Security and Privacy in Mobile Embedded Systems

Security and Privacy in Mobile Embedded Systems

Lightweight Anonymous Authentication for Embedded Mobile Devices

The goal of this project is the development of new cryptographic schemes and to prove their security, as well as prototype implementations on both the ARM TrustZone and the Nokia on-Borad Credential plattform.

Although anonymous authentication has been extensively studied, so far no scheme has been widely adopted in practice. A particular issue with fully anonymous authentication schemes is that users cannot easily be prevented from copying and sharing credentials. In this project, we develop anonymous authentication schemes for mobile devices that prevent copying and sharing of credentials based on hardware security features. Our system is an optimized adaptation of an existing direct anonymous attestation (DAA) scheme, specifically designed for resource-constrained mobile devices. Our solution provides (i) anonymity and untraceability of mobile embedded devices against service providers, (ii) secure device authentication even against collusions of malicious service providers, and (iii) allows for revocation of authentication credentials.

This is a joint project with Nokia Research, Helsinki.

Contact: Christian Wachsmann, Ünal Kocabas, Alexandra Dmitrienko