Skip to Main content Skip to Navigation
Theses

Design of privacy preserving cryptographic protocols for mobile contactless services

Abstract : The increasing number of worldwide mobile platforms and the emergence of new technologies such as the NFC (Near Field Communication) lead to a growing tendency to build a user's life depending on mobile phones. This context brings also new security and privacy challenges. In this thesis, we pay further attention to privacy issues in NFC services as well as the security of the mobile applications private data and credentials namely in Trusted Execution Environments (TEE). We first provide two solutions for public transport use case: an m-pass (transport subscription card) and a m-ticketing validation protocols. Our solutions ensure users' privacy while respecting functional requirements of transport operators. To this end, we propose new variants of group signatures and the first practical set-membership proof that do not require pairing computations at the prover's side. These novelties significantly reduce the execution time of such schemes when implemented in resource constrained environments. We implemented the m-pass and m-ticketing protocols in a standard SIM card: the validation phase occurs in less than 300ms whilst using strong security parameters. Our solutions also work even when the mobile is switched off or the battery is flat. When these applications are implemented in TEE, we introduce a new TEE migration protocol that ensures the privacy and integrity of the TEE credentials and user's private data. We construct our protocol based on a proxy re-encryption scheme and a new TEE model. Finally, we formally prove the security of our protocols using either game-based experiments in the random oracle model or automated model checker of security protocols.
Document type :
Theses
Complete list of metadatas

Cited literature [120 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01280792
Contributor : Abes Star :  Contact
Submitted on : Tuesday, March 1, 2016 - 10:43:31 AM
Last modification on : Wednesday, November 20, 2019 - 1:42:38 AM
Long-term archiving on: : Tuesday, May 31, 2016 - 11:02:09 AM

File

ghada_arfaoui_3237.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01280792, version 1

Citation

Ghada Arfaoui. Design of privacy preserving cryptographic protocols for mobile contactless services. Mobile Computing. Université d'Orléans, 2015. English. ⟨NNT : 2015ORLE2013⟩. ⟨tel-01280792⟩

Share

Metrics

Record views

532

Files downloads

1135