Secure enrollment and practical migration for mobile trusted execution environments

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2013, Pages 93-98

  Marforio, Claudio ^a   Karapanos, Nikolaos ^a   Soriente, Claudio ^a   Kostiainen, Kari ^a   Čapkun, Srdjan ^a  

^a ETH ZURICH   (Switzerland)

Author keywords

arm trustzone; second factor authentication; secure enrollment; trusted execution environment

Indexed keywords

ARM TRUSTZONE; DEVICE ARCHITECTURES; MOBILE BANKINGS; MOBILE SECURITY; SECURE ENROLLMENT; SECURITY SERVICES; SECURITY TOKENS; TRUSTED EXECUTION ENVIRONMENTS;

ARM PROCESSORS; MOBILE TELECOMMUNICATION SYSTEMS; SMARTPHONES;

MOBILE DEVICES;

EID: 84888997234     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2516760.2516764     Document Type: Conference Paper

References (30)

1. ARM. Securing the system with trustzone ready program. (last access 2013). www.arm.com/files/pdf/Tech-seminar-TrustZone-v7-PUBLIC.pdf.
2. ARM. Building a Secure System using TrustZone Technology. www.arm.com, 2009.
3. ASSA ABLOY. Evaluation of the world's first pilot using NFC phones for check-in and hotel room keys. (last access 2013). www.assaabloy.com.
4. AZEMA, J., AND FAYAD, G. M-Shield mobile security technology: Making wireless secure. focus.ti.com/pdfs/wtbu/ti-mshield-whitepaper.pdf, 2008.
5. BARCLAYS. Mobile PINsentry. (last access 2013). goo.gl/pcuGo.
6. BUSOLD, C., TAHA, A., WACHSMANN, C., DMITRIENKO, A., SEUDIÉ, H., SOBHANI, M., AND SADEGHI, A.-R. Smart keys for cyber-cars: secure smartphone-based NFC-enabled car immobilizer. In ACM conference on Data and application security and privacy (2013), CODASPY'13.
7. DMITRIENKO, A., SADEGHI, A.-R., TAMRAKAR, S., AND WACHSMANN, C. SmartTokens: Delegable Access Control with NFC-enabled Smartphones. In International Conference on Trust and Trustworthy Computing (2011), TRUST'11.
8. FELT, A. P., FINIFTER, M., CHIN, E., HANNA, S., AND WAGNER, D. A survey of mobile malware in the wild. In ACM workshop on Security and privacy in smartphones and mobile devices (2011), SPSM'11.
9. GEMALTO. Mobile ID. (last access 2013). www.gemalto.com/govt/coesys/ mobile-id.html.
10. GLOBALPLATFORM. Card Specification Version 2.2.1. www.globalplatform.org/ specificationscard.asp.
11. GLOBALPLATFORM. Device specifications. www.globalplatform.org/ specificationsdevice.asp.
12. GOOGLE INC. Google 2-Step Verification. (last access 2013). www.google.com/landing/2step/.
13. GOOGLE INC. Google wallet. (last access 2013). www.google.com/wallet/.
14. HARVARD HEALTH PUBLICATIONS. Using smartphone apps for heart health. (last access 2013). www.health.harvard.edu/family-health-guide/updates/using- smartphone-apps-for-heart-health.
15. KOSTIAINEN, K., ASOKAN, N., AND AFANASYEVA, A. Towards user-friendly credential transfer on open credential platforms. In International conference on Applied cryptography and network security (2011), ACNS'11, pp. 395-412.
16. KOSTIAINEN, K., EKBERG, J.-E., ASOKAN, N., AND RANTALA, A. On-board credentials with open provisioning. In International Symposium on Information, Computer, and Communications Security (2009), ASIACCS'09.
17. KOSTIAINEN, K., RESHETOVA, E., EKBERG, J.-E., AND ASOKAN, N. Old, new, borrowed, blue - a perspective on the evolution of mobile platform security architectures. In ACM conference on Data and application security and privacy (2011), CODASPY'11.
18. KUMAR, A., SAXENA, N., TSUDIK, G., AND UZUN, E. Caveat emptor: A comparative study of secure device pairing methods. In IEEE International Conference on Pervasive Computing and Communications (2009), PerCom'09, pp. 1-10.
19. MCKEEN, F., ALEXANDROVICH, I., BERENZON, A., ROZAS, C., SHAFI, H., SHANBHOGUE, V., AND SAVAGAONKAR, U. Innovative instructions and software model for isolated execution. In Workshop on Hardware and Architectural Support for Security and Privacy (2013).
20. NFC TIMES. New York Transit Authority to Test Tag-based Ticketing with Nokia NFC Phones. (last access 2013). nfctimes.com/news/new-york-transit- authority-test-tag-based-ticketing-nokia-nfc-phones.
21. SAROIU, S., AND WOLMAN, A. I am a sensor, and I approve this message. In Proceedings of ACM International Workshop on Mobile Computing Systems and Applications (HotMobile) (2010).
22. SCHECHTER, S. E., DHAMIJA, R., OZMENT, A., AND FISCHER, I. The emperor's new security indicators. In IEEE Symposium on Security and Privacy (2007), SP'07.
23. SELHORST, M., STÜBLE, C., FELDMANN, F., AND GNAIDA, U. Towards a trusted mobile desktop. In International conference on Trust and trustworthy computing (2010), TRUST'10.
24. SORBER, J., SHIN, M., PETERSON, R. A., AND KOTZ, D. Plug-n-trust: practical trusted sensing for mhealth. In International Conference on Mobile Systems, Applications, and Services (2012), MobiSys'12.
25. TAMRAKAR, S., AND EKBERG, J.-E. Tapping and Tripping with NFC. In Proceedings of the International Conference on Trust and Trustworthy Computing (TRUST'13) (2013).
26. VAN RIJSWIJK-DEIJ, R., AND POLL, E. Using trusted execution environment in two-factor authentication: comparing approaches. In Open Identity Summit (2013), OID'13.
27. VASUDEVAN, A., OWUSU, E., ZHOU, Z., NEWSOME, J., AND MCCUNE, J. M. Trustworthy execution on mobile devices: What security properties can my mobile platform give me? In International Conference on Trust and Trustworthy Computing (2012), TRUST'12, pp. 159-178.
28. WHATSAPP INC. WhatsApp mobile messaging application. www.whatsapp.com, last access 2013.
29. YE, Z., SMITH, S. W., AND ANTHONY, D. Trusted paths for browsers. ACM Trans. Inf. Syst. Secur. 8, 2 (2005), 153-186.
30. ZHOU, Y., AND JIANG, X. Dissecting android malware: Characterization and evolution. In IEEE Symposium on Security and Privacy (2012), SP'12.