Publications

Abstract

Anforderungen an Datenschutz und Informationssicherheit, aber auch an Datenaktualität und Vereinfachung bewirken einen kontinuierlichen Trend hin zu plattformübergreifenden ID-Systemen für die digitale Welt. Das sind typischerweise föderierte Single-Sign-On-Lösungen großer internationaler Konzerne wie Apple, Facebook und Google. Dieser Beitrag beleuchtet die Frage, wie ein dezentrales, offenes, globales Ökosystem nach dem Vorbild des Single-Sign-On für die digitale, biometrische Identifikation in der physischen Welt aussehen könnte. Im Vordergrund steht dabei die implizite Interaktion mit vorhandener Sensorik, mit der Vision, dass Individuen in der Zukunft weder Plastikkarten noch mobile Ausweise am Smartphone mit sich führen müssen, sondern ihre Berechtigung für die Nutzung von Diensten rein anhand ihrer biometrischen Merkmale nachweisen können. Während diese Vision bereits jetzt problemlos durch Systeme mit einer zentralisierten Datenbank mit umfangreichen biometrischen Daten aller Bürger*innen möglich ist, wäre ein Ansatz mit selbstverwalteten, dezentralen digitalen Identitäten erstrebenswert, bei dem die Nutzer*in in den Mittelpunkt der Kontrolle über ihre eigene digitale Identität gestellt wird und die eigene digitale Identität an beliebigen Orten hosten kann. Anhand einer Analyse des Zielkonflikts zwischen umfangreichem Privatsphäreschutz und Praktikabilität, und eines Vergleichs der Abwägung dieser Ziele mit bestehenden Ansätzen für digitale Identitäten wird ein Konzept für ein dezentrales, offenes, globales Ökosystem zur privaten, digitalen Authentifizierung in der physischen Welt abgeleitet.

Abstract (English)

Requirements on data privacy and information security, as well as data quality and simplification, cause a continuous trend towards federated identity systems for the digital world. These are often the single sign-on platforms offered by large international companies like Apple, Facebook and Google. This article evaluates how a decentralized, open, and global ecosystem for digital biometric identification in the physical world could be designed based on the model of federated single sign-on. The main idea behind such a concept is implicit interaction with existing sensors, in order to get rid of plastic cards and smartphone-based mobile IDs in a far future. Instead, individuals should be capable of proving their permissions to use a service solely based on their biometrics. While this vision is already proven feasible using centralized databases collecting biometrics of the whole population, an approach based on self-sovereign, decentralized digital identities would be favorable. In the ideal case, users of such a system would retain full control over their own digital identity and would be able to host their own digital identity wherever they prefer. Based on an analysis of the trade-off between privacy and practicability, and a comparison of this trade-off with observable design choices in existing digital ID approaches, we derive a concept for a decentralized, open, and global-scale ecosystem for private digital authentication in the physical world.

Abstract

Biometrics are one of the most privacy-sensitive data. Ubiquitous authentication systems with a focus on privacy favor decentralized approaches as they reduce potential attack vectors, both on a technical and organizational level. The gold standard is to let the user be in control of where their own data is stored, which consequently leads to a high variety of devices used. Moreover, in comparison with a centralized system, designs with higher end-user freedom often incur additional network overhead. Therefore, when using face recognition for biometric authentication, an efficient way to compare faces is important in practical deployments, because it reduces both network and hardware requirements that are essential to encourage device diversity. This paper proposes an efficient way to aggregate embeddings used for face recognition based on an extensive analysis on different datasets and the use of different aggregation strategies. As part of this analysis, a new dataset has been collected, which is available for research purposes. Our proposed method supports the construction of massively scalable, decentralized face recognition systems with a focus on both privacy and long-term usability.

Abstract

Digital identity documents provide several key benefits over physical ones. They can be created more easily, incur less costs, improve usability and can be updated if necessary. However, the deployment of digital identity systems does come with several challenges regarding both security and privacy of personal information. In this paper, we highlight one challenge that digital identity system face if they are set up in a distributed fashion: Network Unlinkability. We discuss why network unlinkability is so critical for a distributed digital identity system that wants to protect the privacy of its users and present a specific definition of unlinkability for our use-case. Based on this definition, we propose a scheme that utilizes the Tor network to achieve the required level of unlinkability by dynamically creating onion services and evaluate the feasibility of our approach by measuring the deployment times of onion services.

Abstract

Abbuchen von Geld im “Vorbeigehen”, Auslesen/Kopieren von Karten durch kurzes Auflegen eines Smartphone, Mithören von Transaktionen aus der Ferne; all das sind häufig genannte Angriffsszenarien im Zusammenhang mit Near-Field-Communication-(NFC-)Zahlungen. Doch stellen diese Szenarien ein ernsthaftes Sicherheitsrisiko dar? Gibt es weitere kritische Sicherheitsaspekte? Unterscheiden sich Zahlungen mit der Plastikkarte dahingehend von jenen mit dem Smartphone? Der nachfolgende Beitrag gibt einen Überblick über NFC-Zahlungen und deren potenzielle Sicherheitsrisiken.

Abstract

In current single sign-on authentication schemes on the web, users are required to interact with identity providers securely to set up authentication data during a registration phase and receive a token (credential) for future access to services and applications. This type of interaction can make authentication schemes challenging in terms of security and availability. From a security perspective, a main threat is theft of authentication reference data stored with identity providers. An adversary could easily abuse such data to mount an offline dictionary attack for obtaining the underlying password or biometric. From a privacy perspective, identity providers are able to track user activity and control sensitive user data. In terms of availability, users rely on trusted third-party servers that need to be available during authentication. We propose a novel decentralized privacy-preserving single sign-on scheme through the Decentralized Anonymous Multi-Factor Authentication (DAMFA), a new authentication scheme where identity providers no longer require sensitive user data and can no longer track individual user activity. Moreover, our protocol eliminates dependence on an always-on identity provider during user authentication, allowing service providers to authenticate users at any time without interacting with the identity provider. Our approach builds on threshold oblivious pseudorandom functions (TOPRF) to improve resistance against offline attacks and uses a distributed transaction ledger to improve availability. We prove the security of DAMFA in the universal composibility (UC) model by defining a UC definition (ideal functionality) for DAMFA and formally proving the security of our scheme via ideal-real simulation. Finally, we demonstrate the practicability of our proposed scheme through a prototype implementation.

Abstract

Providing methods to anonymously validate user identity is essential in many applications of electronic identity (eID) systems. A feasible approach to realize such a privacy-preserving eID is the usage of group signature protocols or pseudonym-based signatures. However, providing a revocation mechanism that preserves privacy is often the bottleneck for the scalability of such a system. In order to bridge this gap between practicability and privacy, we propose a new pseudonym-based mobile eID signature scheme suitable for smart cards and secure elements that also enables efficient and scalable revocation checks. By using a pseudorandom function, we derive one-time verification tokens used for identity verification as well as revocation checks and generate proofs of validity using a new method referred to as disposable dynamic accumulators. Our scheme preserves unlinkability and anonymity of the eID holder even beyond revocation and does not require online connectivity to a trusted party for verification and revocation checks.

Abstract

Traditional authentication methods (e.g., password, PIN) often do not scale well to the context of mobile devices in terms of security and usability. However, the adoption of Near Field Communication (NFC) on a broad range of smartphones enables the use of NFC-enabled tokens as an additional authentication factor. This additional factor can help to improve the security, as well as usability of mobile apps. In this paper, we evaluate the use of different types of existing NFC tags as tokens for establishing authenticated secure sessions between smartphone apps and web services. Based on this evaluation, we present two concepts for a user-friendly secure authentication mechanism for mobile apps, the Protecting Touch (PT) architectures. These two architectures are designed to be implemented with either end of the spectrum of inexpensive and widely-available NFC tags while maintaining a reasonable trade-off between security, availability and cost.

Abstract

Purpose: The usage of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing, or mobile digital identities, has continuously risen in recent years. This development makes the protection of personal and security sensitive data on mobile devices more important than ever.

Design/methodology/approach: A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications.

Findings: To address this issue we present a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a and SRP-5), an authenticated key agreement protocol, with a user-provided password at run-time.

Originality/value: By exploiting the Java Card cryptographic APIs and minor adaptations to the protocol, which do not affect the security, we are able to implement this scheme on Java Cards with reasonable computation time.

Abstract

Purpose: Today, for developers, it is difficult to get access to an NFC secure element in current smart phones. Moreover, the security constraints of smartcards make in-circuit debugging of applications impractical. Therefore, it would be useful to have an environment that emulates a secure element for rapid prototyping and debugging. This paper addresses the design, implementation, performance and limitations of such an environment.

Design/methodology/approach: Our approach to such an environment is the emulation of Java Card applets on top of non-Java Card virtual machines (e.g. Android Dalvik VM) as this would facilitate the use of existing debugging tools. As the operation principle of the Java Card VM is based on persistent memory technology, the VM and applications running on top of it have a significantly different life-cycle compared to other Java VMs. We evaluate these differences and their impact on Java VM-based Java Card emulation. We compare possible strategies to overcome the problems caused by these differences, propose a possible solution and create a prototypical implementation in order to verify the practical feasibility of such an emulation environment.

Findings: While we found that the Java Card inbuilt persistent memory management is not available on other Java VMs, we present a strategy to model this persistence mechanism on other VMs in order to build a complete Java Card run-time environment on top of a non-Java Card VM. Our analysis of the performance degradation in a prototypical implementation caused by additional effort put into maintaining persistent application state revealed that the implementation of such an emulation environment is practically feasible.

Originality/value: This paper addresses the problem of emulating a complete Java Card run-time environment on top of non-Java Card virtual machines which could open and significantly ease the development of NFC secure element applications.

Abstract

This paper highlights the benefits and drawbacks of NFC’s different operating modes with regard to their usability and security. Based on an analysis of both traditional and new communication concepts for mobile NFC devices, their current availability and, specifically, the features to provide security are evaluated. The result of this evaluation is a comparison between the availability, the usability and the security of NFC’s different operating modes.

Abstract

The underlying paper and investigations deal with the main functionality and physical parameters of contactless smartcard and NFC (Near Field Communication) devices. The specific need of impedance matching for reader devices is pointed out in particular, as the correct matching represents a major performance indicator of the system. Therefore, in a first step, the dedicated parameters are analyzed for a reader device. Based on these insights, detailed analysis of the concept, the implementation and the verification of an automatic impedance matching circuit for NFC antennas with a frequency of 13.56 MHz is given. Besides an introduction to manual tuning and its issues, the fundamental components of an automatic tuning system are outlined. A lab-scaled prototype is built and demonstrated. Finally, the successful operation of this system is tested with several different antennas. Furthermore, the effects of detuning due to dynamic behavior are pointed out, characterizing the need for further investigations.

Abstract

This work provides an assessment of the current state of near field communication (NFC) security, it reports on new attack scenarios, and offers concepts and solutions to overcome any unresolved issues. The work describes application-specific security aspects of NFC based on exemplary use-case scenarios and uses these to focus on the interaction with NFC tags and on card emulation. The current security architectures of NFC-enabled cellular phones are evaluated with regard to the identified security aspects.

Abstract

NFC ist eine systematische Weiterentwicklung von kontaktloser Smartcard- und Reader-Technologie. Das Buch “Anwendungen und Technik von NFC” ist das Standardwerk zur NFC-Technologie. Es bietet einen umfassenden Überblick über Grundlagen, Technik und Anwendungszenarien von NFC. Für Praxis und Ausbildung kann es sowohl als Einführung sowie als Grundlagen- und Nachschlagewerk dienen. Die Autoren stellen anhand der Grundlagen und der Technik die NFC-Technologie und die klassische RFID-Technologie einander gegenüber. Es werden der aktuelle Stand der Normung, die weiterführenden Spezifikationen und die Protokolle ausführlich anhand von zahlreichen Abbildungen erklärt. Besonderes Augenmerk wird auf die Integration von NFC in Mobiltelefone gelegt. Zahlreiche beispielhafte Anwendungen (z.B. Smart Poster, Zahlungsverkehr, Zutritt) geben einen praxisnahen Einblick in die Umsetzung der Technologie und das NFC-Ökosystem mit seiner Vielzahl von Anwendungsmöglichkeiten.

Abstract

Trusting the output of a build process requires trusting the build process itself, and the build process of all inputs to that process, and so on. Cloud build systems, like Nix or Bazel, allow their users to precisely specify the build steps making up the intended software supply chain, build the desired outputs as specified, and on this basis delegate build steps to other builders or fill shared caches with their outputs. Delegating build steps or consuming artifacts from shared caches, however, requires trusting the executing builders, which makes cloud build systems better suited for centrally managed deployments than for use across distributed ecosystems. We propose two key extensions to make cloud build systems better suited for use in distributed ecosystems. Our approach attaches metadata to the existing cryptographically secured data structures and protocols, which already link build inputs and outputs for the purpose of caching. Firstly, we include builder provenance data, recording which builder executed the build, its software stack, and a remote attestation, making this information verifiable. Secondly, we include a record of the outcome of how the builder resolved each dependency. Together, these two measures eliminate transitive trust in software dependencies, by enabling users to perform verification of transitive dependencies independently, and against their own criteria, at time of use. Finally, we explain how our proposed extensions could theoretically be implemented in Nix in the future.

Abstract

Android’s fast-paced development cycles and the large number of devices from different manufacturers do not allow for an easy comparison between different devices’ security and privacy postures. Manufacturers each adapt and update their respective firmware images. Furthermore, images published on OEM websites do not necessarily match those installed in the field. Relevant software security and privacy aspects do not remain static after initial device release, but need to be measured on live devices that receive these updates. There are various potential sources for collecting such attributes, including webscraping, crowdsourcing, and dedicated device farms. However, raw data alone is not helpful in making meaningful decisions on device security and privacy. We make available a website to access collected data. Our implementation focuses on reproducible requests and supports filtering by OEMs, devices, device models, and displayed attributes. To improve usability, we further propose a security score based on the list of attributes. Based on input from Android experts, including a focus group and eight individuals, we have created a method that derives attribute weights from the importance of attributes for mitigating threats on the Android platform. We derive weightings for general use cases and suggest possible examples for more specialist weightings for groups of confidentiality/privacy-sensitive users and integrity-sensitive users. Since there is no one-size-fits-all setting for Android devices, our website provides the possibility to adapt all parameters of the calculated security score to individual needs.

Abstract

With biometric identification systems becoming increasingly ubiquitous, their complexity is escalating due to the integration of diverse sensors and modalities, aimed at minimizing error rates. The current paradigm for these systems involves hard-coded aggregation instructions, presenting challenges in system maintenance, scalability, and adaptability. These challenges become particularly prominent when deploying new sensors or adjusting security levels to respond to evolving threat models.

To address these concerns, this research introduces BioDSSL, a Domain Specific Sensor Language to simplify the integration and dynamic adjustment of security levels in biometric identification systems. Designed to address the increasing complexity due to diverse sensors and modalities, BioDSSL promotes system maintainability and resilience while ensuring a balance between usability and security for specific scenarios.

Furthermore, it facilitates decentralization of biometric identification systems, by improving interoperability and abstraction. Decentralization inherently disperses the concentration of sensitive biometric data across various nodes, which could indirectly enhance privacy protection and limit the potential damage from localized security breaches. Therefore, BioDSSL is not just a technical improvement, but a step towards decentralized, resilient, and more secure biometric identification systems. This approach holds the promise of indirectly improving privacy while enhancing the reliability and adaptability of these systems amidst evolving threat landscapes and technological advancements.

Abstract

Conventional embeddings employed in facial verification systems typically consist of hundreds of floating-point numbers, a widely accepted design paradigm that primarily stems from the swift computation of vector distance metrics for identification and authentication such as the L2 norm. However, the utility of such high-dimensional embeddings can become a potential concern when they are integrated into complex comparative strategies, for example multi-party computations. In this study, we challenge the presumption that larger embedding sizes are always superior and provide a comprehensive analysis of the effects and implications of substantially reducing the dimensions of these embeddings (by a factor of 29). We demonstrate that this dramatic size reduction incurs only a minimal compromise in the quality-performance trade-off. This discovery could lead to enhancements in computation efficiency without sacrificing system performance, potentially opening avenues for more sophisticated and decentral uses of facial verification technology. To enable other researchers to validate and build upon our findings, the Rust code used in this paper has been made publicly accessible and can be found at https://github.com/mobilesec/reduced-embeddings-analysis-icprs.

Abstract

While real-time face recognition has become increasingly popular, its use in decentralized systems and on embedded hardware presents numerous challenges. One challenge is the trade-off between accuracy and inference-time on constrained hardware resources. While achieving higher accuracy is desirable, it comes at the cost of longer inference-time. We first conduct a comparative study on the effect of using different face recognition distance functions and introduce a novel inference-time/accuracy plot to facilitate the comparison of different face recognition models. Every application must strike a balance between inference-time and accuracy, depending on its focus. To achieve optimal performance across the spectrum, we propose a combination of multiple models with distinct characteristics. This allows the system to address the weaknesses of individual models and to optimize performance based on the specific needs of the application.

We demonstrate the practicality of our proposed approach by utilizing two face detection models positioned at either end of the inference-time/accuracy spectrum to develop a multimodel face recognition pipeline. By integrating these models on an embedded device, we are able to achieve superior overall accuracy, reliability, and speed; improving the trade-off between inference-time and accuracy by striking an optimal balance between the performance of the two models, with the more accurate model being utilized when necessary and the faster model being employed for generating fast proposals. The proposed pipeline can be used as a guideline for developing real-time face recognition systems on embedded devices.

Abstract

Current mobile app distribution systems use (asymmetric) digital signatures to ensure integrity and authenticity for their apps. However, there are realistic threat models under which these signatures cannot be fully trusted. One example is an unconsciously leaked signing key that allows an attacker to distribute malicious updates to an existing app; other examples are intentional key sharing as well as insider attacks. Recent app store policy changes like Google Play Signing (and other similar OEM and free app stores like F-Droid) are a practically relevant case of intentional key sharing: such distribution systems take over key handling and create app signatures themselves, breaking up the previous end-to-end verifiable trust from developer to end-user device. This paper addresses these threats by proposing a system design that incorporates transparency logs and end-to-end verification in mobile app distribution systems to make unauthorized distribution attempts transparent and thus detectable. We analyzed the relevant security considerations with regard to our threat model as well as the security implications in the case where an attacker is able to compromise our proposed system. Finally, we implemented an open-source prototype extending F-Droid, which demonstrates practicability, feasibility, and performance of our proposed system.

Abstract

Android’s fast-lived development cycles and increasing amounts of manufacturers and device models make a comparison of relevant security attributes, in addition to the already difficult comparison of features, more challenging. Most smartphone reviews only consider offered features in their analysis. Smartphone manufacturers include their own software on top of the Android Open Source Project (AOSP) to improve user experience, to add their own pre-installed apps or apps from third-party sponsors, and to distinguish themselves from their competitors. These changes affect the security of smartphones. It is insufficient to validate device security state only based on measured data from real devices for a complete assessment. Promised major version releases, security updates, security update schedules of devices, and correct claims on security and privacy of pre-installed software are some aspects, which need statistically significant amounts of data to evaluate. Lack of software and security updates is a common reason for shorter lifespans of electronics, especially for smartphones. Validating the claims of manufacturers and publishing the results creates incentives towards more sustainable maintenance and longevity of smartphones. We present a novel scalable data collection and evaluation framework, which includes multiple sources of data like dedicated device farms, crowdsourcing, and webscraping. Our solution improves the comparability of devices based on their security attributes by providing measurements from real devices.

Abstract

Ubiquitous authentication systems with a focus on privacy favor decentralized approaches as they reduce potential attack vectors, both on a technical and organizational level. The gold standard is to let the user be in control of where their own data is stored, which consequently leads to a high variety of devices used what in turn often incurs additional network overhead. Therefore, when using face recognition, an efficient way to compare faces is important in practical deployments. This paper proposes an efficient way to aggregate embeddings used for face recognition based on an extensive analysis on different datasets and the use of different aggregation strategies. As part of this analysis, a new dataset has been collected, which is available for research purposes. Our proposed method supports the construction of massively scalable, decentralized face recognition systems with a focus on both privacy and long-term usability.

Abstract

This work proposes a modular automation toolchain to analyze current state and over-time changes of reproducibility of build artifacts derived from the Android Open Source Project (AOSP). While perfect bit-by-bit equality of binary artifacts would be a desirable goal to permit independent verification if binary build artifacts really are the result of building a specific state of source code, this form of reproducibility is often not (yet) achievable in practice. Certain complexities in the Android ecosystem make assessment of production firmware images particularly difficult. To overcome this, we introduce “accountable builds” as a form of reproducibility that allows for legitimate deviations from 100 percent bit-by-bit equality. Using our framework that builds AOSP in its native build system, automatically compares artifacts, and computes difference scores, we perform a detailed analysis of differences, identify typical accountable changes, and analyze current major issues leading to non-reproducibility and non-accountability. We find that pure AOSP itself builds mostly reproducible and that Project Treble helped through its separation of concerns. However, we also discover that Google’s published firmware images deviate from the claimed codebase (partially due to side-effects of Project Mainline).

Abstract

Every distributed system needs some way to list its current participants. The Tor network’s consensus is one way of tackling this challenge. But creating a shared list of participants and their properties without a central authority is a challenging task, especially if the system is constantly targeted by state level attackers. This work carefully examines the Tor consensuses created in the last two years, identifies weaknesses that did already impact users and proposes improvements to strengthen the Tor consensus in the future. Our results show undocumented voting behavior by directory authorities and suspicious groups of relays that try to conceal the fact that they are all operated by the same entity.

Abstract

Tor onion services are a challenging research topic because they were designed to reveal as little metadata as possible which makes it difficult to collect information about them. In order to improve and extend privacy protecting technologies, it is important to understand how they are used in real world scenarios. We discuss the difficulties associated with obtaining statistics about V3 onion services and present a way to monitor V3 onion services in the current Tor network that enables us to derive statistically significant information about them without compromising the privacy of individual Tor users. This allows us to estimate the number of currently deployed V3 onion services along with interesting conclusions on how and why onion services are used.

Abstract

Tor onion services utilize the Tor network to enable incoming connections on a device without disclosing its network location. Decentralized systems with extended privacy requirements like metadata-avoiding messengers typically rely on onion services. However, a long-lived onion service address can itself be abused as identifying metadata. Replacing static onion services with dynamic short-lived onion services may by a way to avoid such metadata leakage. This work evaluates the feasibility of short-lived dynamically generated onion services in decentralized systems. We show, based on a detailed performance analysis of the onion service deployment process, that dynamic onion services are already feasible for peer-to-peer communication in certain scenarios.

Abstract

Most state-of-the-art face detection algorithms are usually trained with full-face pictures, without any occlusions. The first novel contribution of this paper is an analysis of the accuracy of three off-the-shelf face detection algorithms (MTCNN, Retinaface, and DLIB) on occluded faces. In order to determine the importance of different facial parts, the face detection accuracy is evaluated in two settings: Firstly, we automatically modify the CFP dataset and remove different areas of each face: We overlay a grid over each face and remove one cell at a time. Similarly, we overlay a rectangle over the main landmarks of a face – eye(s), nose and mouth. Furthermore, we resemble a face mask by overlaying a rectangle starting from the bottom of the face. Secondly, we test the performance of the algorithms on people with real-world face masks. The second contribution of this paper is the discovery of a previously unknown behaviour of the widely used MTCNN face detection algorithm – if there is a face inside another face, MTCNN does not detect the larger face.

Abstract

Token-based authentication is usually applied to enable single-sign-on on the web. In current authentication schemes, users are required to interact with identity providers securely to set up authentication data during a registration phase and receive a token (credential) for future accesses to various services and applications. This type of interaction can make authentication schemes challenging in terms of security and usability. From a security point of view, one of the main threats is the compromisation of identity providers. An adversary who compromises the authentication data (password or biometric) stored with the identity provider can mount an offline dictionary attack. Furthermore, the identity provider might be able to track user activity and control sensitive user data. In terms of usability, users always need a trusted server to be online and available while authenticating to a service provider.

In this paper, we propose a new Decentralized Anonymous Multi-Factor Authentication (DAMFA) scheme where the process of user authentication no longer depends on a trusted third party (the identity provider). Also, service and identity providers do not gain access to sensitive user data and cannot track individual user activity. Our protocol allows service providers to authenticate users at any time without interacting with the identity provider.Our approach builds on a Threshold Oblivious Pseudorandom Function (TOPRF) to improve resistance to offline attacks and uses a distributed transaction ledger to improve usability. We demonstrate practicability of our proposed scheme through a prototype.

Abstract

How can we use digital identity for authentication in the physical world without compromising user privacy? Enabling individuals to – for example – use public transport and other payment/ticketing applications, access computing resources on public terminals, or even cross country borders without carrying any form of physical identity document or trusted mobile device is an important open question. Moving towards such a device-free infrastructure-based authentication could be easily facilitated by centralized databases with full biometric records of all individuals, authenticating and therefore tracking people in all their interactions in both the digital and physical world. However, such centralized tracking does not seen compatible with fundamental human rights to data privacy. We therefore propose a fully decentralized approach to digital user authentication in the physical world, giving each individual better control over their interactions and data traces they leave.

In project Digidow, we assign each individual in the physical world with a personal identity agent (PIA) in the digital world, facilitating their interactions with purely digital or digitally mediated services in both worlds. We have two major issues to overcome. The first is a problem of massive scale, moving from current users of digital identity to the whole global population as the potential target group. The second is even more fundamental: by moving from trusted physical documents or devices and centralized databases to a fully decentralized and infrastructure-based approach, we remove the currently essential elements of trust. In this poster, we present a system architecture to enable trustworthy distributed authentication and a simple, specific scenario to benchmark an initial prototype that is currently under development. We hope to engage with the NDSS community to both present the problem statement and receive early feedback on the current architecture, additional scenarios and stakeholders, as well as international conditions for practical deployment.

Abstract

There is a broad range of existing electronic identity (eID) systems which provide methods to sign documents or authenticate to online services (e.g. governmental eIDs, FIDO). However, these solutions mainly focus on the validation of an identity to a web page. That is, they often miss proper techniques to use them as regular ID cards to digitally authenticate an eID holder to another physical person in the real world. We propose a mobile eID which provides such a functionality and enables extensibility for its use with numerous different public and private services (e.g. for loyalty programs, public transport tickets, student cards), while protecting the privacy of the eID holder. In this paper, we present a general architecture and efficient protocols for such a privacy-preserving mobile eID that allows identity validation in a similar fashion as regular ID cards and makes carrying around various physical cards unnecessary.

Abstract

Providing methods to anonymously validate the user’s identity is essential in many applications of electronic identity (eID) systems. A feasible approach to realize such a privacy-preserving eID is the usage of group signature protocols or pseudonym-based signatures. However, providing a revocation mechanism that preserves privacy is often the bottleneck for the scalability of such schemes. In order to bridge this gap between practicability and privacy, we propose a scalable and efficient revocation scheme suitable for smart cards in a mobile eID architecture. By using a pseudo-random function, we derive one-time revocation tokens for the revocation check and generate proofs of validity using a new method referred to as disposable dynamic accumulators. Our scheme thereby preserves unlinkability and anonymity of the eID holder even beyond revocation and does not require online connectivity to a trusted party for the verification and revocation check.

Abstract

There is a broad range of existing electronic identity (eID) systems which provide methods to sign documents or authenticate to online services (e.g.\ governmental eIDs, FIDO). However, these solutions mainly focus on the validation of an identity to a web page. That is, they lack in providing proper techniques to use them as regular ID cards to digitally authenticate an eID holder to another physical person in the real world. We envision a mobile eID which provides such a functionality and enables extensibility for its use with numerous different public and private services (e.g.\ for loyalty programs, public transport tickets, students cards), while protecting the privacy of the eID holder. In this paper, we present a general architecture and efficient protocols for such a privacy-preserving mobile eID that allows identity validation in a similar fashion as regular ID cards and makes carrying around various physical cards unnecessary.

Abstract

There is a broad range of existing electronic identity (eID) systems which provide methods to sign documents or authenticate to online services (e.g. governmental eIDs, FIDO). However, these solutions mainly focus on the validation of an identity to a backend infrastructure. That is, they lack in providing proper techniques to use them as regular ID cards to digitally authenticate an eID holder to another physical person in the real world. We envision a mobile eID which provides such a functionality and enables extensibility for its use with numerous different public and private services (e.g. for loyalty programs, public transport tickets, students cards), while protecting the privacy of the eID holder. In this paper, we present a general architecture for such a privacy-preserving mobile eID that allows identity validation in a similar fashion as regular ID cards and makes carrying around various physical cards unnecessary.

Abstract

There are many systems that provide users with an electronic identity (eID) to sign documents or authenticate to online services (e.g. governmental eIDs, OpenID). However, current solutions lack in providing proper techniques to use them as regular ID cards that digitally authenticate their holders to another physical person in the real world. We envision a fully mobile eID which provides such functionality in a privacy-preserving manner, fulfills requirements for governmental identities with high security demands (such as driving licenses, or passports) and can be used in the private domain (e.g. as loyalty cards). In this paper, we present potential use cases for such a flexible and privacy-preserving mobile eID and discuss the concept of privacy-preserving attribute queries. Furthermore, we formalize necessary functional, mobile, security, and privacy requirements, and present a brief overview of potential techniques to cover all of them.

Abstract

With the increasing popularity of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing or mobile digital identities, new challenges emerged for the protection of personal data. In new approaches, mobile applications tend to use additional hardware, such as smart cards or secure elements, to address these challenges. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications. To address this issue we present a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a), an authenticated key agreement protocol, with a user-provided password at run-time. By exploiting the Java Card cryptographic API and minor adaptations to the protocol, which do not affect the security, we were able to implement this scheme on Java Cards with reasonable computation time.

Abstract

Creating Java Card applications for Near Field Communication’s card emulation mode requires access to a secure smartcard chip (the secure element). Today, even for development purposes, it is difficult to get access to the secure element in most current smart phones. Therefore, it would be useful to have an environment that emulates a secure element for rapid prototyping and debugging. Our approach to such an environment is emulation of Java Card applets on top of non-Java Card virtual machines (e.g. Android’s Dalvik VM). However, providing a Java Card run-time environment on top of another Java virtual machine faces one big problem: The Java Card virtual machine’s operation principle is based on persistent memory technology. As a result, the VM and the applications that run on top of it have a significantly different life-cycle compared to other Java VMs. Based on specific scenarios for secure element emulators for the Android platform, we evaluate these differences and their impact on Java VM-based Java Card emulation. Further, we propose possible solutions to the problems that arise from these differences in the life-cycles.

Abstract

Insufficient security and privacy on mobile devices have made it difficult to utilize sensitive systems like mobile banking, mobile credit cards, mobile ticketing or mobile passports. Solving these challenges in security and privacy, could result in better mobility and a higher level of confidence for the end-user services in such systems. Our approach for a higher security and privacy level on mobile devices introduces an open ecosystem for tamper resistant hardware. Big advantages of these modules are the protection against unauthorized access and the on-device cryptographic operations they can perform. In this paper, we analyse the requirements and performance restrictions of these hardware modules and present an interface concept for a tight integration of their security features.

Abstract

The ecosystem behind secure elements is complex and prevents average developers from creating secure element applications. In this paper we introduce concepts to overcome these issues. We develop two scenarios for open platforms emulating a secure element for the Android platform. Such an open emulator can be used for debugging and rapid prototyping of secure element applications. Moreover, by trading the secure element’s security and trust for openness, such a platform can be used as a replacement for the secure element for long-term testing and for showcasing of applications.

Abstract

Recent roll-outs of contactless payment infrastructures – particularly in Austria and Germany – have raised concerns about the security of contactless payment cards and Near Field Communication (NFC). There are well-known attack scenarios like relay attacks and skimming of credit card numbers. However, banks and credit card schemes often mitigate these attacks. They explain that attacks are impractical (e.g. in a relay attack an attacker needs to have RF access to a victim’s card while performing a payment transaction) or even impossible (e.g. skimmed data does not contain the dynamic authorization codes that are normally required to perform a payment transaction). This paper introduces an attack scenario on EMV contactless payment cards that permits an attacker to create functional clones of a card that contain the necessary credit card data as well as pre-played authorization codes. The card clones can then be used to perform a limited number of EMV Mag-Stripe transactions at any EMV contactless payment terminal.

Abstract

The recent emergence of Near Field Communication (NFC) enabled smartphones resulted in an increasing interest in NFC security. Several new attack scenarios, using NFC devices either as attack plattform or as device under attack, have been discovered. One of them is the software-based relay attack. In this paper we evaluate the feasibility of the software-based relay attack in an existing mobile contactless payment system. We give an in-depth analysis of Google Wallet’s credit card payment functionality. We describe our prototypical relay system that we used to sucessfully mount the software-based relay attack on Google Wallet. We discuss the practicability and threat potential of the attack and provide several possible workarounds. Finally, we analyze Google’s approach to solving the issue of software-based relay attacks in their recent releases of Google Wallet.

Abstract

Software card emulation is a new approch to advance the interoperability of NFC with legacy contactless smartcard systems. It has been first introduced to NFC-enabled mobile phones by Research In Motion (RIM) on their BlackBerry platform. Software card emulation aims at opening and simplifying the complex and tightly controlled card emulation functionality. While this form of card emulation, that gets rid of the secure element (a device tightly controlled by the ``big players’’), is a great chance for development of innovative NFC applications, it potentially makes card emulation less secure and paves the way for interesting attack scenarios. This paper evaluates the advantages and disadvantages of software card emulation based on existing application scenarios and recent research results.

Abstract

Near Field Communication’s card emulation mode is a way to combine smartcards with a mobile phone. Relay attack scenarios are well-known for contactless smartcards. In the past, relay attacks have only been considered for the case, where an attacker has physical proximity to an NFC-enabled mobile phone. However, a mobile phone introduces a significantly different threat vector. A mobile phone’s permanent connectivity to a global network and the possibility to install arbitrary applications permit a significantly improved relay scenario. This paper presents a relay attack scenario where the attacker no longer needs physical proximity to the phone. Instead, simple relay software needs to be distributed to victims’ mobile devices. This publication describes this relay attack scenario in detail and assesses its feasibility based on measurement results.

Abstract

Near Field Communication’s card emulation mode is a way to put virtual smartcards into mobile phones. A recently launched application is Google Wallet. Google Wallet turns a phone into a credit card, a prepaid card and a tool to collect gift certificates and discounts. Card emulation mode uses dedicated smartcard chips, which are considered to fulfill high security standards. Therefore, card emulation mode is also considered to be safe and secure. However, an NFC-enabled mobile phone introduces a significantly different threat vector. Especially a mobile phone’s permanent connectivity to a global network and the possibility to install arbitrary applications onto smart phones open up for several new attack scenarios. This paper gives an overview of the new risks imposed by mobile connectivity and untrusted mobile phone applications. The various APIs for secure element access on different mobile phone platforms and their access control mechanisms are analyzed. The security aspects of mobile phones are explained. Finally, two practical attack scenarios, a method to perform a denial of service (DoS) attack against a secure element and a method to remotely use the applications on a victims secure element without the victim’s knowledge, are highlighted.

Abstract

The NFC Forum has released a first candidate for their Signature Record Type Definition. This specification adds digital signatures to the NFC Data Exchange Format (NDEF), which is a standardized format for storing formatted data on NFC (Near Field Communication) tags and for transporting data across a peer-to-peer links between NFC devices. With an increasing number of applications of the NFC and NDEF technology, more and more security threats became apparent. The signature record type is supposed to increase security for NDEF application by providing authenticity and integrity to the NDEF data. This paper takes a close look on the recently published Signature Record Type Definition and discusses its various security aspects. First, we introduce the signature record type and its usage. After that, we analyze the security aspects of the current signature method. Finally, we disclose multiple security vulnerabilities of the current Signature Record Type Definition and propose measures to avoid them.

Abstract

Motivation: Die Kraftfahrzeugnutzung nimmt kontinuierlich zu. Während sich dies einerseits positiv auf die Wirtschaft und die Mobilität der Bevölkerung auswirkt, kommt es durch den vermehrten Betrieb der Kraftfahrzeuge zu einem steigenden Energie- und Rohstoffverbrauch und zu einer zunehmenden Umweltbelastung. Diesen Problemen wird durch technologische Entwicklungen, wie z.B. bessere Antriebs- und Abgaskonzepte, entgegengewirkt. Eine Vielzahl an Elektronik- und Softwarekomponenten optimiert heute die verschiedensten Prozesse innerhalb des Automobils. Jedoch geben aktuelle Forschungsergebnisse und Medienberichte Grund zur Besorgnis: Während die Fahrzeugelektronik wesentlich zur Effizienzsteigerung der Kraftfahrzeuge beiträgt, eröffnet diese auch viele Angriffsflächen für Attacken gegen das Automobil, seine Insassen und den Umgebungsverkehr. Durch die weitere Vernetzung werden auch diese Angriffsflächen erweitert.

Ergebnisse: Bei einer zukünftigen Vernetzung des Automobils mit dem Internet könnten NFC-Mobiltelefone eine bedeutende Rolle spielen. Zum einen eröffnet die enge Bindung zwischen dem Benutzer und seinem Mobiltelefon ein großes potential für neue Anwendungen. Zum anderen ermöglicht die Near Field Communication (NFC) Technologie den einfachen Aufbau und die Sicherung der Übertragungskanäle. Zukunftsträchtige Anwendungen sind der Einsatz des Mobiltelefons als Fahrzeugschlüssel, die Personalisierung von Fahrzeugeinstellungen und die gesicherte Übertragung von Fahrinformationen an Verkehrsleitsysteme und Pannenhelfer.

Schlussfolgerung: Durch die NFC-Technologie können viele Vorgänge rund um das Automobil ökonomischer, energieeffizienter und benutzerfreundlicher gestaltet werden. Allerdings öffnen sich durch die Vernetzung des Mobiltelefons mit dem Computersystem des Automobils auch neue Angriffsmöglichkeiten. Aus diesem Grund sind die Betrachtung der Sicherheitsaspekte und die Beseitigung von Sicherheitsrisiken wesentliche Voraussetzungen für die Umsetzung der betrachteten effizienzsteigernden Maßnahmen. Die NFC-Technologie eine vielversprechende Schlüsseltechnologie, die bei der zuverlässigen Realisierung sicherheitskritischer Mobiltelefonapplikationen mitwirken kann.

Abstract

NFC – Near Field Communication – ist eine kontaktlose Übertragungstechnologie, die zukünftig in Mobiltelefonen integriert werden soll. Die Übertragungsdistanzen betragen wenige Zentimeter. Mit einem NFC Telefon können kontaktlose Chipkarten gelesen und beschrieben werden. Gleichzeitig kann das NFC Gerät auch kontaktlose Chipkarten emulieren, um darin Daten – wie eine elektronische Geldbörse, Fahrkarten, Schlüssel – sicher zu verwahren. Externe Lesegeräte sowie die Telefonsoftware selbst können auf diese emulierte Chipkarte zugreifen und bei Vorweisen von Berechtigungen die Daten manipulieren. In diesem Beitrag werden verschiedene Anwendungen der NFC Technologie vorgestellt und die Implementierungen des NFC Feldversuches an der FH Hagenberg beschrieben. Weiters erfolgt eine Bewertung der Ergebnisse und die Analyse der Befragungen der Teilnehmer des Feldversuches.

Abstract

The NFC Data Exchange Format (NDEF) is a standardized format for storing formatted data on NFC (Near Field Communication) tags and for transporting data across a peer-to-peer NFC link. Through NDEF and its various record types, events can be triggered on an NFC device by simply touching an NFC-enabled object. The number of use cases and real applications around NFC and NDEF technology increases continuously. However, existing applications provide hardly any protection against (malicious) manipulation of NDEF data. Digital signatures are a means of providing authenticity and integrity of NDEF data. Therefore, the NFC Forum – which is responsible for the specification of data formats, protocols and applications in regard to the NFC technology – is working on adding digital signatures to their NDEF format. While their signature record type is still in draft status and has not been released to the public, this paper discusses the various aspects of digitally signing NDEF records. First, we introduce the readers to the NFC Data Exchange Format, its use cases and its potential security threats. After that, we describe the potential of digital signatures for NDEF messages. Finally, we discuss the advantages and disadvantages of various ways to digitally sign an NDEF message.

Abstract

The Single Wire Protocol (SWP, ETSI TS 102 613) is intended as direct interface between a mobile phone’s SIM card (UICC) and the mobile phone’s contactless front-end (CLF). The SWP’s final technical specification has just been released. The first devices implementing this communication protocol, mainly in its draft versions, are already in production. As a consequence there will be a demand for a test suite implementing a reference design and test methods for both the SWP master and the SWP slave. With communication protocols it is usually important to debug communication problems between multiple devices. One way to trace and decode the transferred data packets are packet sniffers. These systems contain hardware components and software implementations to wiretap and analyze the physical interface of the connection, to capture the data and to decode the packets into human readable information. The SWP uses a single wire for full-duplex communication between one master and one slave device. While master-to-slave data transfers take place in the voltage domain, slave-to-master data transfers take place in the current domain. In a first step, this paper discusses approaches to intercept the communication on the SWP’s data wire without influencing the actual communication.

The information tapped from the SWP’s data wire is still difficult to be read by hand. Thus, in a second step, a method for retrieving the state of the single wire interface is developed. Moreover, this paper gives an overview on how to decode the data link layer communication from the intercepted data streams.

Abstract

This paper deals with the concept, the implementation and the verification of an automatic impedance matching circuit for NFC antennas with a frequency of 13.56 MHz. Besides an introduction to manual tuning and its issues, the fundamental components of an automatic tuning system are outlined. A lab-scaled prototype is built and demonstrated. In the end, the successful operation of this system is tested with several different antennas.

Abstract

We are very pleased to welcome you to the 2nd ACM Workshop on Wireless Security and Machine Learning. This year’s WiseML is a virtual workshop and we are both excited to try out this workshop format and regretful not to be able to welcome you in the beautiful city of Linz, Austria, due to the ongoing COVID-19 pandemic. ACM WiseML 2020 continues to be the premier venue to bring together members of the AI/ML, privacy, security, wireless communications and networking communities from around the world, and to offer them the opportunity to share their latest research findings in these emerging and critical areas, as well as to exchange ideas and foster research collaborations, in order to further advance the state-of-the-art in security techniques, architectures, and algorithms for AI/ML in wireless communications. The program will be presented online in a single track. WiseML 2020 will be open at no extra cost to everyone and we are trying out new formats such as a mixture of live streams, pre-recorded talks, and interactive Q/A sessions.

Abstract

We are very pleased to welcome you to the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. This year’s WiSec marks the first virtual WiSec conference and we are both excited to try out this conference format and regretful to not be able to welcome you in the beautiful city of Linz, Austria, due to the ongoing SARS-CoV-2 pandemic. ACM WiSec 2020 continues to be the premier venue for research dedicated to all aspects of security and privacy in wireless and mobile networks, their systems, and their applications. The program will be presented online in a single track, along with a poster and demonstration session. WiSec 2020 will be open at no extra cost to everyone and we are trying out new formats such as a mixture of live streams, pre-recorded talks, and interactive Q/A sessions.

Abstract

The recent emergence of Near Field Communication (NFC) enabled smart phones lead to an increasing interest in NFC technology and its applications by equipment manufacturers, service providers, developers, and end-users. Nevertheless, frequent media reports about security and privacy issues of electronic passports, contactless credit cards, asset tracking systems, NFC-enabled mobile phones, and proprietary contactless technologies suggest that NFC is a potentially unsafe technology whose main beneficiaries are thieves. While these weaknesses are often bound to specific applications and products, they boost the fear that NFC technology as a whole is dangerous, threatens our privacy and helps identity theft and fraud. In order to defend their own products and services, manufacturers and service providers often position themselves on the opposite extreme, stating that their products and services incorporate sufficient countermeasures.

This thesis’ aim is to assess the actual state of NFC security, to discover new attack scenarios and to provide concepts and solutions to overcome any identified unresolved issues. Based on exemplary use-case scenarios, application-specific security aspects of NFC are extracted. The current security architectures of NFC-enabled mobile phones are evaluated with regard to the identified security aspects. As a result of the exemplary use-cases, this research focuses on the interaction with NFC tags and on card emulation. For each of these two modes of NFC, this thesis reveals attack scenarios that are possible despite existing security concepts. For the interaction with NFC tags, a new attack scenario is introduced that allows modification of tag content even though its authenticity and integrity were supposedly guaranteed by a digital signature scheme. Moreover, potential privacy issues and remaining problems have been identified in the NFC Forum’s signature scheme specification. For the card emulation scenario, the mobile phone itself is identified as a significant, yet unconsidered, threat. Specifically, the well-known concept of relay attacks on smartcards is extended to the mobile phone platform. By using the phone’s processing capabilities and communication facilities, relay attacks can be mounted in a significantly easier and less obvious way. These assumptions are verified through prototypical implementations. Possible solutions and workarounds to overcome these issues are outlined and evaluated with regard to their advantages and disadvantages.

Abstract

RFID (Radio Frequency Identification) and NFC (Near Field Communication) are wireless data transmission technologies. They are used for the communication with smart cards and mobile devices. Smart cards, NFC devices and their applications are subject to continuous development. The improvement of these technologies and the development of new applications reach a limit defined by the low transmission speed of the currently standardized RFID technology. Current RFID systems have a maximum data rate of 848 kbps. The FIT-IT research project VHD (Very High Datarate) – High Speed Air-Interface and IC Architecture for Contactless Smartcards and NFC – is devoted to eliminating this restraining factor by implementing higher data rates for RFID and NFC systems.

This diploma thesis deals with the development of a “demonstrator” platform, that demonstrates the data transmission with a data rate of up to 6.78 Mbps. Based on an analysis of current concepts and prototypes, new demonstrator hardware is built. A whole data transmission link is implemented on top of this hardware: A PC (personal computer) writes data through a wire-based interface onto a transponder (“chip card”). This transponder transmits the data across the wireless VHD interface to another PC.

The wireless link defines the requirements for an appropriate communication protocol. These requirements are summarized and are, then, used to implement that protocol. Finally, a sample application scenario proves the operability of the demonstrator system. This application scenario demonstrates the transmission of a digital photo across the VHD link.

Abstract

This essay deals with the work during my internship at NXP Semiconductors.

At first this essay gives an insight into the company, Radio Frequency Identification (RFID) and Near Field Communication (NFC). After an introduction to manual impedance matching of antennas to NFC-ICs it finally shows how the hardware and the software of an Automatic-Tuning-Device have been developed.

Abstract

This bachelor’s thesis deals with the structure and the usage of the USB Mass Storage Class. Moreover it introduces drafts for using the USB Mass Storage Class with Atmel’s AVR AT90USB1287 microcontroller.

At first this document gives a brief overview of the structure and the functionality of the Universal Serial Bus. Secondly the USB Mass Storage Class, its applications, its components and several protocols for accessing the data storage are explained. Starting with a summary of the various functionality and the USB controller of the AVR AT90USB1287 this paper describes two drafts for integrating the USB Mass Storage Class into this microcontroller. Therefore it illustrates the handling of Atmel’s USB Firmware Architecture. Finally a description of the fundamental steps towards creating a USB mass storage application completes this bachelor’s thesis.

Abstract

An emerging supply-chain attack due to a backdoor in XZ Utils has been identified. The backdoor allows an attacker to run commands remotely on vulnerable servers utilizing SSH without prior authentication. We have started to collect available information with regards to this attack to discuss current mitigation strategies for such kinds of supply-chain attacks. This paper introduces the critical attack path of the XZ backdoor and provides an overview about potential mitigation techniques related to relevant stages of the attack path.

Abstract

This report summarizes our findings about vulnerabilities in cashIT!, a cash register system implementing the Austrian cash registers security regulation (RKSV). Besides lack of encryption, outdated software components and low-entropy passwords, these weaknesses include a bypass of origin checks (CVE-2023-3654), unauthenticated remote database exfiltration (CVE-2023-3655), and unauthenticated remote code with administrative privileges on the cash register host machines (CVE-2023-3656). Based on our analysis result, these vulnerabilities affect over 200 cash register installations in Austrian restaurants that are accessible over the Internet. In addition, daily cloud backups of more than 300 active cash register installations (and over 600 including historic backups of presumably inactive installations) are freely downloadable from cashIT! servers. These cloud backups contain detailed sales data, user account information (potentially with data about current and former employees), and may contain customer contact information, credentials for the online signature creation unit, and credentials to the backend system of the Austrian card payment processor Hobex.

Abstract

Biometrics are one of the most privacy-sensitive data. Ubiquitous authentication systems with a focus on privacy favor decentralized approaches as they reduce potential attack vectors, both on a technical and organizational level. The gold standard is to let the user be in control of where their own data is stored, which consequently leads to a high variety of devices used. Moreover, in comparison with a centralized system, designs with higher end-user freedom often incur additional network overhead. Therefore, when using face recognition for biometric authentication, an efficient way to compare faces is important in practical deployments, because it reduces both network and hardware requirements that are essential to encourage device diversity. This paper proposes an efficient way to aggregate embeddings used for face recognition based on an extensive analysis on different datasets and the use of different aggregation strategies. As part of this analysis, a new dataset has been collected, which is available for research purposes. Our proposed method supports the construction of massively scalable, decentralized face recognition systems with a focus on both privacy and long-term usability.

Abstract

This work proposes a modular automation toolchain to analyze the current state and measure over-time improvements of reproducibility of the Android Open Source Project (AOSP). While perfect bit-by-bit equality of binary artifacts would be a desirable goal to permit independent verification if binary build artifacts really are the result of building a specific state of source code, this form of reproducibility is often not (yet) achievable in practice. In fact, binary artifacts may require to be designed in a way that makes it impossible to simply detach all sources of non-determinism and all non-reproducible build inputs (such as private signing keys). We introduce “accountable builds” as a form of reproducibility that allows such legitimate deviations from 100 percent bit-by-bit equality. Based on our framework that builds AOSP with its native build system, automatically compares artifacts, and computes difference scores, we perform a detailed analysis of discovered differences, identify typical accountable changes, and analyze current major issues that lead to non-reproducibility. While we find that AOSP currently builds neither fully reproducible nor fully accountable, we derive a trivial weighted change metric to continuously monitor changes in reproducibility over time.

Abstract

Various forms of digital identity increasingly act as the basis for interactions in the “real” physical world. While transactions such as unlocking physical doors, verifying an individual’s minimum age, or proving possession of a driving license or vaccination status without carrying any form of physical identity document or trusted mobile device could be easily facilitated through biometric records stored in centralized databases, this approach would also trivially enable mass surveillance, tracking, and censorship/denial of individual identities.

Towards a vision of decentralized, mobile, private authentication for physical world transactions, we propose a threat model and requirements for future systems. Although it is yet unclear if all threats listed in this paper can be addressed in a single system design, we propose this first draft of a model to compare and contrast different future approaches and inform both the systematic academic analysis as well as a public opinion discussion on security and privacy requirements for upcoming digital identity systems.

Abstract

Contact tracing is one of the main approaches widely proposed for dealing with the current, global SARS-CoV-2 crisis. As manual contact tracing is error-prone and doesn’t scale, tools for automated contact tracing, mainly through smart phones, are being developed and tested. While their effectiveness—also in terms of potentially replacing other, more restrictive measures to control the spread of the virus—has not been fully proven yet, it is critically important to consider their privacy implications from the start. Deploying such tools quickly at mass scale means that early design choices may not be changeable in the future, and potential abuse of such technology for mass surveillance and control needs to be prevented by their own architecture.

Many different implementations are currently being developed, including international projects like PEPP-PT/DP-3T and national efforts like the “Stopp Corona” app published by the Austrian Red Cross. In this report, we analyze an independent implementation called NOVID20 that aims to provide a common framework for on-device contact tracing embeddable in different apps. That is, NOVID20 is an SDK and not a complete app in itself. The initial code drop on Github was released on April 6, 2020, without specific documentation on the intent or structure of the code itself. All our analysis is based on the Android version of this open source code alone. Given the time period, our analysis is neither comprehensive nor formal, but summarizes a first impression of the code.

NOVID20 follows a reasonable privacy design by exchanging only pseudonyms between the phones in physical proximity and recording them locally on-device. However, there is some room for improvement: (a) pseudonyms should be generated randomly on the phone, and not on the server side; (b) transmitted pseudonyms should be frequently rotated to avoid potential correlation; (c) old records should automatically be deleted after the expunge period; (d) absolute location tracking, while handled separately from physical proximity and only optionally released, can be problematic depending on its use—absolute location data must be protected with additional anonymization measures such as Differential Privacy, which are left to the application/server and may, therefore, not be implemented correctly; and (e) device analytics data, while helpful during development and testing, should be removed for real deployments. Our report gives more detailed recommendations on how this may be achieved.

We explicitly note that all of these points can be fixed based on the current design, and we thank the NOVID20 team for openly releasing their code, which made this analysis possible in a shorttime window.

Abstract

This report summarizes our findings regarding a severe weakness in implementations of the Open Mobile API deployed on several Android devices. The vulnerability allows arbitrary code coming from a specially crafted Android application package (APK) to be injected into and executed by the smartcard system service component (the middleware component of the Open Mobile API implementation). This can be exploited to gain elevated capabilities, such as privileges protected by signature- and system-level permissions assigned to this service. The affected source code seems to originate from the SEEK-for-Android open-source project and was adopted by various vendor-specific implementations of the Open Mobile API, including the one that is used on the Nexus 6 (as of Android version 5.1).

Abstract

This report gives an overview of secure element integration into Android devices. It focuses on the Open Mobile API as an open interface to access secure elements from Android applications. The overall architecture of the Open Mobile API is described and current Android devices are analyzed with regard to the availability of this API. Moreover, this report summarizes our efforts of reverse engineering the stock ROM of a Samsung Galaxy S3 in order to analyze the integration of the Open Mobile API and the interface that is used to perform APDU-based communication with the UICC (Universal Integrated Circuit Card). It further provides a detailed explanation on how to integrate this functionality into CyanogenMod (an after-market firmware for Android devices).

Abstract

This report summarizes the results of our evaluation of antennas of contactless and dual interface smartcards and our ideas for user-switchable NFC antennas. We show how to disassemble smartcards with contactless capabilities in order to obtain the bare chip module and the bare antenna wire. We examine the design of various smartcard antennas and present concepts to render the contactless interface unusable. Finally, we present ideas and practical experiments to make the contactless interface switchable by the end-user.

Abstract

This report explains recent developments in relay attacks on contactless smartcards and secure elements. It further reveals how these relay attacks can be applied to the Google Wallet. Finally, it gives an overview of the components and results of a successful attempt to relay an EMV Mag-Stripe transaction between a Google Wallet device and an external card emulator over a wireless network.