Please use this identifier to cite or link to this item:
https://hdl.handle.net/20.500.14279/13994
Title: | Ensuring the authenticity and fidelity of captured photos using trusted execution and mobile application licensing capabilities | Authors: | Papadamou, Kostantinos Samaras, Riginos Sirivianos, Michael |
metadata.dc.contributor.other: | Παπαδάμου, Κωνσταντίνος Σιριβιανός, Μιχάλης Σαμαράς, Ρηγίνος |
Major Field of Science: | Engineering and Technology | Field Category: | Electrical Engineering - Electronic Engineering - Information Engineering | Keywords: | Sensors;Google;Humanoid robots;Androids;Cryptography;Licenses;Servers | Issue Date: | 14-Dec-2016 | Source: | 2016 11th International Conference on Availability, Reliability and Security, (ARES), 31 Aug.-2 Sept. 2016 | Project: | From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control | Conference: | International Conference on Availability, Reliability and Security, ARES | Abstract: | Mobile devices, which users habitually carry along, have become the main data gateway for the majority of the online services. Any device is able to collect at any time various types of data through its sensors. At the same time, modern identification techniques ask users to send photos of their ID documentation in order to be verified by an online service. Those photos are captured by the device's camera and are considered extremely sensitive. They must be secured and establish that they will not be modified. This paper describes a security framework that preserves the authenticity of a captured photo and ensures that it remains intact while transferred to a remote server. The key insight is to use a background service that is tied to the photo-capturing application and uses secure key storing and cryptographic computation capabilities offered by the Trusted Execution Environment (TEE) of commodity Android devices. At the same time, we leverage Playstore's Licencing Verification Library (LVL) to remotely attest the authenticity of the photo-capturing application at registration time. We have implemented our framework as an Android application on a Nexus 5X, which is powered by a Qualcomm processor with ARM TrustZone Technology. The evaluation of our prototype implementation demonstrates the efficacy of the proposed framework in terms of performance overhead and usability. | URI: | https://hdl.handle.net/20.500.14279/13994 | ISSN: | https://api.elsevier.com/content/abstract/scopus_id/85015334516 | DOI: | 10.1109/ARES.2016.83 | Type: | Conference Papers | Affiliation : | Cyprus University of Technology |
Appears in Collections: | Δημοσιεύσεις σε συνέδρια /Conference papers or poster or presentation |
CORE Recommender
SCOPUSTM
Citations
50
3
checked on Nov 6, 2023
Page view(s) 50
368
Last Week
0
0
Last month
11
11
checked on Dec 22, 2024
Google ScholarTM
Check
Altmetric
Items in KTISIS are protected by copyright, with all rights reserved, unless otherwise indicated.