Securing The Future of Authentication With ARM TrustZone-based Trusted Execution Environment And Fast Identity Online (FIDO)

The hardware foundations for simple and strong authentication.


Smart connected mobile devices are increasingly used for a wide range of business, financial and entertainment uses. Authentication of the user to a remote Internet-based server is the first step for many applications or cloud-based services. Traditional authentication methods of username and password do not work very well for either the consumer who may have difficulty remembering complex passwords or the service provider (usually referred to as the relying party) who may need to factor in the risk that the password has been compromised. To answer these and other problems with passwords, the FIDO (Fast IDentity Online) Alliance has developed new protocols that enable simple, strong authentication between the user, their device and the relying party. On mobile devices FIDO can be used with biometric authenticators to enable services with the swipe of a fingerprint or the scan of an iris. This vastly improved user experience will benefit consumers, make transactions frictionless and is likely to be quickly adopted by device manufacturers.

Hardware-based security is needed to help protect FIDO from malicious attack. Assets such as cryptographic keys, sensitive processes and the capture of authenticator data should be protected from malicious attack and the integrity of the system needs to be maintained. This paper introduces how ARM TrustZone technology provides the hardware isolation necessary for a GlobalPlatform Trusted Execution Environment (TEE) and how this security layer is ideally suited to secure FIDO based authentication. To read more, click here.