Mobile Application to Java Card Applet Communication using a Password-authenticated Secure Channel

Michael Hölzl, Endalkachew Asnake, Rene Mayrhofer, Michael Roland

Research output: Chapter in Book/Report/Conference proceedingsConference contributionpeer-review

Abstract

With the increasing popularity of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing, or mobile digital identities, challenges for the protection of personal and security sensitive data of these use cases emerged. A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications. To address this issue we present a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a), an authenticated key agreement protocol, with a user-provided password at run-time. By exploiting the Java Card cryptographic API and minor adaptations to the protocol, which do not affect the security, we were able to implement this scheme on Java Cards with reasonable computation time.

Original languageEnglish
Title of host publication12th International Conference on Advances in Mobile Computing and Multimedia, MoMM 2014
EditorsI-Hsien Ting, Yu-Hui Tao, Matthias Steinbauer, Ismail Khalil, Hsin-Chang Yang, Gabriele Anderst-Kotsis
PublisherACM Press
Pages147-156
Number of pages10
ISBN (Electronic)9781450330084
DOIs
Publication statusPublished - 8 Dec 2014
Event12th International Conference on Advances in Mobile Computing and Multimedia (MoMM 2014) - Kaohsiung, Taiwan, China
Duration: 8 Dec 201410 Dec 2014
http://www.iiwas.org/conferences/momm2014/

Publication series

Name12th International Conference on Advances in Mobile Computing and Multimedia, MoMM 2014

Conference

Conference12th International Conference on Advances in Mobile Computing and Multimedia (MoMM 2014)
CountryChina
CityKaohsiung, Taiwan
Period08.12.201410.12.2014
Internet address

Keywords

  • Java Card
  • Mobile devices
  • Secure channel
  • Secure element
  • Smart card
  • SRP-6a

Fingerprint Dive into the research topics of 'Mobile Application to Java Card Applet Communication using a Password-authenticated Secure Channel'. Together they form a unique fingerprint.

Cite this