Proceedings 2014 Network and Distributed System Security Symposium 2014
DOI: 10.14722/ndss.2014.23165
|View full text |Cite
|
Sign up to set email alerts
|

Smartphones as Practical and Secure Location Verification Tokens for Payments

Abstract: We propose a novel location-based second-factor authentication solution for modern smartphones. We demonstrate our solution in the context of point of sale transactions and show how it can be effectively used for the detection of fraudulent transactions caused by card theft or counterfeiting. Our scheme makes use of Trusted Execution Environments (TEEs), such as ARM TrustZone, commonly available on modern smartphones, and resists strong attackers, even those capable of compromising the victim phone application… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
21
0

Year Published

2014
2014
2019
2019

Publication Types

Select...
4
4
2

Relationship

0
10

Authors

Journals

citations
Cited by 59 publications
(21 citation statements)
references
References 26 publications
0
21
0
Order By: Relevance
“…Most of TEE applications defined in the literature are designed for smartphones. It is used to provide a wide range of secure services: ticketing [54], [55], privacy-friendly public transport ticketing [56], online transaction confirmation [57], privacyfriendly online prepaid mobile payment [58], [59], media content protection [60], [61], authentication to access cloud storage services [62], [63], two factor authentication [64], [65], and trusted sensors [66].…”
Section: B Applicationsmentioning
confidence: 99%
“…Most of TEE applications defined in the literature are designed for smartphones. It is used to provide a wide range of secure services: ticketing [54], [55], privacy-friendly public transport ticketing [56], online transaction confirmation [57], privacyfriendly online prepaid mobile payment [58], [59], media content protection [60], [61], authentication to access cloud storage services [62], [63], two factor authentication [64], [65], and trusted sensors [66].…”
Section: B Applicationsmentioning
confidence: 99%
“…AdAttester (Li et al 2015) uses TrustZone to secure online mobile Ad attestation, leveraging the secure world of TrustZone to implement unforgeable clicks and verifiable display. (Marforio et al 2014) uses TrustZone to ensure the trusted execution environment for the payment process. Similar to the two solutions, IM-Visor aims to protect one certain functional service in Android, but IM-Visor is more comprehensive as the trustlet in IM-Visor needs to complete some functional operation and needs more interaction with Android framework while the trustlet in other two solutions mainly complete the operation such as signature and encryption.…”
Section: Related Workmentioning
confidence: 99%
“…However, this requires large scale retrofitting of cellular celltowers or installation of new hardware, neither of which is practical at large geographic scales. Others propose to embed tamperproof location hardware on mobile devices [32,38], which incurs high cost per user, and is only effective if enforced across all devices. For our purposes, we need a scalable approach that works with current hardware, without incurring costs on mobile users or the map service (Waze).…”
Section: Defensesmentioning
confidence: 99%