Abstract
Today’s smartphones and tablets offer compelling computing and storage capabilities enabling a variety of mobile applications with rich functionality. The integration of new interfaces, in particular near field communication (NFC) opens new opportunities for new applications and business models, as the most recent trend in industry for payment and ticketing shows. These applications require storing and processing security-critical data on smartphones, making them attractive targets for a variety of attacks. The state of the art to enhance platform security concerns outsourcing security-critical computations to hardware-isolated Trusted Execution Environments (TrEE). However, since these TrEEs are used by software running in commodity operating systems, malware could impersonate the software and use the TrEE in an unintended way. Further, existing NFC-based access control solutions for smartphones are either not public or based on strong assumptions that are hard to achieve in practice. We present the design and implementation of a generic access control system for NFC-enabled smartphones based on a multi-level security architecture for smartphones. Our solution allows users to delegate their access rights and addresses the bandwidth constraints of NFC. Our prototype captures electronic access to facilities, such as entrances and offices, and binds NFC operations to a software-isolated TrEE established on the widely used Android smartphone operating system. We provide a formal security analysis of our protocols and evaluate the performance of our solution.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
VingCard Elsafe’s NFC locking solution wins prestigious gaming industry technology award, http://www.hotel-online.com/News/PR2011_3rd/Aug11_VingCardHOT.html
Alves, T., Felton, D.: TrustZone: Integrated hardware and software security. Information Quaterly 3(4) (2004)
Azema, J., Fayad, G.: M-Shield mobile security technology: making wireless secure. Texas Instruments White Paper (2008), http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf
Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)
Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)
Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security (ACM CCS), pp. 62–73. ACM, New York (1993)
Brown, C.: NFC room keys find favour with hotel guests, http://www.nfcworld.com/2011/06/08/37869/nfc-room-keys-find-favour-with-hotel-guests/
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R.: Xmandroid: A new Android evolution to mitigate privilege escalation attacks. Technical Report TR-2011-04, Technische Universität Darmstadt (2011)
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R., Shastry, B.: Towards taming privilege-escalation attacks on Android. In: 19th Annual Network & Distributed System Security Symposium, NDSS (2012)
Bugiel, S., Davi, L., Dmitrienko, A., Heuser, S., Sadeghi, A.R., Shastry, B.: Practical and lightweight domain isolation on Android. In: ACM CCS Workshop on Security and Privacy in Mobile Devices (SPSM). ACM Press (2011)
Bugiel, S., Dmitrienko, A., Kostiainen, K., Sadeghi, A.-R., Winandy, M.: TruWalletM: Secure Web Authentication on Mobile Platforms. In: Chen, L., Yung, M. (eds.) INTRUST 2010. LNCS, vol. 6802, pp. 219–236. Springer, Heidelberg (2011)
Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)
Chen, W., Hancke, G.P., Mayes, K.E., Lien, Y., Chiu, J.H.: NFC mobile transactions and authentication based on GSM network. In: International Workshop on Near Field Communication (NFC), pp. 83–89. IEEE Computer Society, Washington, DC (2010)
Clark, S.: NXP launches NFC car key, http://www.nfcworld.com/2011/06/22/38196/nxp-launches-nfc-car-key/
Clark, S.: VingCard launches NFC room key system for hotels, http://www.nfcworld.com/2011/06/28/38366/vingcard-launches-nfc-room-key-system-for-hotels/
Costan, V., Sarmenta, L.F.G., van Dijk, M., Devadas, S.: The Trusted Execution Module: Commodity General-Purpose Trusted Computing. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 133–148. Springer, Heidelberg (2008)
Davi, L., Dmitrienko, A., Kowalski, C., Winandy, M.: Trusted virtual domains on OKL4: Secure information sharing on smartphones. In: ACM Workshop on Scalable Trusted Computing (ACM STC). ACM Press (2011)
Dmitrienko, A., Sadeghi, A.R., Tamrakar, S., Wachsmann, C.: Smarttokens: Delegable access control with NFC-enabled smartphones (extended version). Cryptology ePrint Archive, Report 2012/187 (2012)
Gartner Inc.: (2011), http://www.gartner.com/it/page.jsp?id=1689814
Gauthier, V.D., Wouters, K.M., Karahan, H., Preneel, B.: Offline NFC payments with electronic vouchers. In: ACM Workshop on Networking, Systems, and Applications for Mobile Handhelds (MobiHeld), pp. 25–30. ACM, New York (2009)
Ghìron, S.L., Sposato, S., Medaglia, C.M., Moroni, A.: NFC ticketing: A prototype and usability test of an NFC-based virtual ticketing application. In: International Workshop on Near Field Communication (NFC), pp. 45–50. IEEE Computer Society, Washington, DC (2009)
Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28, 270–299 (1984)
Trusted Computing Group: TPM Main Specification, Version 1.2 rev. 103 (2007), https://www.trustedcomputinggroup.org
Heiser, G., Leslie, B.: The OKL4 microvisor: Convergence point of microkernels and hypervisors. In: ACM Asia-pacific Workshop on Systems (APSys), pp. 19–24. ACM, New York (2010)
Hutter, M., Toegl, R.: A trusted platform module for near field communication. In: International Conference on Systems and Networks Communications (ICSNC), pp. 136–141. IEEE Computer Society, Washington, DC (2010)
Kadambi, K.S., Li, J., Karp, A.H.: Near-field communication-based secure mobile payment service. In: International Conference on Electronic Commerce (ICEC), pp. 142–151. ACM, New York (2009)
Kalman, G., Noll, J., UniK, K.: SIM as secure key storage in communication networks. In: International Conference on Wireless and Mobile Communications, ICWMC (2007)
Kostiainen, K., Asokan, N., Afanasyeva, A.: Towards User-Friendly Credential Transfer on Open Credential Platforms. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 395–412. Springer, Heidelberg (2011)
Kostiainen, K., Ekberg, J.E., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: ACM Symposium on Information, Computer, and Communications Security (ASIACCS), pp. 104–115. ACM (2009)
Mantoro, T., Milisic, A.: Smart card authentication for Internet applications using NFC enabled phone. In: International Conference on Information and Communication Technology for the Muslim World, ICT4M (2010)
Massachusetts Institute of Technology: Kerberos: The network authentication protocol, http://web.mit.edu/kerberos/
McAfee Labs: McAfee threats report: Second quarter (2011), http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2011.pdf
McAfee Labs: McAfee threats report: Third quarter (2011), http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2011.pdf
Noll, J., Lopez Calvet, J.C., Myksvoll, K.: Admittance services through mobile phone short messages. In: International Multi-Conference on Computing in the Global Information Technology, pp. 77–82. IEEE Computer Society, Washington, DC (2006)
Reveilhac, M., Pasquet, M.: Promising secure element alternatives for NFC technology. In: International Workshop on Near Field Communication (NFC), pp. 75–80. IEEE Computer Society, Washington, DC (2009)
Robertson, T.: Eight industries that will benefit from NFC technology, https://www.x.com/devzone/articles/eight-industries-will-benefit-nfc-technology
Rushby, J.M.: Design and verification of secure systems. In: ACM Symposium on Operating Systems Principles, SOPS (1981)
Shoup, V.: Sequences of games: A tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 (2004)
Soghoian, C., Aad, I.: Merx: Secure and Privacy Preserving Delegated Payments. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 217–239. Springer, Heidelberg (2009)
Tamrakar, S., Ekberg, J.E., Asokan, N.: Identity verification schemes for public transport ticketing with NFC phones. In: ACM workshop on Scalable Trusted Computing (STC), pp. 37–48. ACM, New York (2011)
Telecom Innovation Laboratories: Mobile Wallet turns cell phones into digital car keys (2011), http://www.laboratories.telekom.com/public/English/Newsroom/news/Pages/digitaler_Autoschluessel_Mobile_Wallet.aspx
Toegl, R., Hutter, M.: An approach to introducing locality in remote attestation using near field communications. J. Supercomput. 55(2), 207–227 (2011)
Zhang, X., Acıiçmez, O., Seifert, J.P.: A trusted mobile phone reference architecture via secure kernel. In: ACM workshop on Scalable Trusted Computing (ACM STC), pp. 7–14. ACM, New York (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dmitrienko, A., Sadeghi, AR., Tamrakar, S., Wachsmann, C. (2012). SmartTokens: Delegable Access Control with NFC-Enabled Smartphones. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds) Trust and Trustworthy Computing. Trust 2012. Lecture Notes in Computer Science, vol 7344. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30921-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-30921-2_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30920-5
Online ISBN: 978-3-642-30921-2
eBook Packages: Computer ScienceComputer Science (R0)