Article Preview
Top1. Introduction
Mobile devices have become very common and are used for multiple purpose including online transactions. It makes them better candidates to be used as a digital identity for online services and maybe offline as well. During mobile-based transactions, there is a possibility of providing fake identity which may give rise to fraud and threats to mobile security. The main idea of mobile identity is to provide electronic identification solutions for secure authentication and communication during online access to services using handheld devices and should also protect Personally Identifiable Information (PII) over handheld devices (Bicakci et al., 2014).
Online services typically require the authentication of users for which mechanisms like passwords, OTP are more commonly used, and sometimes in certain services biometric authentication is used as the service demands. To strengthen the security of data access, use of multi-factor authentication has become common. In addition to the factors mentioned above, cryptography-based identification is taking shape in the last few years. For example, smart card-based solutions wherein the user having an eID token and secret pin that is specific to this eID token. This feature of two-factor authentication enables users to create eSign and perform transactions. It additionally stores secret signing keys and features hardware-based creation capabilities.
In the case use of cryptography in authentication, the key is stored in specific hardware that is called a Secure Element (SE) for tamper-resistant and physical protection. Commonly private keys are stored on external SE’s which are SIM cards, plastic cards, or USB. Most of the mobile identity solutions developed worldwide are SIM-based and server-based using cryptographic algorithms for protection and authentication. The solution of Mobile ID is based on the SIM card as a SE which is widely accepted by many countries.
SIM Based Mobile ID is physically isolated from the device and is independent of the operating system. In SIM-based IDs, transactions are secured by signing with a private key of the signer. SIM cards are provided by telecom operators and hence the solution is dependent on the operators and maybe even the data plan provided by the operator (Kerttula et al., 2015). Servers-based solution Mobile ID is based on a hardware security module (HSM) in which the key generation takes place. HSM is sizeable hardware and very powerful cryptographic computing potential with physical protection methods. This concept is called server-based because key generation and storing take place on HSM and cannot be done on handheld devices (Kerttula et al., 2015).
In this paper, we propose a further new approach that is handheld device-based but independent of the SIM. In this approach, key-pair generation using the ECC algorithm happens in the mobile device and can be used as an identity. The X.509 certificate generated by this mechanism in the mobile device will provide a unique identity to the user. This identity can be used at the time of authentication and verification to access digital or e-services. The advanced level of storage using TEE (Trusted Execution Environment) is proposed to store keys in an android device. TEE is a technique for securing the content on Android devices by securing the area of the main processor, to protect sensitive information.
The rest of the paper is organized as follows: Section II covers the literature survey and background of mobile ID solutions. Section III discussed essential characteristics of mobile ID. Section IV describes the security requirement for the new mobile-based solution. Section V proposes the model for secure and efficient mobile as a personal identity using PKI. It also explains the major components of the proposed solution. Section VI describes the security model for analyzing the security performance of the implementation of the proposed model of Mobile Identity. The paper is concluded in Section VII presenting concluding remarks and possible future work.
The research contributions are: