SmaSA

SmaSA

a research project funded by the BMBF

SmaSA

Smartcard-based security anchors for für Android

Motivation

The increasing usage of smart mobile devices such as mobile phones and tablets for both private and business purposes poses a high risk for enterprises. If these devices are accessed by unauthorized persons or suffer damage due to malware or user errors, the company network might be affected, including the fatal loss of corporate data. These threats can be averted by using a hardware security anchor that allows for securing booting, creating and storing cryptographic keys and identifying applications as secure. In desktop computers and notebooks, this concept is commonly implemented via trusted platform modules (TPM). The project "Smartcard-Based Security Anchors for Android" (SmaSA) focuses on applying this technology to smart mobile devices respectively in a practicable way.

Approach and goals

The aim of this project is to develop methods and software components to improve and enhance hardware-based security anchors specifically for Android operating systems. Since mobile devices are not equipped with a TPM, an additional micro-SD smartcard needs to function as an anchor. In case that individual security components cannot be realized on this card, specific hard- and software concepts such as ARM TrustZone or Java Card can be used alternatively. These technologies enable secure booting for Android devices by authenticating the user prior to the actual booting (pre-boot authentication). If the logon is not successful, the mobile device remains fully encrypted including all applications, data and the operating system. Additionally, it is possible to check the smartphone’s integrity via remote attestation, i. e. having a central authority check the phone on the company’s end (mobile device management component). While remote attestation has been known for computers, it has not yet been used for mobile devices or adapted to their specific needs. Thanks to this project, smartcard-based security applications can also be used on Android, which opens up new fields of application for this kind of technology.

Encrypting the entire system and secure smartcard-based booting help counter many security risks. The security level can be increased by integrating pre-boot authentication into this process, which also protects against unauthorized access. The tools developed in this project are capable of solving this problem for mobile devices via a smartcard or a comparable security module.

The main goals of the SmaSA project include:

  • Developing methods and software components enhancing security anchors to secure key material and booting of smart mobile devices
  • Integrating smartcards as hardware-based security components since mobile devices do not contain hardware security modules (like TPM) as computers do
  • Outsourcing those functional security components that cannot be realized on the smartcard to ARM TrustZone and JavaCard
  • Implementing SecureBoot with pre-boot authentication on BizzTrust

Project organization

SmaSA is a joint research project by Rohde & Schwarz Cybersecurity GmbH and Westphalian University of Applied Sciences with the Institute for Internet Security (Prof. Dr. Norbert Pohlmann). The project is funded by the project owner, the German Federal Ministry of Education and Research (BMBF).

  • Project management: VDI/VDE Innovation + Technik GmbH
  • Consortium: Rohde & Schwarz Cybersecurity GmbH, Westphalian University of Applied Sciences - Institute for Internet Security
  • Project duration: 04/2014–09/2017

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

Marketing permission

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.