Authors: Bernd Prünster 1 ; Gerald Palfinger 1 and Christian Kollmann 2

Affiliations: 1 Institute of Applied Information Processing and Communications (IAIK), Graz University of Technology, Austria, Secure Information Technology Center – Austria (A-SIT) and Austria ; 2 A-SIT Plus GmbH and Austria

ISBN: 978-989-758-378-0

ISSN: 2184-2825

Keyword(s): Trust, Remote Attestation, Mobile Applications, Android, Security.

Related Ontology Subjects/Areas/Topics: Data and Application Security and Privacy ; Information and Systems Security ; Security and Privacy in Mobile Systems ; Software Security ; Trust Management and Reputation Systems

Abstract: In connected mobile app settings, back-ends have no means to reliably verify the integrity of clients. For this reason, services aimed at mobile users employ (unreliable) heuristics to establish trust. We tackle the issue of mobile client trust on the Android platform by harnessing features of current Android devices and show how it is now possible to remotely verify the integrity of mobile client applications at runtime. This makes it possible to perform sensitive operations on devices outside a service operator’s control. We present Fides, which improves the security properties of typical connected applications and foregoes heuristics for determining a device’s state such as SafetyNet or root checks. At its core, our work is based on the advancements of Android’s key attestation capabilities, which means that it does not impose a performance penalty. Our concept is widely applicable in the real world and does not remain a purely academic thought experiment. We demonstrate this by pr oviding a light-weight, easy-to use library that is freely available as open source software. We have verified that Fides even outperforms the security measures integrated into critical applications like Google Pay. (More)


Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Prünster, B.; Palfinger, G. and Kollmann, C. (2019). Fides: Unleashing the Full Potential of Remote Attestation.In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT, ISBN 978-989-758-378-0, ISSN 2184-2825, pages 314-321. DOI: 10.5220/0008121003140321

author={Bernd Prünster. and Gerald Palfinger. and Christian Kollmann.},
title={Fides: Unleashing the Full Potential of Remote Attestation},
booktitle={Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT,},


JO - Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT,
TI - Fides: Unleashing the Full Potential of Remote Attestation
SN - 978-989-758-378-0
AU - Prünster, B.
AU - Palfinger, G.
AU - Kollmann, C.
PY - 2019
SP - 314
EP - 321
DO - 10.5220/0008121003140321

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.