Abstract | Today, most smartphones feature different kinds of secure
hardware such as processor-based security extensions (e.g., TrustZone)
and dedicated secure co-processors, e.g., a SIM card or an embedded secure
element available on NFC-enabled devices (e.g., as used by Google
Wallet). Unfortunately, the available secure hardware is almost never
utilized by commercial third party apps, although their usage would
drastically improve the security of security critical apps. The reasons
are diverse: secure hardware stakeholders such as phone manufacturers
and mobile network operators (MNOs) have full control over the corresponding
interfaces and expect high financial revenue; and the current
code provisioning schemes are inflexible and impractical since they require
developers to collaborate with secure hardware stakeholders, which
is hardly affordable for typical developers of mobile apps.
In this paper we propose a new paradigm for secure hardware code provisioning.
Our solution (i) allows developers to distribute security sensitive
code (e.g., trusted apps or applets) as a part of the mobile app package;
(ii) supports flexible and dynamic assignment of access rights to secure
hardware APIs from mobile apps independently from an OS vendor and
a stakeholder; (iii) enables stakeholders of secure hardware to obtain revenue
for every provisioned piece of code; (iv) allows for automated and
transparent installation and deinstallation of applets on demand in order
to permit arbitrary number of applets, e.g., in the constraint Java
card environment. Our scheme is compatible with Global Platform (GP)
specifications and can be easily incorporated into existing standards. We
developed a proof of concept prototype based on a Java card secure element
on an Android-based smartphone and smartwatch and evaluated
it by deploying a security critical application for access control. |
---|