English

TEEvil: Identity Lease via Trusted Execution Environments

Cryptography and Security 2019-05-10 v2

Abstract

We investigate identity lease, a new type of service in which users lease their identities to third parties by providing them with full or restricted access to their online accounts or credentials. We discuss how identity lease could be abused to subvert the digital society, facilitating the spread of fake news and subverting electronic voting by enabling the sale of votes. We show that the emergence of Trusted Execution Environments and anonymous cryptocurrencies, for the first time, allows the implementation of such a lease service while guaranteeing fairness, plausible deniability and anonymity, therefore shielding the users and account renters from prosecution. To show that such a service can be practically implemented, we build an example service that we call TEEvil leveraging Intel SGX and ZCash. Finally, we discuss defense mechanisms and challenges in the mitigation of identity lease services.

Keywords

Cite

@article{arxiv.1903.00449,
  title  = {TEEvil: Identity Lease via Trusted Execution Environments},
  author = {Ivan Puddu and Daniele Lain and Moritz Schneider and Elizaveta Tretiakova and Sinisa Matetic and Srdjan Capkun},
  journal= {arXiv preprint arXiv:1903.00449},
  year   = {2019}
}

Comments

21 pages, 5 figures

R2 v1 2026-06-23T07:55:43.511Z