• Login
    View Item 
    •   etd@IISc
    • Division of Electrical, Electronics, and Computer Science (EECS)
    • Computer Science and Automation (CSA)
    • View Item
    •   etd@IISc
    • Division of Electrical, Electronics, and Computer Science (EECS)
    • Computer Science and Automation (CSA)
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    A Trusted-Hardware Backed Secure Payments Platform for Android

    View/Open
    Thesis full text (698.2Kb)
    Author
    Agarwal, Rounak
    Metadata
    Show full item record
    Abstract
    Digital payments using personal electronic devices have been steadily gaining in popularity for the last few years. While digital payments using smartphones are very convenient, they are also more susceptible to security vulnerabilities. Unlike devices dedicated to the purpose of payments (e.g. POS terminals), modern smartphones provide a large attack surface due to the presence of so many apps for various use cases and a complex feature-rich smartphone OS. Because it is the most popular smartphone OS by a huge margin, Android is the primary target of attackers. Although the security guarantees provided by the Android platform have improved significantly with each new release, we still see new vulnerabilities being reported every month. Vulnerabilities in the underlying Linux kernel are particularly dangerous because of their severe impact on app security. To protect against a compromised kernel, some critical functions of the Android platform such as cryptography and local user authentication have been moved to a Trusted Execution Environment (TEE) in the last few releases. But the Android platform does not yet provide a way to protect a user’s confidential input meant for a remote server, or, the server’s confidential output meant for the user, from a compromised kernel. Our work aims to address this gap in Android’s use of TEEs for app security. We have proposed an API that a Trusted App running in a TEE can provide to the untrusted apps running in the REE (Rich Execution Environment).This API will allow app developers to leverage the TEE’s protection for fetching confidential input from and showing confidential output to the user. We have described how this API can be used to implement a secure payment system that can prevent fraudulent transactions even in the presence of a compromised kernel. We have implemented the proposed API on a device with a TEE built on ARM’s TrustZone technology.
    URI
    https://etd.iisc.ac.in/handle/2005/5439
    Collections
    • Computer Science and Automation (CSA) [392]

    etd@IISc is a joint service of SERC & J R D Tata Memorial (JRDTML) Library || Powered by DSpace software || DuraSpace
    Contact Us | Send Feedback | Thesis Templates
    Theme by 
    Atmire NV
     

     

    Browse

    All of etd@IIScCommunities & CollectionsTitlesAuthorsAdvisorsSubjectsBy Thesis Submission DateThis CollectionTitlesAuthorsAdvisorsSubjectsBy Thesis Submission Date

    My Account

    LoginRegister

    etd@IISc is a joint service of SERC & J R D Tata Memorial (JRDTML) Library || Powered by DSpace software || DuraSpace
    Contact Us | Send Feedback | Thesis Templates
    Theme by 
    Atmire NV