Cryptology ePrint Archive: Report 2012/187

SmartTokens: Delegable Access Control with NFC-enabled Smartphones (Full Version)

Alexandra Dmitrienko and Ahmad-Reza Sadeghi and Sandeep Tamrakar and Christian Wachsmann

Abstract: Today's smartphones and tablets offer compelling computing and storage capabilities enabling a variety of mobile applications with rich functionality. The integration of new interfaces, in particular near field communication~(NFC) opens new opportunities for new applications and business models, as the most recent trend in industry for payment and ticketing shows. These applications require storing and processing security-critical data on smartphones, making them attractive targets for a variety of attacks. The state of the art to enhance platform security concerns outsourcing security-critical computations to hardware-isolated Trusted Execution Environments~(TrEE). However, since these TrEEs are used by software running in commodity operating systems, malware could impersonate the software and use the TrEE in an unintended way. Further, existing NFC-based access control solutions for smartphones are either not public or based on strong assumptions that are hard to achieve in practice.

We present the design and implementation of a generic access control system for NFC-enabled smartphones based on a multi-level security architecture for smartphones. Our solution allows users to delegate their access rights and addresses the bandwidth constraints of NFC. Our prototype captures electronic access to facilities, such as entrances and offices, and binds NFC operations to a software-isolated TrEE established on the widely used Android smartphone operating system. We provide a formal security analysis of our protocols and evaluated the performance of our solution.

Category / Keywords: cryptographic protocols / delegation authentication token smartphone

Publication Info: A shorter version of this paper will be published at TRUST 2012. This is tan extended version that includes a detailed security proof.

Date: received 8 Apr 2012, last revised 13 Apr 2012

Contact author: christian wachsmann at trust cased de

Available format(s): PDF | BibTeX Citation

Note: Fixed a typo in Figure 3.

Version: 20120413:091122 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]