Dmitrienko, Alexandra ; Heuser, Stephan ; Nguyen, Thien Duc ; Ramos, Marcos da Silva ; Rein, Andre ; Sadeghi, Ahmad-Reza (2015)
Market-driven Code Provisioning to Mobile Secure Hardware.
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Today, most smartphones feature different kinds of secure hardware such as processor-based security extensions (e.g., TrustZone) and dedicated secure co-processors, e.g., a SIM card or an embedded secure element available on NFC-enabled devices (e.g., as used by Google Wallet). Unfortunately, the available secure hardware is almost never utilized by commercial third party apps, although their usage would drastically improve the security of security critical apps. The reasons are diverse: secure hardware stakeholders such as phone manufacturers and mobile network operators (MNOs) have full control over the corresponding interfaces and expect high financial revenue; and the current code provisioning schemes are inflexible and impractical since they require developers to collaborate with secure hardware stakeholders, which is hardly affordable for typical developers of mobile apps.
In this paper we propose a new paradigm for secure hardware code provisioning. Our solution (i) allows developers to distribute security sensitive code (e.g., trusted apps or applets) as a part of the mobile app package; (ii) supports flexible and dynamic assignment of access rights to secure hardware APIs from mobile apps independently from an OS vendor and a stakeholder; (iii) enables stakeholders of secure hardware to obtain revenue for every provisioned piece of code; (iv) allows for automated and transparent installation and deinstallation of applets on demand in order to permit arbitrary number of applets, e.g., in the constraint Java card environment. Our scheme is compatible with Global Platform (GP) specifications and can be easily incorporated into existing standards. We developed a proof of concept prototype based on a Java card secure element on an Android-based smartphone and smartwatch and evaluated it by deploying a security critical application for access control.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2015 |
| Autor(en): | Dmitrienko, Alexandra ; Heuser, Stephan ; Nguyen, Thien Duc ; Ramos, Marcos da Silva ; Rein, Andre ; Sadeghi, Ahmad-Reza |
| Art des Eintrags: | Bibliographie |
| Titel: | Market-driven Code Provisioning to Mobile Secure Hardware |
| Sprache: | Deutsch |
| Publikationsjahr: | Januar 2015 |
| Buchtitel: | Financial Cryptography and Data Security |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | Today, most smartphones feature different kinds of secure hardware such as processor-based security extensions (e.g., TrustZone) and dedicated secure co-processors, e.g., a SIM card or an embedded secure element available on NFC-enabled devices (e.g., as used by Google Wallet). Unfortunately, the available secure hardware is almost never utilized by commercial third party apps, although their usage would drastically improve the security of security critical apps. The reasons are diverse: secure hardware stakeholders such as phone manufacturers and mobile network operators (MNOs) have full control over the corresponding interfaces and expect high financial revenue; and the current code provisioning schemes are inflexible and impractical since they require developers to collaborate with secure hardware stakeholders, which is hardly affordable for typical developers of mobile apps. In this paper we propose a new paradigm for secure hardware code provisioning. Our solution (i) allows developers to distribute security sensitive code (e.g., trusted apps or applets) as a part of the mobile app package; (ii) supports flexible and dynamic assignment of access rights to secure hardware APIs from mobile apps independently from an OS vendor and a stakeholder; (iii) enables stakeholders of secure hardware to obtain revenue for every provisioned piece of code; (iv) allows for automated and transparent installation and deinstallation of applets on demand in order to permit arbitrary number of applets, e.g., in the constraint Java card environment. Our scheme is compatible with Global Platform (GP) specifications and can be easily incorporated into existing standards. We developed a proof of concept prototype based on a Java card secure element on an Android-based smartphone and smartwatch and evaluated it by deploying a security critical application for access control. |
| Freie Schlagworte: | - SST - Area Smart Security and Trust;Secure Things;Security;Mobile Platforms, Secure Hardware, Security Architectures, Java Cards |
| ID-Nummer: | TUD-CS-2015-0005 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Systemsicherheit 20 Fachbereich Informatik > Telekooperation Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt |
| Hinterlegungsdatum: | 04 Aug 2016 10:13 |
| Letzte Änderung: | 21 Jul 2021 16:36 |
| PPN: | |
| Zugehörige Links: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum