Using Smart Cards to Enhance Security of Android Smartphones in Tactical Scenarios

摘要

In this paper we explore the possibility of using external secure elements, namely smart cards, to enhance the off-line security of commercial off- the-shelf (COTS) Android smartphones. The idea of using smart cards with smartphones is not completely new, but they are usually employed in solutions that need to be approved for RESTRICTED classification and above, and leverage customized devices in dedicated infrastructures. This approach defeats in part the purpose of using COTS products, and may be unnecessary for situations where budget is limited and data is mission sensitive, but not necessary classified, as in the use-case motivating this work. Here we present our findings on how different types of smart cards as Mifare NFC cards and Java Cards in both microSD and Dual format may interact with standard Android devices to enhance their security when not on-line. We conclude that smart cards can be a cost-effective way to mitigate some weaknesses of smartphones which can constitute a risk in tactical military scenarios, but compatibility challenges and device ownership models can limit their effective security.