SmartTokens: Delegable Access Control with NFC-Enabled Smartphones

  • Alexandra Dmitrienko
  • Ahmad-Reza Sadeghi
  • Sandeep Tamrakar
  • Christian Wachsmann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7344)

Abstract

Today’s smartphones and tablets offer compelling computing and storage capabilities enabling a variety of mobile applications with rich functionality. The integration of new interfaces, in particular near field communication (NFC) opens new opportunities for new applications and business models, as the most recent trend in industry for payment and ticketing shows. These applications require storing and processing security-critical data on smartphones, making them attractive targets for a variety of attacks. The state of the art to enhance platform security concerns outsourcing security-critical computations to hardware-isolated Trusted Execution Environments (TrEE). However, since these TrEEs are used by software running in commodity operating systems, malware could impersonate the software and use the TrEE in an unintended way. Further, existing NFC-based access control solutions for smartphones are either not public or based on strong assumptions that are hard to achieve in practice. We present the design and implementation of a generic access control system for NFC-enabled smartphones based on a multi-level security architecture for smartphones. Our solution allows users to delegate their access rights and addresses the bandwidth constraints of NFC. Our prototype captures electronic access to facilities, such as entrances and offices, and binds NFC operations to a software-isolated TrEE established on the widely used Android smartphone operating system. We provide a formal security analysis of our protocols and evaluate the performance of our solution.

Keywords

Access Control Authentication Protocol Random Oracle Mobile Platform Near Field Communication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    VingCard Elsafe’s NFC locking solution wins prestigious gaming industry technology award, http://www.hotel-online.com/News/PR2011_3rd/Aug11_VingCardHOT.html
  2. 2.
    Alves, T., Felton, D.: TrustZone: Integrated hardware and software security. Information Quaterly 3(4) (2004)Google Scholar
  3. 3.
    Azema, J., Fayad, G.: M-Shield mobile security technology: making wireless secure. Texas Instruments White Paper (2008), http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf
  4. 4.
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)Google Scholar
  5. 5.
    Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security (ACM CCS), pp. 62–73. ACM, New York (1993)CrossRefGoogle Scholar
  7. 7.
    Brown, C.: NFC room keys find favour with hotel guests, http://www.nfcworld.com/2011/06/08/37869/nfc-room-keys-find-favour-with-hotel-guests/
  8. 8.
    Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R.: Xmandroid: A new Android evolution to mitigate privilege escalation attacks. Technical Report TR-2011-04, Technische Universität Darmstadt (2011)Google Scholar
  9. 9.
    Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R., Shastry, B.: Towards taming privilege-escalation attacks on Android. In: 19th Annual Network & Distributed System Security Symposium, NDSS (2012)Google Scholar
  10. 10.
    Bugiel, S., Davi, L., Dmitrienko, A., Heuser, S., Sadeghi, A.R., Shastry, B.: Practical and lightweight domain isolation on Android. In: ACM CCS Workshop on Security and Privacy in Mobile Devices (SPSM). ACM Press (2011)Google Scholar
  11. 11.
    Bugiel, S., Dmitrienko, A., Kostiainen, K., Sadeghi, A.-R., Winandy, M.: TruWalletM: Secure Web Authentication on Mobile Platforms. In: Chen, L., Yung, M. (eds.) INTRUST 2010. LNCS, vol. 6802, pp. 219–236. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  12. 12.
    Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Chen, W., Hancke, G.P., Mayes, K.E., Lien, Y., Chiu, J.H.: NFC mobile transactions and authentication based on GSM network. In: International Workshop on Near Field Communication (NFC), pp. 83–89. IEEE Computer Society, Washington, DC (2010)CrossRefGoogle Scholar
  14. 14.
  15. 15.
    Clark, S.: VingCard launches NFC room key system for hotels, http://www.nfcworld.com/2011/06/28/38366/vingcard-launches-nfc-room-key-system-for-hotels/
  16. 16.
    Costan, V., Sarmenta, L.F.G., van Dijk, M., Devadas, S.: The Trusted Execution Module: Commodity General-Purpose Trusted Computing. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 133–148. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Davi, L., Dmitrienko, A., Kowalski, C., Winandy, M.: Trusted virtual domains on OKL4: Secure information sharing on smartphones. In: ACM Workshop on Scalable Trusted Computing (ACM STC). ACM Press (2011)Google Scholar
  18. 18.
    Dmitrienko, A., Sadeghi, A.R., Tamrakar, S., Wachsmann, C.: Smarttokens: Delegable access control with NFC-enabled smartphones (extended version). Cryptology ePrint Archive, Report 2012/187 (2012)Google Scholar
  19. 19.
  20. 20.
    Gauthier, V.D., Wouters, K.M., Karahan, H., Preneel, B.: Offline NFC payments with electronic vouchers. In: ACM Workshop on Networking, Systems, and Applications for Mobile Handhelds (MobiHeld), pp. 25–30. ACM, New York (2009)Google Scholar
  21. 21.
    Ghìron, S.L., Sposato, S., Medaglia, C.M., Moroni, A.: NFC ticketing: A prototype and usability test of an NFC-based virtual ticketing application. In: International Workshop on Near Field Communication (NFC), pp. 45–50. IEEE Computer Society, Washington, DC (2009)CrossRefGoogle Scholar
  22. 22.
    Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28, 270–299 (1984)MathSciNetMATHCrossRefGoogle Scholar
  23. 23.
    Trusted Computing Group: TPM Main Specification, Version 1.2 rev. 103 (2007), https://www.trustedcomputinggroup.org
  24. 24.
    Heiser, G., Leslie, B.: The OKL4 microvisor: Convergence point of microkernels and hypervisors. In: ACM Asia-pacific Workshop on Systems (APSys), pp. 19–24. ACM, New York (2010)CrossRefGoogle Scholar
  25. 25.
    Hutter, M., Toegl, R.: A trusted platform module for near field communication. In: International Conference on Systems and Networks Communications (ICSNC), pp. 136–141. IEEE Computer Society, Washington, DC (2010)CrossRefGoogle Scholar
  26. 26.
    Kadambi, K.S., Li, J., Karp, A.H.: Near-field communication-based secure mobile payment service. In: International Conference on Electronic Commerce (ICEC), pp. 142–151. ACM, New York (2009)Google Scholar
  27. 27.
    Kalman, G., Noll, J., UniK, K.: SIM as secure key storage in communication networks. In: International Conference on Wireless and Mobile Communications, ICWMC (2007)Google Scholar
  28. 28.
    Kostiainen, K., Asokan, N., Afanasyeva, A.: Towards User-Friendly Credential Transfer on Open Credential Platforms. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 395–412. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  29. 29.
    Kostiainen, K., Ekberg, J.E., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: ACM Symposium on Information, Computer, and Communications Security (ASIACCS), pp. 104–115. ACM (2009)Google Scholar
  30. 30.
    Mantoro, T., Milisic, A.: Smart card authentication for Internet applications using NFC enabled phone. In: International Conference on Information and Communication Technology for the Muslim World, ICT4M (2010)Google Scholar
  31. 31.
    Massachusetts Institute of Technology: Kerberos: The network authentication protocol, http://web.mit.edu/kerberos/
  32. 32.
    McAfee Labs: McAfee threats report: Second quarter (2011),http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2011.pdf
  33. 33.
    McAfee Labs: McAfee threats report: Third quarter (2011), http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2011.pdf
  34. 34.
    Noll, J., Lopez Calvet, J.C., Myksvoll, K.: Admittance services through mobile phone short messages. In: International Multi-Conference on Computing in the Global Information Technology, pp. 77–82. IEEE Computer Society, Washington, DC (2006)Google Scholar
  35. 35.
    Reveilhac, M., Pasquet, M.: Promising secure element alternatives for NFC technology. In: International Workshop on Near Field Communication (NFC), pp. 75–80. IEEE Computer Society, Washington, DC (2009)CrossRefGoogle Scholar
  36. 36.
    Robertson, T.: Eight industries that will benefit from NFC technology, https://www.x.com/devzone/articles/eight-industries-will-benefit-nfc-technology
  37. 37.
    Rushby, J.M.: Design and verification of secure systems. In: ACM Symposium on Operating Systems Principles, SOPS (1981)Google Scholar
  38. 38.
    Shoup, V.: Sequences of games: A tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 (2004)Google Scholar
  39. 39.
    Soghoian, C., Aad, I.: Merx: Secure and Privacy Preserving Delegated Payments. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 217–239. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  40. 40.
    Tamrakar, S., Ekberg, J.E., Asokan, N.: Identity verification schemes for public transport ticketing with NFC phones. In: ACM workshop on Scalable Trusted Computing (STC), pp. 37–48. ACM, New York (2011)Google Scholar
  41. 41.
    Telecom Innovation Laboratories: Mobile Wallet turns cell phones into digital car keys (2011), http://www.laboratories.telekom.com/public/English/Newsroom/news/Pages/digitaler_Autoschluessel_Mobile_Wallet.aspx
  42. 42.
    Toegl, R., Hutter, M.: An approach to introducing locality in remote attestation using near field communications. J. Supercomput. 55(2), 207–227 (2011)CrossRefGoogle Scholar
  43. 43.
    Zhang, X., Acıiçmez, O., Seifert, J.P.: A trusted mobile phone reference architecture via secure kernel. In: ACM workshop on Scalable Trusted Computing (ACM STC), pp. 7–14. ACM, New York (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Alexandra Dmitrienko
    • 1
  • Ahmad-Reza Sadeghi
    • 2
  • Sandeep Tamrakar
    • 3
  • Christian Wachsmann
    • 4
  1. 1.Fraunhofer SIT DarmstadtGermany
  2. 2.Technische Universität Darmstadt & Fraunhofer SIT DarmstadtGermany
  3. 3.Aalto University School of ScienceFinland
  4. 4.Technische Universität Darmstadt (CASED)Germany

Personalised recommendations