Embed Size (px)
Citation preview
Key2Share: NFC-enabled Smartphone-based Access Control
Alexandra Dmitrienko
Cyberphysical Mobile Systems Security Group Fraunhofer SIT, Darmstadt
In collaboration with TU Darmstadt, Center for Advanced Security Research in Darmstadt (CASED), Intel Collaborative Research Institute for
Secure Computing (ICRI-SC) at TU-Darmstadt, Bosch Security Systems
+ NFC =
Near Field Communication (NFC) Applications
mPayments
services in one touch
mTicketing
+ NFC =
Why not Using a Smartphone as a Key?
Smartphone as a Door Key
Access control by enterprises to their facilities
Access control in private sector (houses, garages)
4
Access to hotel rooms
5
Smartphone as a Door Key
Smartphone as a Car Key/Immobilizer Fleet management by enterprises
Car sharing with family members or friends
6
Smartphone as a Car Key/Immobilizer
Car sharing by rental/car sharing companies
7
Smartphone for Access to Storage Facilities
Access to safes in hotel rooms
Lockers in luggage storage at train stations/airports
8
DHL packing stations
Smartphone for Access to Storage Facilities
DHL packstations
9
Smartphone for Access to Facilities
E.g., parking houses
10
Usual Keys vs. SmartCards vs. Key2Share
11
Usual Keys SmartCards Key2Share
Distribution Requires physical
access
Requires physical
access
Remote
Revocation Requires physical
access or replacement
of the lock
Remote
Remote
Delegation Not possible Not possible Possible
Context-aware
access (e.g.,
time frame)
Not possible Possible Possible
Key2Share: System Architecture
12
Issuer
Key2Share web-service
Resources
1. Employ the employee/sell the car Users
Delegated users
5. S
har
e ke
y
3. Electronic key issued
4. User Authentication with the issued key
6. User Authentication with the shared key
2. One-time registration
Key Sharing The key to be shared is represented as a QR-code
Can be sent to the recipient per e-mail, MMS or scanned by a camera of another device
QR Code: What’s Inside?
14
Electronic keys of Key2Share are similar to passports
Issued by a central authority Government Enterprise
Issued for a particular entity Citizen Employee
Has binding to an identity of an entity it is issued for
Photo Cryptographic key
bound to the platform
Public (not a secret) Yes Yes (encrypted)
Key2Share Security
Platform Security
15
Secure communication protocols
Protocol Security
16
Well-established cryptographic primitives (AES, SHA-1, RSA)
Formal security proof of the protocols
Formal tool-aided verification of protocols
Platform Security
Different trade-offs between security and requirements to a mobile device
17
Built-in Security Mechanisms of Mobile OS
System level software-based security extensions
Hardware-based security extensions
More secure Less secure
No extra requirements to mobile hardware and system software (e.g., operating system)
Requires update of system software (e.g., OS)
Requires support in hardware. Available only on some mobile platforms
Platform Security
Require support in hardware e.g., Giesecke & Devrient Mobile
Security Card http://www.gd-sfs.com/the-mobile-security-card/
Can be attached to the device via microSD card slot 18
provided by BizzTrust architecture
http://www.bizztrust.de/
Hardware-based security extensions
Software-based security extensions
Supported Platforms
Android NFC-enabled platforms (e.g., Samsung Nexus S, Galaxy S3)
19
Flexible access rights:
policy-based
easy delegation
remote revocation
managable
Summary
Proof of Concept with Bosch Security Systems:
Key2Share as Access Pass
Key2Share as Building Block in Bosch‘s
„Access-Control-as-a-Service“
Compatibility with already deployed
infrastructure (wireless readers, management
software)
Current Work
