Paper 2012/187

SmartTokens: Delegable Access Control with NFC-enabled Smartphones (Full Version)

Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Sandeep Tamrakar, and Christian Wachsmann


Today's smartphones and tablets offer compelling computing and storage capabilities enabling a variety of mobile applications with rich functionality. The integration of new interfaces, in particular near field communication~(NFC) opens new opportunities for new applications and business models, as the most recent trend in industry for payment and ticketing shows. These applications require storing and processing security-critical data on smartphones, making them attractive targets for a variety of attacks. The state of the art to enhance platform security concerns outsourcing security-critical computations to hardware-isolated Trusted Execution Environments~(TrEE). However, since these TrEEs are used by software running in commodity operating systems, malware could impersonate the software and use the TrEE in an unintended way. Further, existing NFC-based access control solutions for smartphones are either not public or based on strong assumptions that are hard to achieve in practice. We present the design and implementation of a generic access control system for NFC-enabled smartphones based on a multi-level security architecture for smartphones. Our solution allows users to delegate their access rights and addresses the bandwidth constraints of NFC. Our prototype captures electronic access to facilities, such as entrances and offices, and binds NFC operations to a software-isolated TrEE established on the widely used Android smartphone operating system. We provide a formal security analysis of our protocols and evaluated the performance of our solution.

Note: Fixed a typo in Figure 3.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. A shorter version of this paper will be published at TRUST 2012. This is tan extended version that includes a detailed security proof.
delegation authentication token smartphone
Contact author(s)
christian wachsmann @ trust cased de
2012-04-13: revised
2012-04-11: received
See all versions
Short URL
Creative Commons Attribution


      author = {Alexandra Dmitrienko and Ahmad-Reza Sadeghi and Sandeep Tamrakar and Christian Wachsmann},
      title = {{SmartTokens}: Delegable Access Control with {NFC}-enabled Smartphones (Full Version)},
      howpublished = {Cryptology ePrint Archive, Paper 2012/187},
      year = {2012},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.