Key2Share: NFC-enabled smartphone-based access control for enterprises

 

Today’s smartphones offer compelling computing and storage capabilities enabling a variety of mobile applications with enhanced functionality. The integration of new interfaces, in particular near field communication (NFC) opens new business cases such as NFC-based payment solutions, ticketing or access control systems. In our work, we propose a smartphone-based access control solution which can provide advanced features far beyond the conventional systems based on dedicated access tokens, such as keys, smart cards or transponders. Electronic access control tokens can be issued and revoked remotely, delegated to other users or bound to context-aware access control policies. In particular, these features can greatly enhance user's experience in the use cases that require shared access, such access control in enterprise environments to buildings and offices, access of hotel guests to their rooms without check in, luggage storage in train stations or post pack stations. While enabling new usage scenarios, smartphone-based solutions require storing and processing security-critical data on smartphones, making them attractive targets for a variety of attacks. To address new threats, we propose a first open security framework for a smartphone-based NFC-enabled access control system. Unlike to closed and proprietary systems that are often broken, our solution is open and is available for the evaluation by independent researchers. Our framework includes set of secure protocols that are tailored to satisfy resource constraints of NFC, and a security architecture for the mobile platform. We present a prototype implementation of our solution for Android mobile devices. Our prototype implementation targets latest smartphone hardware and a secure microSD card.

 

Speaker: Alexandra Dmitrienko is a research assistant at Fraunhofer Insitute for Secure Information Technology in Darmstadt (Germany). She obtained her MSc in IT-Security from the Saint-Petersburg State Polytechnical University in Russia. Currently she is pursuing her PhD in the area of Secure Mobile Computing. Her research is focused on security aspects of mobile operating systems, such as Android, and secure mobile applications, in particular, online banking, mobile payments, ticketing and access control. Her scientific papers have been published at a number of scientific conferences, including such top-tier venues in security as IEEE Security&Privacy, ACM Communication and Communication Security (ACM CCS) and the Network and Distributed System Security Symposium (NDSS).