Applying Smart Cards for Security Critical Mobile Applications


In recent years, many service providers have attempted to address and solve security challenges of mobile devices by shifting the main operations and therefore the main trust to backend server systems. While such an approach can help to solve issues of untrustworthy mobile devices, it also raises new security as well as privacy concerns (e.g. central single point of failure, is data protected well and not passed on to third parties, etc.). Solving these challenges by increasing the security and therefore the trust to mobile devices could result in better mobility and a higher level of confidence in security critical applications for end-users as well as service providers. In this dissertation, multiple solutions are presented that improve the security of mobile platforms by making use of tamper resistant hardware on mobile devices. In particular, we use smart cards, a technology which has already been used by many security critical applications (e.g. bank cards, passports, access cards, credit cards, etc.). We present the vision of an open ecosystem for mobile applications to make use of this dedicated hardware in order to protect any kind of sensitive data. Limitations and challenges of such an integration are addressed with solutions to overcome them. In addition, we introduce new techniques that build their trust upon smart cards on mobile devices and help to increase the security of the whole platform as well as applications running on them.

PhD defense
Science Park 3, JKU Linz