Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Droidcon2013 key2 share_dmitrienko_fraunhofer
1. Key2Share: NFC-enabled
Smartphone-based Access Control
Alexandra Dmitrienko
Cyberphysical Mobile Systems Security Group
Fraunhofer Institute for Secure Information Technology,
Darmstadt
2. Motivation
Mobile phones are increasingly used in our daily life
Hundred thousands of apps on app markets
New interfaces like NFC open new application fields
Payments, ticketing
2
mPayments mTicketing
A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
3. + NFC =
Why not Using a Smartphone as a Key?
A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin 3
4. Smartphone as a Door Key
Access control by enterprises to their facilities
Access to hotel rooms
Access control in private sector (houses, garages)
4A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
5. Smartphone as a Key
for Storage Facilities
Access to safes in hotel rooms
Lockers in luggage storage at train stations/airports
DHL Packing stations
5
DHL packing stations
A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
6. Smartphone as a Car Key
Fleet management by enterprises
Car sharing by rental/car sharing companies
Or just share your car with family members or friends
6A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
7. Advantages of Electronic Keys
7
Usual Keys SmartCards Key2Share
Distribution Requires physical
access
Requires physical
access
Remote
Revocation Requires physical
access or replacement
of the lock
Remote Remote
Delegation Not possible Not possible Possible
Context-aware
access (e.g.,
time frame)
Not possible Possible Possible
A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
8. Requirements and Challenges
8
Security
Protection of electronic keys in transit and on the platform
Performance in face of limited NFC bandwidth (~ 10 kbps)
Only symmetric-based key crypto for authentication
Offline authentication
Addressed by protocol design
A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
9. Key2Share: System Model
9
Issuer
Key2Share
web-service
Resources
1. Employ the employee/sell the car
Users
Delegated users
5.Sharekey
3. Electronic key issued
4. User Authentication
with the issued key
6. User Authentication
with the shared key
2. One-time registration
A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
11. Platform Security Architecture
11
Untrusted host Trusted Execution Environment
NFC Chip
Key2Share Secure AppKey2Share App
WiFi
TrEE
Service
TrEE
Mgr
Secure
Storage
User
Interface
Secure
UI
A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
12. Possible TrEE Instantiations
In software
Full virtualization
(e.g., based on OKL4
hypervisor)
Kernel-level
Virtualization (e.g.,
vServer)
OS-level isolation
(e.g., BizzTrust)
CPU extensions
(ARM TrustZone)
12
Secure Element (SE)
on SIM card
SE on microSD card
Embedded SE (eSE)
on NFC chip
In hardware
A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
13. TrEE in Hardware
13
CPU Extensions (e.g., ARM TrustZone)
• Controlled by device manufacturers
• No APIs are exposed to apps to access it
Secure Element (SE) on SIM Card
• Controlled by network operators
SE on SD Card
• Freely programmable
embedded SE (eSE) on NFC Chip
• Controlled by device manufacturers
• has pre-installed Mifare Classic applet
A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
14. APIs for Accessing Secure Elements
SE on SD Card can be accessed via Open Mobile API
However, access is disabled in stock Android images
eSE can be accessed via Open Mobile API and NFC Private API
NFC Private API can be used only by Google-signed apps
Only white-listed apps can communicate with eSE via Open Mobile API,
root access is required to add an app to the white list
App layer
OS
App
NFC Private
API
Open Mobile API
(SEEK-for-Android)
HW
SE on SD Card
App App
eSE on NFC Chip
14A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
15. The Best Candidate: SE on SD Card
We used Giesecke & Devrient Mobile Security Card
can be attached to the phone via the microSD slot
It is a stanrdard Java Card and can run applets
Implementation of Key2Share Secure as a Java applet
1515A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
16. TrEE in Software
• We leveraged a security architecture which provides
lightweight domain isolation for Android
• The architecture is initially was intended to allow
usage of a single device for business and private
needs
• http://www.bizztrust.de/
16A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
17. BizzTrust:
Dual Persona Phone
Colors corporate and private apps with green and red
Prohibits communication between apps with different colors
Application layer
Middleware layer
Kernel layer
AppB
IPC MAC
File System Linux DAC
Network
Sockets
MAC
MAC
MAC
AppA
17A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
Access control
of Android
Added by
BizzTrust
Linux DAC
18. BizzTrust-based TrEE
Create blue domain isolated from red and green
Execute security sensitive code in blue domain
BizzTrust allows only Key2Share app to communicate
with the code from blue domain
18
Software isolation layer:
Hardened Android OS (BizzTrust)
Trusted Execution
Environment (TrEE)
Domain BLUE
Key2Share
Secure
Private Domain
RED
Corporate Domain
GREEN
Red
App
Key2Share
18A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
20. Implementation in 3 Versions
1. Hardware-based TrEE based on Mobile Security Card
2. Software-based TrEE based on BizzTrust
3. Key2Share Secure as a separate Android application
20A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
21. Authentication Performance
20 rounds
Transmission time for authentication protocol messages
(with 95% confidence interval)
92 bytes to be transferred for the user
140 bytes to be transferred for the delegated user
The door locks open within a half a second
21
User Type Connection
Establishment, ms
Overall session Time,
ms
User 245.17± 0.54 441.80 ± 0.54
Delegated user 245.17± 0.54 473.55 ± 0.54
A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin
22. Work in Progress and Challenges
Backward compatibility to existing access control solutions
Compatibility to MiFare (standard for wireless cards)
Integration into smartcard-based access control solutions
(Matrix of Bosch)
Smartphone in card emulation mode (does not require
power for authentication)
Challenges are related to missing support of card emulation
mode in Android
Other platforms (e.g., Nokia, Blackberry) support card
emulation
22A. Dmitrienko, Fraunhofer SIT Droidcon 2013, Berlin