Mobile services have already become a corner stone of daily life in many developed and developing countries, ranging from simple, localized tourist guides to city-scale wireless network services and multiple nation-wide mobile payment applications. However, many of these services either offer low security (or, often, none at all) for end users or are too complicated to set up in order to be securely accessible by typical end users. Overcoming these limitations in security and usability offers the potential for future ground-breaking applications towards even better mobility and convergence of devices and end-user services. One of the motivating visions is to – globally, securely, and intuitively usably – substitute current wallets and key chains by suitable services and applications on mobile phones. This includes typical credit, debit, and store card functionality, secure and anonymous cash transactions, locking and unlocking doors and other resources, as well as passports, identity cards, licenses, and insurance cards.
- the analysis of security issues in current and future mobile applications
- the design, development, and evaluation of concepts, methods, protocols, and prototypical implementations for addressing them
- communication and co-ordination with industry partners and standardization organizations towards establishing globally accepted standards for secure, interoperable, mobile services.
In addition to academic publications, a specific aim is to produce open source code for user authentication, security-enhancing libraries, and Android system extensions to improve mobile device and application security and usability. Here is a selected list of open source projects initiated by the usmile team:
- CORMORANT: An extensible, risk-aware, multi-modal, crossdevice authentication framework that enables transparent continuous authentication using different biometrics across multiple trusted devices. https://github.com/mobilesec/cormorant
- Panshot face Authentication: face authentication module for the mobilesec Android authentication framework that features 2D frontal-only authentication and additionally showcases panshot face authentication https://github.com/mobilesec/authentication-framework-module-face
- EC-SRP on JavaCards: An implementation of the elliptic curve variant of the Secure Remote Password (SRP-5) password-authenticated secure channel protocol from IEEE Std 1363.2-2008. https://github.com/mobilesec/secure-channel-ec-srp-applet
- Secure Element Emulator: This project aims at emulating a secure element environment for debugging and rapid-prototyping of secure element applets. https://github.com/mobilesec/secure-element-emulator
- GPDroid: Global Platform Card Management Tool using Open Mobile API for Android https://github.com/mobilesec/secure-element-gpdroid
- More projects at https://github.com/mobilesec/