Discussion:
[android-security-discuss] Card Emulation
Plamen Metodiev
2018-09-29 07:01:51 UTC
Permalink
Hello,

I want to emulate Mifare Classic 4K card that will have authentication and
it will be used for passing a barrier of a system already in place. With
Android 4.4 Google presented HCE (Host Card Emulation). Now in 2018 what is
better to use HCE or use the embedded secure element in the phone or
somewhere in the cloud? I think that the embedded secure element is still
the most secure approach because it can not be hacked in any way. What are
your suggestions?
--
You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+***@googlegroups.com.
Visit this group at https://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
'René Mayrhofer' via Android Security Discussions
2018-10-01 18:45:52 UTC
Permalink
Hi Plamen,

Which of those options are appropriate will very much depend on your threat
model, i.e. which capabilities you assume your adversaries to have. Are
physical adversaries in your thread model? How much (effort/resources) do
you assume adversaries may be willing to spend up front and per
device/user? Depending on these answers, the solution can be anywhere on
the spectrum between fully within the app to strictly requiring certified
secure elements. Did you see the requirements for StrongBox (for key
storage/handling) in Android Pie? Is this useful for your case?

best regards,
Rene
Post by Plamen Metodiev
Hello,
I want to emulate Mifare Classic 4K card that will have authentication and
it will be used for passing a barrier of a system already in place. With
Android 4.4 Google presented HCE (Host Card Emulation). Now in 2018 what is
better to use HCE or use the embedded secure element in the phone or
somewhere in the cloud? I think that the embedded secure element is still
the most secure approach because it can not be hacked in any way. What are
your suggestions?
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an
Visit this group at
https://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+***@googlegroups.com.
Visit this group at https://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
Plamen Metodiev
2018-10-01 19:22:55 UTC
Permalink
Hi,

I read about the new stuff in Android pie and looks like Android will take care of the security, but unfortunately not many phones are with latest Android. I guess the app will use the embedded secure element in the phone for those who has one.
By the way this app will emulate transit pass and I am still not quite sure it if it can be done.
--
You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+***@googlegroups.com.
Visit this group at https://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.
Loading...