Droidcon2013 key2 share_dmitrienko_fraunhofer
Upcoming SlideShare
Loading in...5
×
 

Droidcon2013 key2 share_dmitrienko_fraunhofer

on

  • 679 views

 

Statistics

Views

Total Views
679
Views on SlideShare
522
Embed Views
157

Actions

Likes
0
Downloads
6
Comments
0

2 Embeds 157

http://de.droidcon.com 156
http://www.google.com.br 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Droidcon2013 key2 share_dmitrienko_fraunhofer Droidcon2013 key2 share_dmitrienko_fraunhofer Presentation Transcript

  • Key2Share: NFC-enabledSmartphone-based Access ControlAlexandra DmitrienkoCyberphysical Mobile Systems Security GroupFraunhofer Institute for Secure Information Technology,Darmstadt
  • Motivation Mobile phones are increasingly used in our daily life Hundred thousands of apps on app markets New interfaces like NFC open new application fields Payments, ticketing2mPayments mTicketingA. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • + NFC =Why not Using a Smartphone as a Key?A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin 3
  • Smartphone as a Door Key Access control by enterprises to their facilities Access to hotel rooms Access control in private sector (houses, garages)4A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • Smartphone as a Keyfor Storage Facilities Access to safes in hotel rooms Lockers in luggage storage at train stations/airports DHL Packing stations5DHL packing stationsA. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • Smartphone as a Car Key Fleet management by enterprises Car sharing by rental/car sharing companies Or just share your car with family members or friends6A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • Advantages of Electronic Keys7Usual Keys SmartCards Key2ShareDistribution Requires physicalaccessRequires physicalaccessRemoteRevocation Requires physicalaccess or replacementof the lockRemote RemoteDelegation Not possible Not possible PossibleContext-awareaccess (e.g.,time frame)Not possible Possible PossibleA. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • Requirements and Challenges8SecurityProtection of electronic keys in transit and on the platformPerformance in face of limited NFC bandwidth (~ 10 kbps)Only symmetric-based key crypto for authenticationOffline authenticationAddressed by protocol designA. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • Key2Share: System Model9IssuerKey2Shareweb-serviceResources1. Employ the employee/sell the carUsersDelegated users5.Sharekey3. Electronic key issued4. User Authenticationwith the issued key6. User Authenticationwith the shared key2. One-time registrationA. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • Key2Share SecurityPlatform Security10Secure communicationprotocolsA. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • Platform Security Architecture11Untrusted host Trusted Execution EnvironmentNFC ChipKey2Share Secure AppKey2Share AppWiFiTrEEServiceTrEEMgrSecureStorageUserInterfaceSecureUIA. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • Possible TrEE InstantiationsIn softwareFull virtualization(e.g., based on OKL4hypervisor)Kernel-levelVirtualization (e.g.,vServer)OS-level isolation(e.g., BizzTrust)CPU extensions(ARM TrustZone)12Secure Element (SE)on SIM cardSE on microSD cardEmbedded SE (eSE)on NFC chipIn hardwareA. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • TrEE in Hardware13CPU Extensions (e.g., ARM TrustZone)• Controlled by device manufacturers• No APIs are exposed to apps to access itSecure Element (SE) on SIM Card• Controlled by network operatorsSE on SD Card• Freely programmableembedded SE (eSE) on NFC Chip• Controlled by device manufacturers• has pre-installed Mifare Classic appletA. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • APIs for Accessing Secure Elements SE on SD Card can be accessed via Open Mobile API However, access is disabled in stock Android images eSE can be accessed via Open Mobile API and NFC Private API NFC Private API can be used only by Google-signed apps Only white-listed apps can communicate with eSE via Open Mobile API,root access is required to add an app to the white listApp layerOSAppNFC PrivateAPIOpen Mobile API(SEEK-for-Android)HWSE on SD CardApp AppeSE on NFC Chip14A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • The Best Candidate: SE on SD Card We used Giesecke & Devrient Mobile Security Card can be attached to the phone via the microSD slot It is a stanrdard Java Card and can run applets Implementation of Key2Share Secure as a Java applet1515A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • TrEE in Software• We leveraged a security architecture which provideslightweight domain isolation for Android• The architecture is initially was intended to allowusage of a single device for business and privateneeds• http://www.bizztrust.de/16A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • BizzTrust:Dual Persona Phone Colors corporate and private apps with green and red Prohibits communication between apps with different colorsApplication layerMiddleware layerKernel layerAppBIPC MACFile System Linux DACNetworkSocketsMACMACMACAppA17A. Dmitrienko, Fraunhofer SIT Droidcon 2013, BerlinAccess controlof AndroidAdded byBizzTrustLinux DAC
  • BizzTrust-based TrEE Create blue domain isolated from red and green Execute security sensitive code in blue domain BizzTrust allows only Key2Share app to communicatewith the code from blue domain18Software isolation layer:Hardened Android OS (BizzTrust)Trusted ExecutionEnvironment (TrEE)Domain BLUEKey2ShareSecurePrivate DomainREDCorporate DomainGREENRedAppKey2Share18A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • Protocol Security19Well-established cryptographicprimitives (AES, SHA-1, RSA)Formal security proof of theprotocolsFormal tool-aided verification ofprotocolsA. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • Implementation in 3 Versions1. Hardware-based TrEE based on Mobile Security Card2. Software-based TrEE based on BizzTrust3. Key2Share Secure as a separate Android application20A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • Authentication Performance 20 rounds Transmission time for authentication protocol messages(with 95% confidence interval) 92 bytes to be transferred for the user 140 bytes to be transferred for the delegated user The door locks open within a half a second21User Type ConnectionEstablishment, msOverall session Time,msUser 245.17± 0.54 441.80 ± 0.54Delegated user 245.17± 0.54 473.55 ± 0.54A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • Work in Progress and Challenges Backward compatibility to existing access control solutions Compatibility to MiFare (standard for wireless cards) Integration into smartcard-based access control solutions(Matrix of Bosch) Smartphone in card emulation mode (does not requirepower for authentication) Challenges are related to missing support of card emulationmode in Android Other platforms (e.g., Nokia, Blackberry) support cardemulation22A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
  • Thank youalexandra.dmitrienko@sit.fraunhofer.de23A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin