TU Darmstadt / ULB / TUbiblio

Market-driven Code Provisioning to Mobile Secure Hardware

Dmitrienko, Alexandra and Heuser, Stephan and Nguyen, Thien Duc and da Silva Ramos, Marcos and Rein, Andre and Sadeghi, Ahmad-Reza :
Market-driven Code Provisioning to Mobile Secure Hardware.
Financial Cryptography and Data Security
[Conference or Workshop Item] , (2015)

Abstract

Today, most smartphones feature different kinds of secure hardware such as processor-based security extensions (e.g., TrustZone) and dedicated secure co-processors, e.g., a SIM card or an embedded secure element available on NFC-enabled devices (e.g., as used by Google Wallet). Unfortunately, the available secure hardware is almost never utilized by commercial third party apps, although their usage would drastically improve the security of security critical apps. The reasons are diverse: secure hardware stakeholders such as phone manufacturers and mobile network operators (MNOs) have full control over the corresponding interfaces and expect high financial revenue; and the current code provisioning schemes are inflexible and impractical since they require developers to collaborate with secure hardware stakeholders, which is hardly affordable for typical developers of mobile apps.

In this paper we propose a new paradigm for secure hardware code provisioning. Our solution (i) allows developers to distribute security sensitive code (e.g., trusted apps or applets) as a part of the mobile app package; (ii) supports flexible and dynamic assignment of access rights to secure hardware APIs from mobile apps independently from an OS vendor and a stakeholder; (iii) enables stakeholders of secure hardware to obtain revenue for every provisioned piece of code; (iv) allows for automated and transparent installation and deinstallation of applets on demand in order to permit arbitrary number of applets, e.g., in the constraint Java card environment. Our scheme is compatible with Global Platform (GP) specifications and can be easily incorporated into existing standards. We developed a proof of concept prototype based on a Java card secure element on an Android-based smartphone and smartwatch and evaluated it by deploying a security critical application for access control.

Item Type: Conference or Workshop Item
Erschienen: 2015
Creators: Dmitrienko, Alexandra and Heuser, Stephan and Nguyen, Thien Duc and da Silva Ramos, Marcos and Rein, Andre and Sadeghi, Ahmad-Reza
Title: Market-driven Code Provisioning to Mobile Secure Hardware
Language: German
Abstract:

Today, most smartphones feature different kinds of secure hardware such as processor-based security extensions (e.g., TrustZone) and dedicated secure co-processors, e.g., a SIM card or an embedded secure element available on NFC-enabled devices (e.g., as used by Google Wallet). Unfortunately, the available secure hardware is almost never utilized by commercial third party apps, although their usage would drastically improve the security of security critical apps. The reasons are diverse: secure hardware stakeholders such as phone manufacturers and mobile network operators (MNOs) have full control over the corresponding interfaces and expect high financial revenue; and the current code provisioning schemes are inflexible and impractical since they require developers to collaborate with secure hardware stakeholders, which is hardly affordable for typical developers of mobile apps.

In this paper we propose a new paradigm for secure hardware code provisioning. Our solution (i) allows developers to distribute security sensitive code (e.g., trusted apps or applets) as a part of the mobile app package; (ii) supports flexible and dynamic assignment of access rights to secure hardware APIs from mobile apps independently from an OS vendor and a stakeholder; (iii) enables stakeholders of secure hardware to obtain revenue for every provisioned piece of code; (iv) allows for automated and transparent installation and deinstallation of applets on demand in order to permit arbitrary number of applets, e.g., in the constraint Java card environment. Our scheme is compatible with Global Platform (GP) specifications and can be easily incorporated into existing standards. We developed a proof of concept prototype based on a Java card secure element on an Android-based smartphone and smartwatch and evaluated it by deploying a security critical application for access control.

Title of Book: Financial Cryptography and Data Security
Uncontrolled Keywords: - SST - Area Smart Security and Trust;Secure Things;Security;Mobile Platforms, Secure Hardware, Security Architectures, Java Cards
Divisions: Department of Computer Science
Department of Computer Science > System Security Lab
Department of Computer Science > Telecooperation
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Date Deposited: 04 Aug 2016 10:13
Identification Number: TUD-CS-2015-0005
Related URLs:
Export:

Optionen (nur für Redakteure)

View Item View Item