For: computer science, computer security, telematics or similar.
Even though smartphones increasingly offer options for secure storage of credentials, biometrics, etc., there is still a lot of diversity and complexity. And even with expanding options, limitations remain that app developers need to take into account. The use of a smartphone as a physical identity document poses challenges as well. After all, secure communication is needed between for instance the entrance to an office building and a smartphone (e.g. by NFC, QR code, etc.).
In the Mobile-as-ID project InnoValor is building a prototype of a unique solution with which a smartphone can be used for both online and physical identity verification. The smart phone thereby replaces all separate identities that one has for the digital and physical world; meaning passwords, smartcards, tokens, etc. The solution to be developed will use the smart phone’s security facilities, will partly run in the cloud and will be in the form of an ‘enabler’. By enabler we mean that InnoValor will built generic software that can be utilized as a component in numerous specific identity solutions. For example, by the government issuing a digital passport for citizens, by an employer for identification of its employees, and by a bank for identification of its customers.
This assignment is part of our SBIR project.
Research question and approach
The assignment will be focussed on a technical, security-related, part of the Mobile-as-ID project. The research question we have in mind is: how to store credentials in a hydrid (local and cloud combi) manner, exploiting whitebox crypto, mobile OS features and, when available, local secure storage. The assignment should consist of literature search on current practice / state-of-the-art, a design phase, a PoC phase and an analysis of how secure the result is.
Variations on the above research question, focussing on other aspects on the mobile-as-ID project, are also possible, e.g., on how to use the mobile for physical access control (e.g., securely interact with doors), how to securily verify identities in a face2face situation with, e.g., a police officer (i.e., QR, NFC, BTLE, sharing only certain attributes for privacy reasons) or more business related on possible use-cases.
We offer graduation projects in multiple areas of study such as (technical) business administration, industial design, computer science and business information technology. Check out https://innovalor.nl/en/thesis-subjects for other thesis subject. Feel free to contact [email protected]