@inproceedings{54b49b21f66440c49c34a88f53f3d670,
title = "A Framework for TrustZone Encoding/Decoding for QR Buyer-Presented and VCC Offline Generated Payments",
abstract = "In earlier works we secured merchant-presented QR payments using the TrustZone. Other works have previously secured buyer-presented QR codes for static QR codes which only need be generated once. We have built a system that extends QR code decoding between Android systems and servers using Split-SSL. Decoding was tested for both cases of using split decoder installed within the TrustZone or made by the vendor server. The TrustZone decoding provided better protection, convenience, and performance. In addition, we have developed a system that generates virtual credit card numbers offline for full data security. In this work, we introduce the fourth component, namely, QR encoding from within the TrustZone, or a standalone device (TrustProvider) compatible with the TrustZone systems, with no overhead, while maintaining small Trusted Computing Base (TCB).Combining all four components in the TrustZone or TrustProvider can extend security and protection to a wide range of transactions including QR codes and VCC card generation. Feasibility and performance for the extended services are outlined at the end of the article. The system extends security for buyer-presented purchases with comprehensive protection when presented as virtual-based numbers. Applications in banking and QR trading are direct outcome. We are working on building a framework for an integrated system that can provide security well beyond exciting tokenization and VCC systems and enables a peer-to-peer transactions that encourage developers{\textquoteright} free access with open-source implementations and remove middleman threats or controls.",
keywords = "ARM TrustZone, Android, Attack surface, Encoding systems, Mobile security, OP-TEE, QR payments, REE, Split QR decoding, Split-SSL, TEE, Threat model, TrustProvider, VCC generators, Zbar decoder",
author = "Salman, {Ammar S.} and Wenliang Du",
note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.; 9th Future Technologies Conference, FTC 2024 ; Conference date: 14-11-2024 Through 15-11-2024",
year = "2024",
doi = "10.1007/978-3-031-73128-0_12",
language = "English (US)",
isbn = "9783031731273",
series = "Lecture Notes in Networks and Systems",
publisher = "Springer Science and Business Media Deutschland GmbH",
pages = "177--194",
editor = "Kohei Arai",
booktitle = "Proceedings of the Future Technologies Conference (FTC) 2024",
address = "Germany",
}