A Framework for TrustZone Encoding/Decoding for QR Buyer-Presented and VCC Offline Generated Payments

Ammar S. Salman, Wenliang Du

Research output: Chapter in Book/Entry/PoemConference contribution

Abstract

In earlier works we secured merchant-presented QR payments using the TrustZone. Other works have previously secured buyer-presented QR codes for static QR codes which only need be generated once. We have built a system that extends QR code decoding between Android systems and servers using Split-SSL. Decoding was tested for both cases of using split decoder installed within the TrustZone or made by the vendor server. The TrustZone decoding provided better protection, convenience, and performance. In addition, we have developed a system that generates virtual credit card numbers offline for full data security. In this work, we introduce the fourth component, namely, QR encoding from within the TrustZone, or a standalone device (TrustProvider) compatible with the TrustZone systems, with no overhead, while maintaining small Trusted Computing Base (TCB).Combining all four components in the TrustZone or TrustProvider can extend security and protection to a wide range of transactions including QR codes and VCC card generation. Feasibility and performance for the extended services are outlined at the end of the article. The system extends security for buyer-presented purchases with comprehensive protection when presented as virtual-based numbers. Applications in banking and QR trading are direct outcome. We are working on building a framework for an integrated system that can provide security well beyond exciting tokenization and VCC systems and enables a peer-to-peer transactions that encourage developers’ free access with open-source implementations and remove middleman threats or controls.

Original languageEnglish (US)
Title of host publicationProceedings of the Future Technologies Conference (FTC) 2024
EditorsKohei Arai
PublisherSpringer Science and Business Media Deutschland GmbH
Pages177-194
Number of pages18
ISBN (Print)9783031731273
DOIs
StatePublished - 2024
Event9th Future Technologies Conference, FTC 2024 - London, United Kingdom
Duration: Nov 14 2024Nov 15 2024

Publication series

NameLecture Notes in Networks and Systems
Volume1157 LNNS
ISSN (Print)2367-3370
ISSN (Electronic)2367-3389

Conference

Conference9th Future Technologies Conference, FTC 2024
Country/TerritoryUnited Kingdom
CityLondon
Period11/14/2411/15/24

Keywords

  • ARM TrustZone
  • Android
  • Attack surface
  • Encoding systems
  • Mobile security
  • OP-TEE
  • QR payments
  • REE
  • Split QR decoding
  • Split-SSL
  • TEE
  • Threat model
  • TrustProvider
  • VCC generators
  • Zbar decoder

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Signal Processing
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'A Framework for TrustZone Encoding/Decoding for QR Buyer-Presented and VCC Offline Generated Payments'. Together they form a unique fingerprint.

Cite this