• English
  • Deutsch
  • Log In
    Password Login
    Research Outputs
    Fundings & Projects
    Researchers
    Institutes
    Statistics
Repository logo
Fraunhofer-Gesellschaft
  1. Home
  2. Fraunhofer-Gesellschaft
  3. Konferenzschrift
  4. TrustID: Trustworthy identities for untrusted mobile devices
 
  • Details
  • Full
Options
2014
Conference Paper
Title

TrustID: Trustworthy identities for untrusted mobile devices

Abstract
Identity theft has deep impacts in today's mobile ubiquitous environments. At the same time, digital identities are usually still protected by simple passwords or other insuficient security mechanisms. In this paper, we present the TrustID architecture and protocols to improve this situation. Our architecture utilizes a Secure Element (SE) to store multiple context-specific identities securely in a mobile device, e.g., a smartphone. We introduce protocols for securely deriving identities from a strong root identity into the SE inside the smartphone as well as for using the newly derived IDs. Both protocols do not require a trustworthy smartphone operating system or a Trusted Execution Environment. In order to achieve this, our concept includes a secure combined PIN entry mechanism for user authentication, which prevents attacks even on a malicious device. To show the feasibility of our approach, we implemented a prototype running on a Samsung Galaxy SIII smartphone utilizing a microSD card SE. The German identity card nPA is used as root identity to derive context-specific identities.
Author(s)
Horsch, Julian  
Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC  
Böttinger, Konstantin  
Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC  
Weiß, Michael  
Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC  
Wessel, Sascha  
Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC  
Stumpf, Frederic
Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC  
Mainwork
CODASPY 2014, 4th ACM Conference on Data and Application Security and Privacy. Proceedings  
Conference
Conference on Data and Application Security and Privacy (CODASPY) 2014  
Open Access
DOI
10.24406/publica-r-385328
10.1145/2557547.2557593
File(s)
N-301669.pdf (524.65 KB)
Rights
Under Copyright
Language
English
Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC  
Keyword(s)
  • identity derivation

  • Smartphone

  • mobile security

  • Combined PIN Entry

  • secure element

  • Identity Provider

  • android

  • nPA

  • Cookie settings
  • Imprint
  • Privacy policy
  • Api
  • Contact
© 2024