When Users Cannot Verify Digital Signatures: On the Difficulties of Securing Mobile Devices

Author

Mayrhofer, Rene

Author_Institution

Univ. of Appl. Sci. Upper Austria, Hagenberg, Austria

fYear

2013

fDate

13-15 Nov. 2013

Firstpage

1579

Lastpage

1584

Abstract

Mobile devices such as smart phones have become one of the preferred means of accessing digital services, both for consuming and creating content. Unfortunately, securing such mobile devices is inherently difficult for a number of reasons. In this paper, we systematically analyze the technical issues of securing mobile device platforms against different threats and discuss a resulting and currently unsolved problem: how to create an end-to-end secure channel between the digital service (e.g. a secure wallet application on an embedded smart card or an infrastructure service connected over wireless media) and the user. Although the problem has been known for years and technical approaches start appearing in products, the user interaction aspects have remained unsolved. We discuss the reasons for this difficulty and suggest potential approaches to create human-verifiable secure communication with components or services within partially untrusted devices.

Keywords

digital signatures; mobile computing; digital services; digital signatures; embedded smart card; end-to-end secure channel; human-verifiable secure communication; infrastructure service; mobile device security platform; partially untrusted devices; user interaction; Hardware; Portable computers; Security; Smart cards; Smart phones; Virtualization; embedded smart card; mobile device security; secure channel; user authentication; virtualization;

fLanguage

English

Publisher

ieee

Conference_Titel

High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing (HPCC_EUC), 2013 IEEE 10th International Conference on

Conference_Location

Zhangjiajie

Type

conf

DOI

10.1109/HPCC.and.EUC.2013.222

Filename

6832104