Abstract
With the increasing popularity of security and privacy sensitive systems on mobile devices, such as mobile banking,
mobile credit cards, mobile ticketing, or mobile digital identities, challenges for the protection of personal and security
sensitive data of these use cases emerged. A common approach for the protection of sensitive data is to use additional
hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end
management systems uses strong cryptography. However,
the data transfer between applications on the mobile device
and so-called applets on the dedicated hardware is often
either unencrypted (and interceptable by malicious software)
or encrypted with static keys stored in applications. To
address this issue we present a solution for fine-grained secure application-to-applet communication based on Secure
Remote Password (SRP-6a), an authenticated key agreement
protocol, with a user-provided password at run-time. By
exploiting the Java Card cryptographic API and minor adaptations to the protocol, which do not affect the security, we
were able to implement this scheme on Java Cards with
reasonable computation time.
| Original language | English |
|---|---|
| Title of host publication | Proc. MoMM 2014: 12th International Conference on Advances in Mobile Computing and Multimedia |
| Editors | Yu-Hui Tao, Hsin-Chang Yang, I-Hsien Ting, Matthias Steinbauer, Ismail Khalil, Gabriele Anderst-Kotsis |
| Place of Publication | New York, NY, USA |
| Publisher | ACM Press |
| Pages | 147-156 |
| Number of pages | 10 |
| ISBN (Electronic) | 9781450330084 |
| ISBN (Print) | 978-1-4503-3008-4 |
| DOIs | |
| Publication status | Published - 2014 |
Fields of science
- 102 Computer Sciences
- 102016 IT security
- 102022 Software development
JKU Focus areas
- Engineering and Natural Sciences (in general)