View all Seminars  |  Download ICal for this event

A Trusted-Hardware Backed Secure Payments Platform for Android

Series: M.Tech (Research) Colloquium- ONLINE

Speaker: Mr. Rounak AgarwalM.Tech(Research) Student Dept. of CSA

Date/Time: Jun 04 11:00:00

Location: Microsoft Teams - Online

Faculty Advisor: Prof. Vinod Ganapathy

Digital payments using personal electronic devices have been steadily gaining in popularity for the last few years. While digital payments using smartphones are very convenient, they are also more susceptible to security vulnerabilities. Unlike devices dedicated to the purpose of payments (e.g. POS terminals), modern smartphones provide a large attack surface due to the presence of so many apps for various use cases and a complex feature-rich smartphone OS. Because it is the most popular smartphone OS by a huge margin, Android is the primary target of attackers. Although the security guarantees provided by the Android platform have improved signifi cantly with each new release, we still see new vulnerabilities being reported ever month. Vulnerabilities in the underlying Linux kernel are particularly dangerous because of their severe impact on app security. To protect against a compromised kernel, some critical functions of the Android platform such as cryptography and local user authentication have been moved to a Trusted Execution Environment (TEE) in the last few releases. But the Android platform doesn't yet provide a way to protect a user's con fidential input meant for a remote server, from a compromised kernel. Our work aims to address this gap in Android's use of TEEs for app security. We have designed a framework that leverages a TEE for protecting user's confi dential input and we have shown how this framework can be used to improve the security of digital payments.

Microsoft Teams Link:

Speaker Bio:

Host Faculty: