies on the use of credentials allow establishing trust between entities. For example, a service provider may only allow service access to users with credentials issued by a certain credential issuer. Additionally, the credential issuer may also require users to store credentials on devices, such as smart cards, that ensure the integrity and confidentiality of the credentials, and protect them from unauthorized access.

This dissertation uses hardware‐based Trusted Execution Environments (TEEs) to build protocols and systems for ensuring security requirements of the non‐trusting entities and ensuring their privacy. Specifically, it presented the use of a TEE at the user’s end to fulfill the security requirements of service providers, and the use of a TEE within the remote infrastructure to ensure users’ data privacy while accessing services on third-party infrastructure. This dissertation presents two use cases with real-world implications to elaborate the use of TEEs at the user’s end: a) It shows how modern devices such as smartphones are a better platform for hosting credentials compared to physical smart cards regarding security, cost, easy-of-management, and usability. b) It presents optimized yet secure identity verification schemes designed to be used over low-bandwidth channels such as NFC for public transport ticketing. Similarly, the use case of cloud-based malware checking set out an example of using a TEE to ensure users’ data privacy while accessing services on untrusted infrastructure. The use cases were supported with significant efforts made in designing the systems, implementing them as prototypes on real TEEs (e.g. ARM TrustZone and SGX), and evaluating their performance.

Dissertation release (pdf)

Opponent: Professor Ville Leppänen, University of Turku

Custos: Professor N. Asokan, Aalto University School of Science, Department of Computer Science

Electronic dissertation: http://urn.fi/URN:ISBN:978-952-60-7463-4