TU Darmstadt / ULB / TUbiblio

Market-driven Code Provisioning to Mobile Secure Hardware

Dmitrienko, Alexandra ; Heuser, Stephan ; Nguyen, Thien Duc ; da Silva Ramos, Marcos ; Rein, Andre ; Sadeghi, Ahmad-Reza :
Market-driven Code Provisioning to Mobile Secure Hardware.
Financial Cryptography and Data Security
[Konferenz- oder Workshop-Beitrag], (2015)

Kurzbeschreibung (Abstract)

Today, most smartphones feature different kinds of secure hardware such as processor-based security extensions (e.g., TrustZone) and dedicated secure co-processors, e.g., a SIM card or an embedded secure element available on NFC-enabled devices (e.g., as used by Google Wallet). Unfortunately, the available secure hardware is almost never utilized by commercial third party apps, although their usage would drastically improve the security of security critical apps. The reasons are diverse: secure hardware stakeholders such as phone manufacturers and mobile network operators (MNOs) have full control over the corresponding interfaces and expect high financial revenue; and the current code provisioning schemes are inflexible and impractical since they require developers to collaborate with secure hardware stakeholders, which is hardly affordable for typical developers of mobile apps.

In this paper we propose a new paradigm for secure hardware code provisioning. Our solution (i) allows developers to distribute security sensitive code (e.g., trusted apps or applets) as a part of the mobile app package; (ii) supports flexible and dynamic assignment of access rights to secure hardware APIs from mobile apps independently from an OS vendor and a stakeholder; (iii) enables stakeholders of secure hardware to obtain revenue for every provisioned piece of code; (iv) allows for automated and transparent installation and deinstallation of applets on demand in order to permit arbitrary number of applets, e.g., in the constraint Java card environment. Our scheme is compatible with Global Platform (GP) specifications and can be easily incorporated into existing standards. We developed a proof of concept prototype based on a Java card secure element on an Android-based smartphone and smartwatch and evaluated it by deploying a security critical application for access control.

Typ des Eintrags: Konferenz- oder Workshop-Beitrag (Keine Angabe)
Erschienen: 2015
Autor(en): Dmitrienko, Alexandra ; Heuser, Stephan ; Nguyen, Thien Duc ; da Silva Ramos, Marcos ; Rein, Andre ; Sadeghi, Ahmad-Reza
Titel: Market-driven Code Provisioning to Mobile Secure Hardware
Sprache: Deutsch
Kurzbeschreibung (Abstract):

Today, most smartphones feature different kinds of secure hardware such as processor-based security extensions (e.g., TrustZone) and dedicated secure co-processors, e.g., a SIM card or an embedded secure element available on NFC-enabled devices (e.g., as used by Google Wallet). Unfortunately, the available secure hardware is almost never utilized by commercial third party apps, although their usage would drastically improve the security of security critical apps. The reasons are diverse: secure hardware stakeholders such as phone manufacturers and mobile network operators (MNOs) have full control over the corresponding interfaces and expect high financial revenue; and the current code provisioning schemes are inflexible and impractical since they require developers to collaborate with secure hardware stakeholders, which is hardly affordable for typical developers of mobile apps.

In this paper we propose a new paradigm for secure hardware code provisioning. Our solution (i) allows developers to distribute security sensitive code (e.g., trusted apps or applets) as a part of the mobile app package; (ii) supports flexible and dynamic assignment of access rights to secure hardware APIs from mobile apps independently from an OS vendor and a stakeholder; (iii) enables stakeholders of secure hardware to obtain revenue for every provisioned piece of code; (iv) allows for automated and transparent installation and deinstallation of applets on demand in order to permit arbitrary number of applets, e.g., in the constraint Java card environment. Our scheme is compatible with Global Platform (GP) specifications and can be easily incorporated into existing standards. We developed a proof of concept prototype based on a Java card secure element on an Android-based smartphone and smartwatch and evaluated it by deploying a security critical application for access control.

Buchtitel: Financial Cryptography and Data Security
Freie Schlagworte: - SST - Area Smart Security and Trust;Secure Things;Security;Mobile Platforms, Secure Hardware, Security Architectures, Java Cards
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
20 Fachbereich Informatik > Telekooperation
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 04 Aug 2016 10:13
ID-Nummer: TUD-CS-2015-0005
Verwandte URLs:
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen