TU Darmstadt / ULB / TUbiblio

Market-driven Code Provisioning to Mobile Secure Hardware

Dmitrienko, Alexandra ; Heuser, Stephan ; Nguyen, Thien Duc ; Ramos, Marcos da Silva ; Rein, Andre ; Sadeghi, Ahmad-Reza (2015)
Market-driven Code Provisioning to Mobile Secure Hardware.
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Today, most smartphones feature different kinds of secure hardware such as processor-based security extensions (e.g., TrustZone) and dedicated secure co-processors, e.g., a SIM card or an embedded secure element available on NFC-enabled devices (e.g., as used by Google Wallet). Unfortunately, the available secure hardware is almost never utilized by commercial third party apps, although their usage would drastically improve the security of security critical apps. The reasons are diverse: secure hardware stakeholders such as phone manufacturers and mobile network operators (MNOs) have full control over the corresponding interfaces and expect high financial revenue; and the current code provisioning schemes are inflexible and impractical since they require developers to collaborate with secure hardware stakeholders, which is hardly affordable for typical developers of mobile apps.

In this paper we propose a new paradigm for secure hardware code provisioning. Our solution (i) allows developers to distribute security sensitive code (e.g., trusted apps or applets) as a part of the mobile app package; (ii) supports flexible and dynamic assignment of access rights to secure hardware APIs from mobile apps independently from an OS vendor and a stakeholder; (iii) enables stakeholders of secure hardware to obtain revenue for every provisioned piece of code; (iv) allows for automated and transparent installation and deinstallation of applets on demand in order to permit arbitrary number of applets, e.g., in the constraint Java card environment. Our scheme is compatible with Global Platform (GP) specifications and can be easily incorporated into existing standards. We developed a proof of concept prototype based on a Java card secure element on an Android-based smartphone and smartwatch and evaluated it by deploying a security critical application for access control.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2015
Autor(en): Dmitrienko, Alexandra ; Heuser, Stephan ; Nguyen, Thien Duc ; Ramos, Marcos da Silva ; Rein, Andre ; Sadeghi, Ahmad-Reza
Art des Eintrags: Bibliographie
Titel: Market-driven Code Provisioning to Mobile Secure Hardware
Sprache: Deutsch
Publikationsjahr: Januar 2015
Buchtitel: Financial Cryptography and Data Security
Zugehörige Links:
Kurzbeschreibung (Abstract):

Today, most smartphones feature different kinds of secure hardware such as processor-based security extensions (e.g., TrustZone) and dedicated secure co-processors, e.g., a SIM card or an embedded secure element available on NFC-enabled devices (e.g., as used by Google Wallet). Unfortunately, the available secure hardware is almost never utilized by commercial third party apps, although their usage would drastically improve the security of security critical apps. The reasons are diverse: secure hardware stakeholders such as phone manufacturers and mobile network operators (MNOs) have full control over the corresponding interfaces and expect high financial revenue; and the current code provisioning schemes are inflexible and impractical since they require developers to collaborate with secure hardware stakeholders, which is hardly affordable for typical developers of mobile apps.

In this paper we propose a new paradigm for secure hardware code provisioning. Our solution (i) allows developers to distribute security sensitive code (e.g., trusted apps or applets) as a part of the mobile app package; (ii) supports flexible and dynamic assignment of access rights to secure hardware APIs from mobile apps independently from an OS vendor and a stakeholder; (iii) enables stakeholders of secure hardware to obtain revenue for every provisioned piece of code; (iv) allows for automated and transparent installation and deinstallation of applets on demand in order to permit arbitrary number of applets, e.g., in the constraint Java card environment. Our scheme is compatible with Global Platform (GP) specifications and can be easily incorporated into existing standards. We developed a proof of concept prototype based on a Java card secure element on an Android-based smartphone and smartwatch and evaluated it by deploying a security critical application for access control.

Freie Schlagworte: - SST - Area Smart Security and Trust;Secure Things;Security;Mobile Platforms, Secure Hardware, Security Architectures, Java Cards
ID-Nummer: TUD-CS-2015-0005
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
20 Fachbereich Informatik > Telekooperation
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 04 Aug 2016 10:13
Letzte Änderung: 21 Jul 2021 16:36
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen