Session-Key Generation Using Human Passwords Only
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
An Open Mobile Identity Tool: An Architecture for Mobile Identity Management
EuroPKI '08 Proceedings of the 5th European PKI workshop on Public Key Infrastructure: Theory and Practice
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Smudge attacks on smartphone touch screens
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
Privilege escalation attacks on android
ISC'10 Proceedings of the 13th international conference on Information security
SmartTokens: delegable access control with NFC-Enabled smartphones
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Hi-index | 0.00 |
Identity theft has deep impacts in today's mobile ubiquitous environments. At the same time, digital identities are usually still protected by simple passwords or other insufficient security mechanisms. In this paper, we present the TrustID architecture and protocols to improve this situation. Our architecture utilizes a Secure Element (SE) to store multiple context-specific identities securely in a mobile device, e.g., a smartphone. We introduce protocols for securely deriving identities from a strong root identity into the SE inside the smartphone as well as for using the newly derived IDs. Both protocols do not require a trustworthy smartphone operating system or a Trusted Execution Environment. In order to achieve this, our concept includes a secure combined PIN entry mechanism for user authentication, which prevents attacks even on a malicious device. To show the feasibility of our approach, we implemented a prototype running on a Samsung Galaxy SIII smartphone utilizing a microSD card SE. The German identity card nPA is used as root identity to derive context-specific identities.