Mobile services have already become a corner stone of daily life in many developed and developing countries, ranging from simple, localized tourist guides to city-scale wireless network services and multiple nation-wide mobile payment applications. However, many of these services either offer low security (or, often, none at all) for end users or are too complicated to set up in order to be securely accessible by typical end users. Overcoming these limitations in security and usability offers the potential for future ground-breaking applications towards even better mobility and convergence of devices and end-user services. One of the motivating visions is to – globally, securely, and intuitively usably – substitute current wallets and key chains by suitable services and applications on mobile phones. This includes typical credit, debit, and store card functionality, secure and anonymous cash transactions, locking and unlocking doors and other resources, as well as passports, identity cards, licenses, and insurance cards.
The goals of the Josef Ressel Center for User-friendly Secure Mobile Environments, öffnet eine externe URL in einem neuen Fenster are
- the analysis of security issues in current and future mobile applications
- the design, development, and evaluation of concepts, methods, protocols, and prototypical implementations for addressing them
- communication and co-ordination with industry partners and standardization organizations towards establishing globally accepted standards for secure, interoperable, mobile services.
In addition to academic publications, a specific aim is to produce open source code for user authentication, security-enhancing libraries, and Android system extensions to improve mobile device and application security and usability. Here is a selected list of open source projects initiated by the usmile team:
- CORMORANT: An extensible, risk-aware, multi-modal, crossdevice authentication framework that enables transparent continuous authentication using different biometrics across multiple trusted devices. https://github.com/mobilesec/cormorant, öffnet eine externe URL in einem neuen Fenster
- Panshot face Authentication: face authentication module for the mobilesec Android authentication framework that features 2D frontal-only authentication and additionally showcases panshot face authentication https://github.com/mobilesec/authentication-framework-module-face, öffnet eine externe URL in einem neuen Fenster
- EC-SRP on JavaCards: An implementation of the elliptic curve variant of the Secure Remote Password (SRP-5) password-authenticated secure channel protocol from IEEE Std 1363.2-2008. https://github.com/mobilesec/secure-channel-ec-srp-applet, öffnet eine externe URL in einem neuen Fenster
- Secure Element Emulator: This project aims at emulating a secure element environment for debugging and rapid-prototyping of secure element applets. https://github.com/mobilesec/secure-element-emulator, öffnet eine externe URL in einem neuen Fenster
- GPDroid: Global Platform Card Management Tool using Open Mobile API for Android https://github.com/mobilesec/secure-element-gpdroid, öffnet eine externe URL in einem neuen Fenster
- More projects at https://github.com/mobilesec/, öffnet eine externe URL in einem neuen Fenster