SlideShare a Scribd company logo

Access Control in Enterprises with Key2Share

F
Faheem Nadeem

The document discusses 'key2share', a near field communication (NFC)-enabled smartphone access control system developed by a collaboration of various institutions including Fraunhofer SIT. It allows smartphones to function as digital keys for accessing diverse facilities, from hotel rooms and cars to storage units, enabling features like remote revocation and context-aware access. The system's architecture incorporates secure communication protocols, cryptographic measures, and compatibility with existing access control infrastructures.

Technology
1 of 22
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Key2Share: NFC-enabled Smartphone-based Access Control Alexandra Dmitrienko Cyberphysical Mobile Systems Security Group Fraunhofer SIT, Darmstadt In collaboration with TU Darmstadt, Center for Advanced Security Research in Darmstadt (CASED), Intel Collaborative Research Institute for Secure Computing (ICRI-SC) at TU-Darmstadt, Bosch Security Systems
+ NFC = Near Field Communication (NFC) Applications mPayments services in one touch mTicketing
+ NFC = Why not Using a Smartphone as a Key?
Smartphone as a Door Key  Access control by enterprises to their facilities  Access control in private sector (houses, garages) 4
 Access to hotel rooms 5 Smartphone as a Door Key
Smartphone as a Car Key/Immobilizer  Fleet management by enterprises  Car sharing with family members or friends 6
Smartphone as a Car Key/Immobilizer  Car sharing by rental/car sharing companies 7
Smartphone for Access to Storage Facilities  Access to safes in hotel rooms  Lockers in luggage storage at train stations/airports 8 DHL packing stations
Smartphone for Access to Storage Facilities  DHL packstations 9
Smartphone for Access to Facilities  E.g., parking houses 10
Usual Keys vs. SmartCards vs. Key2Share 11 Usual Keys SmartCards Key2Share Distribution Requires physical access Requires physical access Remote Revocation Requires physical access or replacement of the lock Remote Remote Delegation Not possible Not possible Possible Context-aware access (e.g., time frame) Not possible Possible Possible
Key2Share: System Architecture 12 Issuer Key2Share web-service Resources 1. Employ the employee/sell the car Users Delegated users 5.Sharekey 3. Electronic key issued 4. User Authentication with the issued key 6. User Authentication with the shared key 2. One-time registration
Key Sharing  The key to be shared is represented as a QR-code  Can be sent to the recipient per e-mail, MMS or scanned by a camera of another device
QR Code: What’s Inside? 14  Electronic keys of Key2Share are similar to passports Issued by a central authority Government Enterprise Issued for a particular entity Citizen Employee Has binding to an identity of an entity it is issued for Photo Cryptographic key bound to the platform Public (not a secret) Yes Yes (encrypted)
Key2Share Security Platform Security 15 Secure communication protocols
Protocol Security 16 Well-established cryptographic primitives (AES, SHA-1, RSA) Formal security proof of the protocols Formal tool-aided verification of protocols
Platform Security  Different trade-offs between security and requirements to a mobile device 17 Built-in Security Mechanisms of Mobile OS System level software-based security extensions Hardware-based security extensions More secureLess secure No extra requirements to mobile hardware and system software (e.g., operating system) Requires update of system software (e.g., OS) Requires support in hardware. Available only on some mobile platforms
Platform Security  Require support in hardware  e.g., Giesecke & Devrient Mobile Security Card http://www.gd- sfs.com/the-mobile-security- card/  Can be attached to the device via microSD card slot 18  provided by BizzTrust architecture  http://www.bizztrust.de/ Hardware-based security extensions Software-based security extensions
Supported Platforms  Android NFC-enabled platforms (e.g., Samsung Nexus S, Galaxy S3) 19
Flexible access rights:  policy-based  easy delegation  remote revocation  managable Summary
Proof of Concept with Bosch Security Systems:  Key2Share as Access Pass  Key2Share as Building Block in Bosch‘s „Access-Control-as-a-Service“  Compatibility with already deployed infrastructure (wireless readers, management software) Current Work
Thank you alexandra.dmitrienko@sit.fraunhofer.de 22

More Related Content

PPT
Mobile_Security_En
de77
 
PPTX
Secure Element Solutions
Ugo Chirico
 
PPS
Mobile Security Blanco/Ueda
Fernando Blanco
 
PPTX
IoT Armour - Next-gen Zero Trust Cybersecurity for Industry 4.0
Block Armour
 
PDF
Block Armour Zero Trust Solution for Hybrid and Distributed IT environments
Block Armour
 
PPTX
IoT Armour - Next-gen Zero Trust Cybersecurity for Industry 4.0 Architecture
Block Armour
 
PDF
WISekey IoT Technologies Presentation
Creus Moreira Carlos
 
PPTX
Zero Trust Cybersecurity for IoT - powered by SDP and Blockchain technology
Block Armour
 
Mobile_Security_En
de77
 
Secure Element Solutions
Ugo Chirico
 
Mobile Security Blanco/Ueda
Fernando Blanco
 
IoT Armour - Next-gen Zero Trust Cybersecurity for Industry 4.0
Block Armour
 
Block Armour Zero Trust Solution for Hybrid and Distributed IT environments
Block Armour
 
IoT Armour - Next-gen Zero Trust Cybersecurity for Industry 4.0 Architecture
Block Armour
 
WISekey IoT Technologies Presentation
Creus Moreira Carlos
 
Zero Trust Cybersecurity for IoT - powered by SDP and Blockchain technology
Block Armour
 

What's hot (19)

PPTX
IoT Security Trends during COVID-19
Hughes Systique Corporation
 
PDF
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Block Armour
 
PPTX
Multifactor Authentication
Ronnie Isherwood
 
PPT
Auth shield information security solution provider
AuthShield Labs
 
PDF
Innovative biometric voice verification system for mobile devices
Defence and Security Accelerator
 
PPTX
Intro to Smart Cards & Multi-Factor Authentication
hon1nbo
 
PDF
Strong Authentication and US Federal Digital Services
FIDO Alliance
 
PPTX
Bank security
PLN9 Security Services Pvt. Ltd.
 
PPT
Wifi
nil65
 
PDF
Smart OpenID & Mobile Network Security
Andreas Leicher
 
PDF
IoT security fresh thinking 2017 sep 9
Arvind Tiwary
 
PDF
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smart-i Electronics Systems Pvt Ltd.
 
PDF
Block Armour: Zero Trust Cybersecurity
Block Armour
 
PDF
Connected vehicles: An Overview on Security, Vulnerabilities and Remedies
Madhur Gupta
 
PPTX
Iot security and Authentication solution
Pradeep Jeswani
 
PDF
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
Nok Nok Labs, Inc
 
PPTX
Digital authentication
allanh0526
 
PDF
2FA OTP Token
2FA, Inc.
 
PDF
Introduction to the FIDO Alliance
FIDO Alliance
 
IoT Security Trends during COVID-19
Hughes Systique Corporation
 
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Block Armour
 
Multifactor Authentication
Ronnie Isherwood
 
Auth shield information security solution provider
AuthShield Labs
 
Innovative biometric voice verification system for mobile devices
Defence and Security Accelerator
 
Intro to Smart Cards & Multi-Factor Authentication
hon1nbo
 
Strong Authentication and US Federal Digital Services
FIDO Alliance
 
Bank security
PLN9 Security Services Pvt. Ltd.
 
Wifi
nil65
 
Smart OpenID & Mobile Network Security
Andreas Leicher
 
IoT security fresh thinking 2017 sep 9
Arvind Tiwary
 
smartXS: 2 Door 2 Reader & 4 Door 4 Reader Access Control Panel
smart-i Electronics Systems Pvt Ltd.
 
Block Armour: Zero Trust Cybersecurity
Block Armour
 
Connected vehicles: An Overview on Security, Vulnerabilities and Remedies
Madhur Gupta
 
Iot security and Authentication solution
Pradeep Jeswani
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
Nok Nok Labs, Inc
 
Digital authentication
allanh0526
 
2FA OTP Token
2FA, Inc.
 
Introduction to the FIDO Alliance
FIDO Alliance
 
Ad

Viewers also liked (6)

PDF
22670-RNR-Presentation 2013_
Paul Jones
 
PDF
جمع التبرعات من خلال نظام الدفع الذكي
Charity Innovation
 
DOCX
Blogger front cover (updated)
matt_roberts
 
PDF
22670-RNR-E-Brochure-May2014
Paul Jones
 
PDF
Secure distributed deduplication systems with improved reliability 2
Rishikesh Pathak
 
PPT
División Celular / Mitosis y Meiosis
Dalther
 
22670-RNR-Presentation 2013_
Paul Jones
 
جمع التبرعات من خلال نظام الدفع الذكي
Charity Innovation
 
Blogger front cover (updated)
matt_roberts
 
22670-RNR-E-Brochure-May2014
Paul Jones
 
Secure distributed deduplication systems with improved reliability 2
Rishikesh Pathak
 
División Celular / Mitosis y Meiosis
Dalther
 
Ad

Similar to Access Control in Enterprises with Key2Share (20)

PDF
Key2 share moosecon
Heinrich Seeger
 
PDF
Droidcon2013 key2 share_dmitrienko_fraunhofer
Droidcon Berlin
 
PDF
Connections Summit - Security & Blockchain Track
NFC Forum
 
PPTX
Smart Card and Strong Cryptography for instant security
OKsystem
 
PDF
Market Study on Mobile Authentication
FIDO Alliance
 
PDF
Report
Massimo Salvato
 
PPTX
Secure mobile payment
Ahmed Kamel Taha
 
PPTX
Securing online services by combining smart cards and web-based applications
Olivier Potonniée
 
PPT
Yared Hankins Wireless Key
solvecore
 
PDF
Near field communication
Nishank Magoo
 
PDF
880 st011
Chandra Rao
 
PPTX
Saving Blackberry
gruittbm
 
PDF
Embedded Systems Security News 2011/05
AurMiana
 
PDF
droidcon 2012: What's the Hack is NFC .., Hauke Meyn, NXP
Droidcon Berlin
 
PPTX
Securing hand held computing devices
jraja01
 
PDF
Embedded Systems Security News 2011/06
AurMiana
 
PDF
CNIT 128: 9: Mobile payments
Sam Bowne
 
PDF
Samsung knox security_solution_v1_10_0
Javier Gonzalez
 
PDF
Over the Air 2011 Security Workshop
Ericsson Labs
 
PDF
Embedded Systems Security News Feb 2011
AurMiana
 
Key2 share moosecon
Heinrich Seeger
 
Droidcon2013 key2 share_dmitrienko_fraunhofer
Droidcon Berlin
 
Connections Summit - Security & Blockchain Track
NFC Forum
 
Smart Card and Strong Cryptography for instant security
OKsystem
 
Market Study on Mobile Authentication
FIDO Alliance
 
Report
Massimo Salvato
 
Secure mobile payment
Ahmed Kamel Taha
 
Securing online services by combining smart cards and web-based applications
Olivier Potonniée
 
Yared Hankins Wireless Key
solvecore
 
Near field communication
Nishank Magoo
 
880 st011
Chandra Rao
 
Saving Blackberry
gruittbm
 
Embedded Systems Security News 2011/05
AurMiana
 
droidcon 2012: What's the Hack is NFC .., Hauke Meyn, NXP
Droidcon Berlin
 
Securing hand held computing devices
jraja01
 
Embedded Systems Security News 2011/06
AurMiana
 
CNIT 128: 9: Mobile payments
Sam Bowne
 
Samsung knox security_solution_v1_10_0
Javier Gonzalez
 
Over the Air 2011 Security Workshop
Ericsson Labs
 
Embedded Systems Security News Feb 2011
AurMiana
 

Recently uploaded (20)

PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
Unlock new opportunities with location data.pdf
Precisely
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PDF
August Patch Tuesday
Ivanti
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PPT
Geologic Time for studying geology for geologist
ssuser738f5a
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Unlock new opportunities with location data.pdf
Precisely
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
August Patch Tuesday
Ivanti
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
Geologic Time for studying geology for geologist
ssuser738f5a
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 

Access Control in Enterprises with Key2Share

  • 1. Key2Share: NFC-enabled Smartphone-based Access Control Alexandra Dmitrienko Cyberphysical Mobile Systems Security Group Fraunhofer SIT, Darmstadt In collaboration with TU Darmstadt, Center for Advanced Security Research in Darmstadt (CASED), Intel Collaborative Research Institute for Secure Computing (ICRI-SC) at TU-Darmstadt, Bosch Security Systems
  • 2. + NFC = Near Field Communication (NFC) Applications mPayments services in one touch mTicketing
  • 3. + NFC = Why not Using a Smartphone as a Key?
  • 4. Smartphone as a Door Key  Access control by enterprises to their facilities  Access control in private sector (houses, garages) 4
  • 5.  Access to hotel rooms 5 Smartphone as a Door Key
  • 6. Smartphone as a Car Key/Immobilizer  Fleet management by enterprises  Car sharing with family members or friends 6
  • 7. Smartphone as a Car Key/Immobilizer  Car sharing by rental/car sharing companies 7
  • 8. Smartphone for Access to Storage Facilities  Access to safes in hotel rooms  Lockers in luggage storage at train stations/airports 8 DHL packing stations
  • 9. Smartphone for Access to Storage Facilities  DHL packstations 9
  • 10. Smartphone for Access to Facilities  E.g., parking houses 10
  • 11. Usual Keys vs. SmartCards vs. Key2Share 11 Usual Keys SmartCards Key2Share Distribution Requires physical access Requires physical access Remote Revocation Requires physical access or replacement of the lock Remote Remote Delegation Not possible Not possible Possible Context-aware access (e.g., time frame) Not possible Possible Possible
  • 12. Key2Share: System Architecture 12 Issuer Key2Share web-service Resources 1. Employ the employee/sell the car Users Delegated users 5.Sharekey 3. Electronic key issued 4. User Authentication with the issued key 6. User Authentication with the shared key 2. One-time registration
  • 13. Key Sharing  The key to be shared is represented as a QR-code  Can be sent to the recipient per e-mail, MMS or scanned by a camera of another device
  • 14. QR Code: What’s Inside? 14  Electronic keys of Key2Share are similar to passports Issued by a central authority Government Enterprise Issued for a particular entity Citizen Employee Has binding to an identity of an entity it is issued for Photo Cryptographic key bound to the platform Public (not a secret) Yes Yes (encrypted)
  • 16. Protocol Security 16 Well-established cryptographic primitives (AES, SHA-1, RSA) Formal security proof of the protocols Formal tool-aided verification of protocols
  • 17. Platform Security  Different trade-offs between security and requirements to a mobile device 17 Built-in Security Mechanisms of Mobile OS System level software-based security extensions Hardware-based security extensions More secureLess secure No extra requirements to mobile hardware and system software (e.g., operating system) Requires update of system software (e.g., OS) Requires support in hardware. Available only on some mobile platforms
  • 18. Platform Security  Require support in hardware  e.g., Giesecke & Devrient Mobile Security Card http://www.gd- sfs.com/the-mobile-security- card/  Can be attached to the device via microSD card slot 18  provided by BizzTrust architecture  http://www.bizztrust.de/ Hardware-based security extensions Software-based security extensions
  • 19. Supported Platforms  Android NFC-enabled platforms (e.g., Samsung Nexus S, Galaxy S3) 19
  • 20. Flexible access rights:  policy-based  easy delegation  remote revocation  managable Summary
  • 21. Proof of Concept with Bosch Security Systems:  Key2Share as Access Pass  Key2Share as Building Block in Bosch‘s „Access-Control-as-a-Service“  Compatibility with already deployed infrastructure (wireless readers, management software) Current Work