When users cannot verify digital signatures: On the difficulties of securing mobile devices

Rene Mayrhofer

Research output: Chapter in Book/Report/Conference proceedingsConference contribution

2 Citations (Scopus)

Abstract

Mobile devices such as smart phones have become one of the preferred means of accessing digital services, both for consuming and creating content. Unfortunately, securing such mobile devices is inherently difficult for a number of reasons. In this paper, we systematically analyze the technical issues of securing mobile device platforms against different threats and discuss a resulting and currently unsolved problem: how to create an end-to-end secure channel between the digital service (e.g. a secure wallet application on an embedded smart card or an infrastructure service connected over wireless media) and the user. Although the problem has been known for years and technical approaches start appearing in products, the user interaction aspects have remained unsolved. We discuss the reasons for this difficulty and suggest potential approaches to create human-verifiable secure communication with components or services within partially untrusted devices.

Original languageEnglish
Title of host publicationProceedings - 2013 IEEE International Conference on High Performance Computing and Communications, HPCC 2013 and 2013 IEEE International Conference on Embedded and Ubiquitous Computing, EUC 2013
PublisherIEEE Computer Society Press
Pages1579-1584
Number of pages6
ISBN (Print)9780769550886
DOIs
Publication statusPublished - 2014
EventFourth IEEE International Symposium on Trust, Security, and Privacy - Zhangjiajie, China, China
Duration: 13 Nov 201315 Nov 2013
http://trust.csu.edu.cn/conference/tsp2013/

Publication series

NameProceedings - 2013 IEEE International Conference on High Performance Computing and Communications, HPCC 2013 and 2013 IEEE International Conference on Embedded and Ubiquitous Computing, EUC 2013

Conference

ConferenceFourth IEEE International Symposium on Trust, Security, and Privacy
Country/TerritoryChina
CityZhangjiajie, China
Period13.11.201315.11.2013
Internet address

Keywords

  • embedded smart card
  • mobile device security
  • secure channel
  • user authentication
  • virtualization

Fingerprint

Dive into the research topics of 'When users cannot verify digital signatures: On the difficulties of securing mobile devices'. Together they form a unique fingerprint.

Cite this