research-article

OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android

Authors:

Dominik Schürmann,

Sergej Dechand,

Lars WolfAuthors Info & Claims

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, Volume 1, Issue 3

Article No.: 99, Pages 1 - 24

https://doi.org/10.1145/3130964

Published: 11 September 2017 Publication History

Abstract

While many Android apps provide end-to-end encryption, the cryptographic keys are still stored on the device itself and can thus be stolen by exploiting vulnerabilities. External cryptographic hardware solves this issue, but is currently only used for two-factor authentication and not for communication encryption.

In this paper, we design, implement, and evaluate an architecture for NFC-based cryptography on Android. Our high-level API provides cryptographic operations without requiring knowledge of public-key cryptography. By developing OpenKeychain, we were able to roll out this architecture for more than 100,000 users. It provides encryption for emails, messaging, and a password manager. We provide a threat model, NFC performance measurements, and discuss their impact on our architecture design. As an alternative form factor to smart cards, we created the prototype of an NFC signet ring. To evaluate the UI components and form factors, a lab study with 40 participants at a large company has been conducted. We measured the time required by the participants to set up the system and reply to encrypted emails. These measurements and a subsequent interview indicate that our NFC-based solutions are more user friendly in comparison to traditional password-protected keys.

Supplementary Material

schurmann (schurmann.zip)

Supplemental movie, appendix, image and software files for, OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android

Download
333.92 KB

References

[1]

‘Alex288’. 2014. NFC Smart Card Reader PC/SC Library: Project Description. (2014). Retrieved July 2017 from https://nfcsmartcardreader. codeplex.com

[2]

Android Documentation. 2017. Cipher class. (2017). Retrieved July 2017 from http://developer.android.com/reference/javax/crypto/Cipher.html

[3]

Android Documentation. 2017. Near Field Communication. (2017). Retrieved July 2017 from http://developer.android.com/guide/topics/connectivity/nfc/index.html

[4]

Android Open Source Project. 2017. Nexus Security Bulletins. (2017). Retrieved July 2017 from https://source.android.com/security/bulletin

[5]

Apple Inc. 2017. About Cryptographic Services. (2017). Retrieved July 2017 from https://developer.apple.com/library/ios/documentation/Security/Conceptual/cryptoservices/Introduction/Introduction.html

[6]

Apple Inc. 2017. PassKit Package Format Reference. (2017). Retrieved July 2017 from https://developer.apple.com/library/ios/documentation/UserExperience/Reference/PassKit_Bundle/Chapters/TopLevel.html

[7]

Daniel J. Bernstein, Tanja Lange, and Peter Schwabe. 2012. Progress in Cryptology -- LATINCRYPT 2012: 2nd International Conference on Cryptology and Information Security in Latin America, Santiago, Chile, October 7-10, 2012. Proceedings. Springer Berlin Heidelberg, Berlin, Heidelberg, Chapter The Security Impact of a New Cryptographic Library, 159--176.

[8]

Daniel J. Bernstein, Tanja Lange, and Peter Schwabe. 2012. The Security Impact of a New Cryptographic Library. Springer Berlin Heidelberg, Berlin, Heidelberg, 159--176.

[9]

Nick Berry. 2012. PIN analysis. (Sept. 2012). Retrieved July 2017 from http://datagenetics.com/blog/september32012/index.html

[10]

J. Bonneau, C. Herley, P. C. v. Oorschot, and F. Stajano. 2012. The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. In IEEE Symposium on Security and Privacy. 553--567.

Digital Library

[11]

Bouncy Castle Inc. 2017. The Legion of the Bouncy Castle. (2017). Retrieved July 2017 from http://www.bouncycastle.org

[12]

T. W. C. Brown, T. Diakos, and J. A. Briffa. 2013. Evaluating the eavesdropping range of varying magnetic field strengths in NFC standards. In 7th European Conference on Antennas and Propagation (EuCAP). 3525--3528.

[13]

J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer. 2007. OpenPGP Message Format. RFC 4880 (Proposed Standard). (Nov. 2007).

[14]

‘Cane’, ‘Topo’, and ‘Orso’. 2017. Privacy-Handbuch: GnuPG-SmartCard und NitroKey. (2017). Retrieved July 2017 from https: //www.privacy-handbuch.de/handbuch_32r.htm

[15]

Qi Alfred Chen, Zhiyun Qian, and Z. Morley Mao. 2014. Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks. In 23rd USENIX Security Symposium (USENIX Security). USENIX Association, San Diego, CA, 1037--1052.

Digital Library

[16]

Yongsoon Choi, Jordan Tewell, Yukihiro Morisawa, Gilang A. Pradana, and Adrian David Cheok. 2014. Ring*U: A Wearable System for Intimate Communication Using Tactile Lighting Expressions. In Proceedings of the 11th Conference on Advances in Computer Entertainment Technology (ACE ’14). ACM, Article 63, 4 pages.

Digital Library

[17]

Brett Cooley, Haining Wang, and Angelos Stavrou. 2014. Activity Spoofing and Its Defense in Android Smartphones. Springer International Publishing, Cham, 494--512.

[18]

Stephen M. Curry. 1998. An introduction to the Java Ring. (April 1998). Retrieved July 2017 from http://www.javaworld.com/article/2076641/learn-java/an-introduction-to-the-java-ring.html

[19]

Ronald Dekker. 2017. A Simple Method to Measure Unknown Inductors. (2017). Retrieved July 2017 from http://www.dos4ever.com/inductor/inductor.html

[20]

Frank Denis. 2017. The Sodium crypto library (libsodium). (2017). Retrieved July 2017 from https://libsodium.org

[21]

Arkajit Dey and Stephen Weis. 2008. Keyczar: A Cryptographic Toolkit. (Aug. 2008). Retrieved July 2017 from http://keyczar.googlecode.com/files/keyczar05b.pdf

[22]

W. Diao, X. Liu, Z. Li, and K. Zhang. 2016. No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis. In IEEE Symposium on Security and Privacy (SP). 414--432.

[23]

ECMA International. 2015. NFC-SEC-01: NFC-SEC Cryptography Standard using ECDH and AES, 4rd edition. ECMA-386. (June 2015). http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-386.pdf

[24]

ECMA International. 2015. NFC-SEC: NFCIP-1 Security Services and Protocol, 4rd edition. ECMA-385. (June 2015). http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-385.pdf

[25]

Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. 2013. An Empirical Study of Cryptographic Misuse in Android Applications. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS ’13). ACM, 73--84.

Digital Library

[26]

Rebecca Ehlers, Thorsten Ehlers, Werner Koch, and Matthias Kirschner. 2006. The GnuPG Smartcard HOWTO. (June 2006). Retrieved July 2017 from https://www.gnupg.org/howtos/card-howto/en/smartcard-howto.html

[27]

Nikolay Elenkov. 2014. Android Security Internals: An In-Depth Guide to Android’s Security Architecture. No Starch Press.

Digital Library

[28]

M. Elkins, D. Del Torto, R. Levien, and T. Roessler. 2001. MIME Security with OpenPGP. RFC 3156 (Proposed Standard). (Aug. 2001).

Digital Library

[29]

Sascha Fahl, Marian Harbach, Thomas Muders, Lars Baumgärtner, Bernd Freisleben, and Matthew Smith. 2012. Why Eve and Mallory love Android: An analysis of Android SSL (in) security. In Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 50--61.

Digital Library

[30]

Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith, and Uwe Sander. 2012. Helping Johnny 2.0 to Encrypt His Facebook Conversations. In Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS ’12). ACM, Article 11, 17 pages.

Digital Library

[31]

Sascha Fahl, Marian Harbach, Henning Perl, Markus Koetter, and Matthew Smith. 2013. Rethinking SSL Development in an Appified World. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS ’13). ACM, 49--60.

Digital Library

[32]

Fidesmo. 2017. Card App Store. (2017). Retrieved July 2017 from http://www.fidesmo.com

[33]

‘Fluffy’. 2017. OpenPGP-Card. (2017). Retrieved July 2017 from https://github.com/FluffyKaon/OpenPGP-Card

[34]

Lishoy Francis, Gerhard Hancke, Keith Mayes, and Konstantinos Markantonakis. 2010. Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones. Springer Berlin Heidelberg, Berlin, Heidelberg, 35--49.

[35]

Simson L. Garfinkel, David Margrave, Jeffrey I. Schiller, Erik Nordlander, and Robert C. Miller. 2005. How to Make Secure Email Easier to Use. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’05). ACM, 701--710.

Digital Library

[36]

Simson L. Garfinkel and Robert C. Miller. 2005. Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express. In Proceedings of the 2005 Symposium on Usable Privacy and Security (SOUPS ’05). ACM, 13--24.

Digital Library

[37]

GitHub. 2017. OpenSC/OpenSC. (2017). Retrieved July 2017 from https://github.com/OpenSC/OpenSC

[38]

GNOME. 2014. Keyring. (2014). Retrieved July 2017 from https://wiki.gnome.org/action/show/Projects/GnomeKeyring

[39]

GNOME. 2014. Seahorse Roadmap. (2014). Retrieved July 2017 from https://wiki.gnome.org/Apps/Seahorse/Roadmap

[40]

GnuPG authors. 2017. Appendix A The GnuPG UI Server Protocol. (2017). Retrieved July 2017 from https://www.gnupg.org/documentation/manuals/gpgme/UI-Server-Protocol.html

[41]

GnuPG authors. 2017. GPA-The Gnu Privacy Assistant. (2017). Retrieved July 2017 from https://www.gnupg.org/software/gpa/index.html

[42]

Ernst Haselsteiner and Klemens Breitfuß. 2006. Security in Near Field Communication (NFC). In Printed Handout of Workshop on RFID Security (RFIDSec). Philips Semiconductors.

[43]

Mario Heiderich, Jann Horn, Abraham Aranguren, Jonas Magazinius, and Dario Weißer. 2015. Pentest-Report OpenKeychain. (Aug. 2015). https://cure53.de/pentest-report_openkeychain.pdf.

[44]

Sture Holm. 1979. A simple sequentially rejective multiple test procedure. Scandinavian journal of statistics (1979), 65--70.

[45]

Michael Hölzl, Endalkachew Asnake, René Mayrhofer, and Michael Roland. 2014. Mobile Application to Java Card Applet Communication using a Password-authenticated Secure Channel. In 12th International Conference on Advances in Mobile Computing and Multimedia (MoMM). ACM Press, New York, NY, USA, 147--156.

Digital Library

[46]

Identiv. 2015. uTrust 2910 R Data Sheet. (Feb. 2015). http://www.identiv.com/pdf/technicaldata/technical-datasheets/uTrust_2910R_Reader_DS_2015_02.pdf

[47]

ISO/IEC. 2008. ISO/IEC 14443-4: Identification cards -- Contactless integrated circuit cards -- Proximity cards -- Part 4: Transmission protocol.

[48]

ISO/IEC. 2013. ISO/IEC 7816-4: Identification cards -- Integrated circuit cards -- Part 4: Organization, security and commands for interchange.

[49]

A. K. Jain, A. Ross, and S. Pankanti. 2006. Biometrics: a tool for information security. IEEE Transactions on Information Forensics and Security 1, 2 (June 2006), 125--143.

Digital Library

[50]

KDE. 2017. Kleopatra - Certificate Manager and Unified Crypto GUI. (2017). Retrieved July 2017 from https://www.kde.org/applications/utilities/kleopatra/

[51]

Henning Kortvedt and S Mjolsnes. 2009. Eavesdropping near field communication. In The Norwegian Information Security Conference (NISK), Vol. 27.

[52]

Juan Lang, Alexei Czeskis, Dirk Balfanz, Marius Schilder, and Sampath Srinivas. 2017. Security Keys: Practical Cryptographic Second Factors for the Modern Web. Springer Berlin Heidelberg, Berlin, Heidelberg, 422--440.

[53]

Frederic Lardinois. 2015. Google And Samsung Will Now Release Monthly OTA Android Security Updates. (Aug. 2015). http://techcrunch.com/2015/08/05/google-and-samsung-will-now-release-monthly-ota-android-security-updates

[54]

Shrirang Mare, Mary Baker, and Jeremy Gummeson. 2016. A Study of Authentication in Daily Life. In Twelfth Symposium on Usable Privacy and Security (SOUPS). USENIX Association, Denver, CO, 189--206.

[55]

Mario Heiderich and Krzysztof Kotowicz. 2013. Pentest-Report Mailvelope 12.2012 - 02.2013. (2013). Retrieved July 2017 from https://cure53.de/pentest-report_mailvelope.pdf

[56]

Mindi McDowell, Jason Rafail, and Shawn Hernan. 2009. Cyber Security Tip ST04-002. US-CERT. (2009). Retrieved July 2017 from http://www.us-cert.gov/cas/tips/ST04-002.html

[57]

Kenneth O McGraw and SP Wong. 1992. A common language effect size statistic. Psychological bulletin 111, 2 (1992), 361.

[58]

John McLear. 2013. NFC Ring - One Smart Ring, Unlimited Possibilities. (July 2013). Retrieved July 2017 from https://www.kickstarter.com/projects/mclear/nfc-ring

[59]

Maryam Mehrnezhad, Mohammed Aamir Ali, Feng Hao, and Aad van Moorsel. 2016. NFC Payment Spy: A Privacy Attack on Contactless Payments. Springer International Publishing, Cham, 92--111.

[60]

MOTA. 2017. MOTA DOI SmartRing. (2017). Retrieved July 2017 from http://shop.mota.com/mota-doi-smartring.html

[61]

Nitrokey. 2017. OpenPGP support. (2017). Retrieved July 2017 from https://github.com/Nitrokey

[62]

Nitrokey. 2017. Secure your digital life. (2017). Retrieved July 2017 from https://www.nitrokey.com

[63]

NXP Semiconductors. 2010. AN1445: Antenna design guide for MFRC52x, PN51x and PN53x. (Oct. 2010). http://data.nxp.com/doc/published_files/1270733179751

[64]

OpenIntents. 2017. Where applications unite. (2017). Retrieved July 2017 from http://www.openintents.org

[65]

OpenKeychain. 2017. Easy PGP. (2017). Retrieved July 2017 from https://www.openkeychain.org

[66]

OpenSSL. 2016. Libcrypto API. (2016). Retrieved July 2017 from https://wiki.openssl.org/index.php/Libcrypto_API

[67]

Celeste Lyn Paul, Emile Morse, Aiping Zhang, Yee-Yin Choong, and Mary Theofanos. 2011. A field study of user behavior and perceptions in smartcard authentication. In Human-Computer Interaction--INTERACT 2011. Springer, 1--17.

Digital Library

[68]

A. Pietig. 2009. Functional Specification of the OpenPGP application on ISO Smart Card Operating Systems. (April 2009). http://www.g10code.com/docs/openpgp-card-3.0.pdf

[69]

Precise Biometrics. 2017. Smart Card Readers for Convenient and Secure Access. (2017). Retrieved July 2017 from http://precisebiometrics.com/smart-card-reader

[70]

Chuangang Ren, Yulong Zhang, Hui Xue, Tao Wei, and Peng Liu. 2015. Towards Discovering and Understanding Task Hijacking in Android. In 24th USENIX Security Symposium (USENIX Security 15). USENIX Association, Washington, D.C., 945--959.

Digital Library

[71]

Arne Renkema-Padmos, Jerome Baum, Melanie Volkamer, and Karen Renaud. 2014. Shake Hands to Bedevil: Securing Email with Wearable Technology. In Proceedings of the Eighth International Symposium on. Human Aspects of Information Security 8 Assurance (HAISA 2014). 90--100.

[72]

Research In Motion Limited. 2007. Smart Card Security Solved: The BlackBerry Smart Card Reader. (2007). Retrieved July 2017 from http://www.blackberry.com/newsletters/connection/it/i5-2007/smart-card-reader.shtml

[73]

RINGLY. 2017. Smart Jewelry and Accessories. (2017). Retrieved July 2017 from https://ringly.com

[74]

Michael Roland and Michael Hölzl. 2015. Evaluation of Contactless Smartcard Antennas. (July 2015). http://arxiv.org/abs/1507.06427

[75]

Martina Angela Sasse. 2005. Usability and trust in information systems. In Trust and Crime in Information Societies, R Mansell and B Collins (Eds.). Edward Elgar, Cheltenham, UK, 319--348.

[76]

Florian Schmaus, Dominik Schürmann, and Vincent Breitmoser. 2016. XEP-0373: OpenPGP for XMPP. Technical Report. XMPP Standards Foundation, http://xmpp.org/extensions/xep-0373.html.

[77]

Florian Schmaus, Dominik Schürmann, and Vincent Breitmoser. 2016. XEP-0374: OpenPGP for XMPP Instant Messaging. Technical Report. XMPP Standards Foundation, http://xmpp.org/extensions/xep-0374.html.

[78]

Dominik Schürmann and Lars Wolf. 2016. Surreptitious Sharing on Android. In Sicherheit 2016 (Lecture Notes in Informatics), Vol. P-256. Gesellschaft für Informatik, Bonn, Germany, 137--148. http://www.ibr.cs.tu-bs.de/papers/schuermann-sicherheit2016.pdf

[79]

Dennis D Strouble, GM Schechtman, and Alan S Alsop. 2009. Productivity and usability effects of using a two-factor security system. Proceedings of SAIS (2009), 196--201.

[80]

Michael Tunstall. 2006. Attacks on Smart Cards. (2006). http://www.cs.bris.ac.uk/home/tunstall/presentation/AttacksonSmartCards.pdf

[81]

Alma Whitten and J. Doug Tygar. 1999. Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0. In Proceedings of the 8th Conference on USENIX Security Symposium - Volume 8 (SSYM’99). USENIX Association.

Digital Library

[82]

Meng Xu, Chengyu Song, Yang Ji, Ming-Wei Shih, Kangjie Lu, Cong Zheng, Ruian Duan, Yeongjin Jang, Byoungyoung Lee, Chenxiong Qian, Sangho Lee, and Taesoo Kim. 2016. Toward Engineering a Secure Android Ecosystem: A Survey of Existing Techniques. ACM Comput. Surv. 49, 2, Article 38 (Aug. 2016), 47 pages.

Digital Library

[83]

Yubico. 2017. Trust the Net with YubiKey Strong Two-Factor Authentication. (2017). Retrieved July 2017 from https://www.yubico.com

[84]

Yubico. 2017. YubiKey NEO’s OpenPGP app. (maintained fork of “Java Card OpenPGP Card”). (2017). Retrieved July 2017 from https://github.com/Yubico/ykneo-openpgp

[85]

Zimperium. 2015. Experts Found a Unicorn in the Heart of Android. (July 2015). Retrieved July 2017 from https://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android

Cited By

Stigberg SHenze NWoźniak PVäänänen KWilliamson JSchneegass S(2017)A critical review on participation in mobile interaction design researchProceedings of the 16th International Conference on Mobile and Ubiquitous Multimedia10.1145/3152832.3156629(345-354)Online publication date: 26-Nov-2017
https://dl.acm.org/doi/10.1145/3152832.3156629

Index Terms

OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android
1. Human-centered computing
  1. Ubiquitous and mobile computing
    1. Ubiquitous and mobile devices
      1. Mobile devices
2. Security and privacy

Recommendations

Design of a lightweight two-factor authentication scheme with smart card revocation

Smart card based authentication schemes present user-friendly and secure communication mechanism over insure public channel. Recently, Li et al. designed an authentication scheme with pre-smart card authentication to present efficient login phase and ...
Using NFC phones for proving credentials
MMB'12/DFT'12: Proceedings of the 16th international GI/ITG conference on Measurement, Modelling, and Evaluation of Computing Systems and Dependability and Fault Tolerance

In this paper we propose a new solution for mobile payments called Tap2 technology. To use it, users need only their NFC-enabled mobile phones and credentials implemented on their smart cards. An NFC device acts like a bridge between service providers ...
Robust smart-card-based remote user password authenticationscheme

Smart-card-based remote user password authentication schemes are commonly used for providing authorized users a secure method for remotely accessing resources over insecure networks. In 2009, Xu etal. proposed a smart-card-based password authentication ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies Volume 1, Issue 3

September 2017

2023 pages

EISSN:2474-9567

DOI:10.1145/3139486

Issue’s Table of Contents

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 September 2017

Accepted: 01 July 2017

Received: 01 May 2017

Published in IMWUT Volume 1, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
369
Total Downloads

Downloads (Last 12 months)20
Downloads (Last 6 weeks)1

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Stigberg SHenze NWoźniak PVäänänen KWilliamson JSchneegass S(2017)A critical review on participation in mobile interaction design researchProceedings of the 16th International Conference on Mobile and Ubiquitous Multimedia10.1145/3152832.3156629(345-354)Online publication date: 26-Nov-2017
https://dl.acm.org/doi/10.1145/3152832.3156629

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents