SecurePay: Strengthening Two-Factor Authentication for Arbitrary Transactions

Secure transactions on the Internet often rely on two-factor authentication (2FA) using mobile phones. In most existing schemes, the separation between the factors is weak and a compromised phone may be enough to break 2FA. In this paper, we identify the basic principles for securing any transaction using mobile-based 2FA. In particular, we argue that the computing system should not only provide isolation between the two factors, but also the integrity of the transaction, while involving the user in confirming the authenticity of the transaction. We show for the first time how these properties can be provided on commodity mobile phones, securing 2FA-protected transactions even when the operating system on the phone is fully compromised. We explore the challenges in the design and implementation of SecurePay, and evaluate the first formally-verified solution that utilizes the ARM TrustZone technology to provide the necessary integrity and authenticity guarantees for mobile-based 2FA. For our evaluation, we integrated SecurePay in ten existing apps, all of which required minimal changes and less than 30 minutes of work. Moreover, if code modifications are not an option, SecurePay can still be used as a secure drop-in replacement for existing (insecure) SMS-based 2FA solutions.