Design of privacy preserving cryptographic protocols for mobile contactless services

Abstract : The increasing number of worldwide mobile platforms and the emergence of new technologies such as the NFC (Near Field Communication) lead to a growing tendency to build a user's life depending on mobile phones. This context brings also new security and privacy challenges. In this thesis, we pay further attention to privacy issues in NFC services as well as the security of the mobile applications private data and credentials namely in Trusted Execution Environments (TEE). We first provide two solutions for public transport use case: an m-pass (transport subscription card) and a m-ticketing validation protocols. Our solutions ensure users' privacy while respecting functional requirements of transport operators. To this end, we propose new variants of group signatures and the first practical set-membership proof that do not require pairing computations at the prover's side. These novelties significantly reduce the execution time of such schemes when implemented in resource constrained environments. We implemented the m-pass and m-ticketing protocols in a standard SIM card: the validation phase occurs in less than 300ms whilst using strong security parameters. Our solutions also work even when the mobile is switched off or the battery is flat. When these applications are implemented in TEE, we introduce a new TEE migration protocol that ensures the privacy and integrity of the TEE credentials and user's private data. We construct our protocol based on a proxy re-encryption scheme and a new TEE model. Finally, we formally prove the security of our protocols using either game-based experiments in the random oracle model or automated model checker of security protocols.
Document type :
Theses
Complete list of metadatas

Cited literature [120 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01280792
Contributor : Abes Star <>
Submitted on : Tuesday, March 1, 2016 - 10:43:31 AM
Last modification on : Thursday, January 17, 2019 - 3:10:02 PM
Long-term archiving on : Tuesday, May 31, 2016 - 11:02:09 AM

File

ghada_arfaoui_3237.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01280792, version 1

Collections

Citation

Ghada Arfaoui. Design of privacy preserving cryptographic protocols for mobile contactless services. Mobile Computing. Université d'Orléans, 2015. English. ⟨NNT : 2015ORLE2013⟩. ⟨tel-01280792⟩

Share

Metrics

Record views

429

Files downloads

849