Josef Ressel Center for User-friendly Secure Mobile Environments
User-friendly Secure Mobile Environments (Final Report for JRC u’smile)
Title | User-friendly Secure Mobile Environments (Final Report for JRC u’smile) |
Publication Type | Report |
Year of Publication | 2017 |
Authors | Mayrhofer, R, Weippl, ER, Buhov, D, Findling, RD, Hintze, D, Hölzl, M, Merzdovnik, G, Muaaz, M, Roland, M |
Date Published | 10/2017 |
Institution | University of Applied Sciences Upper Austria and SBA Research, JR-Center u'smile |
City | Hagenberg |
Type | Final Report |
Abstract | The mission of this Josef Ressel Center for User-friendly Secure Mobile Environments (u'smile) was the analysis of security issues in current and future mobile applications; the design, development, and evaluation of concepts, methods, protocols, and prototypical implementations for addressing them; and communication and co-ordination with industry partners and standardization organizations towards establishing globally accepted standards for secure, interoperable, mobile services. Broadly summarizing, JRC u'smile succeeded with many specific contributions towards this vision, and in producing a final prototype of the Austrian mobile driving license on Android smartphones, which brings together the lines of research pursued within the 5 years. In the following report, we summarize these research directions by work packages, focusing on innovations since the two-term evaluation report. Detailed research results have been presented in peer-reviewed publications as well as technical reports, which form an appendix to this summary report. Over the last 5 years we published 18 journal articles, 61 papers in conference proceedings, 5 PhD theses, 2 books, and 22 technical reports and specification documents summarizing our findings and introducing new concepts, methods, and protocols to overcome security issues in mobile devices and applications, and to improve usability of security mechanisms on mobile devices both for end-users and developers. Further, a total number of 24 master's and 14 bachelor's theses have been completed within the scope of the JRC u'smile. Moreover, we were able to present the project and its results to a broad audience by organizing the Android Security Symposium in 2015 and 2017. Additional indicators of success are numerous invitations to talks -- including keynote speeches at academic conferences and other events as well as TEDxLinz --, media articles, invitations to participate in discussions with policy makers, and an increased international recognition of Austrian research contributions in the area of mobile device security. JRC u'smile was split into two modules:
As predicted in the original project proposal, the mobile landscape is changing rapidly and mobile device security has experienced significant developments beyond the JRC u'smile over the last few years. While the initial motivations and visions remained valid and continued to drive the overall focus of the JRC u'smile, new fields -- particularly in the areas of user and cross-device authentication as well as network level privacy implications -- have opened, public interest in certain areas -- such as digital identities -- has dramatically increased, and requirements have changed. At the same time, some of the initially proposed research areas -- most prominently virtualization on smart phones -- had to be abandoned due to the shift of resources into new directions and due to unforeseen inaccessibility of proprietary technologies based on competitive market forces. We are happy to report that most milestones were met and that the critical path of our planned research has been fulfilled despite these rapid and often unpredictable developments in the mobile domain. Nevertheless, several changes to the original project plan proposed in the project application were necessary:
The addition of the new work package on digital identities also resulted in an additional project outcome: the Austrian Mobile Driving License (AmDL), a prototype of a privacy-preserving mobile driving license. This shared demonstrator successfully integrates and show-cases results spanning across all work packages and across both modules of the JRC u'smile. Moreover, with this demonstrator we achieved the goal of the initial motivating vision of the JRC u'smile: to -- globally, securely, and intuitively usably -- substitute current wallets and key chains by suitable services and applications on mobile phones. Finally, specific follow-up projects with partners from the JRC u'smile include the proposal for a new Christian Doppler Laboratory 'Digidow' to extend the JRC vision of digital identities far beyond mobile devices and into cloud services, and the extension of the JRC TARGET with a third module to transfer our collected knowledge on application analysis and system security improvements. |