Security and Privacy in Mobile Information and Communication Systems

Trust has been considered as a social relationship between two individuals in human society. But, as computer science and networking have succeeded in using computers to automate many tasks, the concept of trust can be generalized to cover the reliability and relationships of non-human interaction, such as, for example, information gathering and data routing. This paper investigates the evaluation of trust in the context of ad hoc networks. Nodes evaluate each other’s behaviour based on observables. A node then decides whether to trust another node to have certain innate abilities. We show how accurate such an evaluation could be. We also provide the minimum number of observations required to obtain an accurate evaluation, a result that indicates that observation-based trust in ad hoc networks will remain a challenging problem. The impact of making networking decisions using trust evaluation on the network connectivity is also examined. In this manner, quantitative decisions can be made concerning trust-based routing with the knowledge of the potential impact on connectivity.

We present a data storage scheme for sensor networks that achieves the targets of encryption and distributed storage simultaneously. We partition the data to be stored into numerous pieces such that at least a specific number of them have to be brought together to recreate the data. The procedure for creation of partitions does not use any encryption key and the pieces are implicitly secure. These pieces are then distributed over random sensors for storage. Capture or malfunction of one or more (less than a threshold number of sensors) does not compromise the data. The scheme provides protection against compromise of data in specific sensors due to physical capture or malfunction.

Contact lists, Emails, SMS or custom applications on a professional smartphone could hold very confidential or sensitive information. What could happen in case of theft or accidental loss of such devices? Such events could be detected by the separation between the smartphone and a Bluetooth companion device. This event should typically block the applications and delete personal and sensitive data. Here, a solution is proposed based on a secured framework application running on the mobile phone as a rich client connected to a security server. The framework offers strong and customizable authentication and secured connectivity. A security server manages all security issues. User applications are then loaded via the framework. User data can be secured, synchronized, pushed or pulled via the framework. This contribution proposes a convenient although secured environment based on a client-server architecture using external authentications. Several features of the proposed system are exposed and a practical demonstrator is described.

In a (t, n) threshold proxy signature scheme, one original signer delegates a group of n proxy signers to sign messages on behalf of the original signer. When the proxy signature is created, at leastt proxy signers cooperate to generate valid proxy signatures and any less than t proxy signers can’t cooperatively generate valid proxy signatures. So far, all of proposed threshold proxy signature schemes are based on public key systems with certificates, which have some disadvantages such as checking the certificate list when needing certificates. Most threshold proxy signature schemes use Shamir’s threshold secret share scheme. Identity-based public key system is not pretty mature. Self-certified public key systems have attracted more and more attention because of its advantages. Based on Hsu et al’s self-certified public key system and Li et al’s proxy signature scheme, one threshold proxy signature scheme based on ECDLP and self-certified public key system is proposed. As far as we know, it is the first scheme based on ECDLP and self-certified public key system. The proposed scheme can provide the security properties of proxy protection, verifiability, strong identifiability, strong unforgeability, strong repudiability, distinguishability, known signers and prevention of misuse of proxy signing power. That is, internal attacks, external attacks, collusion attacks, equation attacks and public key substitution attacks can be resisted. In the proxy signature verification phase, the authentication of the original and the proxy signers’ public keys and the verification of the threshold proxy signature are executed together. In addition, the computation overhead and communication cost of the proposed scheme are analyzed as well.

Integrity measurement and attestation mechanisms have already been developed for PC and server platforms, however, porting these technologies directly on mobile and resource-limited devices does not truly satisfy their performance constraints. Therefore, there are ongoing research efforts on mobile-efficient integrity measurement and attestation mechanisms. In this paper we propose a simple and efficient solution for this problem by considering the unique features of mobile phone devices. Our customized secure boot mechanism ensures that a platform can boot to a secure state. During runtime an information flow–based integrity model is leveraged to maintain high integrity status of the system. Our solution satisfies identified security goals of integrity measurement and attestation. We have implemented our solution on a LiMo compatible mobile phone platform.

The Belgian Electronic Identity Card was introduced in 2002. The card enables Belgian citizens to prove their identity digitally and to sign electronic documents. Today, only a limited number of citizens really use the card in electronic applications. A major reason is the lack of killer functionality and killer applications.

This paper presents two reusable extensions to the Belgian eID technology that opens up new opportunities for application developers. First, a secure and ubiquitously accessible remote storage service is presented. Second, we show how the eID card can be used to issue new certificates. To demonstrate the applicability and feasibility of both extensions, they are combined in the development of a secure e-mail application. The proposed solution offers strong privacy, security and key management properties while increasing the accessibility of confidential e-mail compared to existing solutions (such as PGP and S/MIME).

Spam is a dominant problem on email systems today. One of the reasons is the lack of infrastructure for security and trust. As Voice over IP (VoIP) communication becomes increasingly popular, proliferation of spam calls is only a matter of time. As SIP identity scheme is practically similar to email, those share the same threats. We utilized Host Identity Protocol (HIP) to provide basic security, such as end-to-end encryption. To provide call filtering, however, other tools are needed. In this paper, we suggest applying trust paths familiar from the PGP web of trust to prevent unwanted communication in P2PSIP communities.

The goal is to provide trust visibility beyond the first hop without requiring people to openly share private data such as contact lists. Since our distributed environment limits global solutions, our proposal bases on scale-free distributed nodes which provide service to the social trust neighborhood. We have implemented the service as a freely deployable stand-alone HTTP server, which can be either independent or a part of the P2P overlay. We have evaluated the performance of the path finding algorithm using the social network data from the PGP web of trust.

In our paper we study practical aspects of random and pseudorandom number generation in mobile environments. We examine and analyze several sources of randomness available in current mobile phones and other mobile devices at the application level. We identify good physical sources of randomness that are capable of generating data with high entropy in reasonable time and we investigate some relevant aspects (such as security, energy requirements, performance) of integrating selected pseudorandom number generators in the Symbian OS environment. The main contribution of this paper is the identification and analysis of randomness sources in mobile devices and a practical proposal for their post-processing, including a prototype implementation.

The openness and heterogeneity of next generation communication networks are now highlighting more security issues than those of traditional communication environments. Moreover users’ security requirements can often change in mobile communication environments, depending on the situation in which the user is immersed. Our objective is to define a context-aware security framework for addressing the problems of end-to-end security on behalf of end-users. Based on context data acquisition and aggregation features, the framework uses contextual graphs to define security policies encompassing actions at different layers of communication systems’ architecture, while adapting to changing circumstances.

As a countermeasure for eavesdroppers in wireless communications, a secret key agreement scheme using a variable directional antenna called ESPAR antenna was developed. In this scheme, the process of information reconciliation is necessary to correct the discrepancies between the legitimate users’ keys. In this paper, we propose a new information reconciliation protocol using the reliability of the raw keys. The proposed information reconciliation protocol is a modified version of the protocol used in quantum key distribution called Cascade. The results of simulations show that the proposed protocol can correct errors with less the number of disclosed bits and less the number of communications than those of Cascade.

As wireless networks become increasingly ubiquitous, the demand for a method of locating a device has increased dramatically. Location Based Services are now commonplace but there are few methods of verifying or guaranteeing a location provided by a user without some specialised hardware, especially in larger scale networks. We propose a system for the verification of location claims, using proof gathered from neighbouring devices. In this paper we introduce a protocol to protect this proof gathering process, protecting the privacy of all involved parties and securing it from intruders and malicious claiming devices. We present the protocol in stages, extending the security of this protocol to allow for flexibility within its application. The Secure Location Verification Proof Gathering Protocol (SLVPGP) has been designed to function within the area of Vehicular Networks, although its application could be extended to any device with wireless & cryptographic capabilities.

Since the dissemination of Radio Frequency IDentification (RFID) tags is getting larger and larger, the requirement for strong security and privacy is also increasing. Low-cost and ultra-low-cost tags are being implemented on everyday products, and their limited resources constraints the security algorithms to be designed especially for those tags. In this paper, a complete solution providing strong security and high privacy during the whole product lifetime is presented. Combining bit-wise operations and secret keys, the algorithm proposed addresses and solves all the common security attacks.

Sensor networks are one of the first examples of pervasive computing, which is characterized by the massive use of increasingly smaller and powerful devices. A cloud of sensors arranged in a given environment is in itself a great source of data; accessing this source in order to extract useful information is not a trivial problem. It requires correct sensor deployment within the environment and a protocol for data exchange. We also have to bear in mind the problem of data and sensors security: sensors are often installed in areas difficult to protect and monitor. In this paper we describe SensorTree, a functioning model and a simulator for a network of wireless sensors installed on the sea surface to measure parameters useful for determining the weather situation.

Explosive growth of the Internet and lack of mechanisms that validate the authenticity of a packet source produced serious security and accounting issues. In this paper, we propose validating source addresses in LAN using Host Identity Protocol (HIP) deployed in a first-hop router. Compared to alternative solutions such as CGA, our approach is suitable both for IPv4 and IPv6. We have implemented SAVAH in Wi-Fi access points and evaluated its overhead for clients and the first-hop router.

The effective convergence of service-oriented architectures (SOA) and peer-to-peer (P2P) is an urgent task, with many important applications ranging from e-business to ambient intelligence. A considerable standardization effort is being carried out from both SOA and P2P communities, but a complete platform for the development of secure, distributed applications is still missing. In this context, the result of our research and development activity is JXTA-SOAP, an official extension for JXTA enabling Web Service sharing in peer-to-peer networks. Recently we focused on security aspects, providing JXTA-SOAP with a general security management system, and specialized policies that target both J2SE and J2ME versions of the component. Among others, we implemented a policy based on Multimedia Internet KEYing (MIKEY), which can be used to create a key pair and all the required parameters for encryption and decryption of service messages in consumer and provider peers running on resource-constrained devices.

The Third Generation Partnership Project (3GPP) standardisation group currently discusses advanced applications of mobile networks such as Machine-to-Machine (M2M) communication. Several security issues arise in these contexts which warrant a fresh look at mobile networks’ security foundations, resting on smart cards. This paper contributes a security/efficiency analysis to this discussion and highlights the role of trusted platform technology to approach these issues.

In this paper, we introduce a model for enhancing privacy in peer-to-peer communication systems. The model is based on data obfuscation, preventing intermediate nodes from tracking calls, while still utilizing the shared resources of the peer network. This increases security when moving between untrusted, limited and ad-hoc networks, when the user is forced to rely on peer-to-peer schemes. The model is evaluated using a Host Identity Protocol-based prototype on mobile devices, and is found to provide good privacy, especially when combined with a source address hiding scheme. The contribution of this paper is to present the model and results obtained from its use, including usability considerations.

Smart phones and computers now are able to co-work in a wireless environment where malware can propagate. Although many investigations have modeled the spread of malware, little has been done to take into account different characteristics of items to see how they affect disease diffusion in an ad hoc network. We have therefore developed a novel framework, consisting of two models, which consider diversity of objects as well as interactions between their different classes. Our framework is able to produce a huge result space thus makes it appropriate to describe many viral proliferating scenarios. Additionally, we have developed a formula to calculate the possible average number of newly infected devices in the considered system. An important contribution of our work is the comprehension of item diversity, which states that a mixture of device types causes a bigger malware spread as the number of device types in the network increases.

WiMAX networks provide broadband data access to mobile as well as stationary users. While the wireless link is based on the 802.16e-2005 specification developed by IEEE, a complete network architecture “behind the base station” with global roaming support has been specified by the WiMAX forum. The security architecture for these networks covers EAP/AAA-based secure network access, secure bootstrapping of macro mobility based on Mobile IP, and secure over-the-air provisioning. Specific solutions have been standardized to support combined or separate device and user authentication.

This paper describes the design of LoPSiL, a language for specifying location-dependent security and privacy policies. Policy- specification languages like LoPSiL are domain-specific programming languages intended to simplify the tasks of specifying and enforcing sound security policies on untrusted (i.e., potentially insecure) software. As far as we are aware, LoPSiL is the first imperative policy-specification language to provide abstractions specifically tailored to location-dependent policies for mobile-device applications. We have implemented a proof-of-concept compiler that inputs a LoPSiL policy P and a mobile-device application program A and outputs a new application program A′ equivalent to A, except that A′ contains inlined enforcement code that ensures that A′ satisfies P at runtime. We report our experiences using this compiler to design and implement several policies for mobile-device applications.

This paper presents an analysis of a cryptographic security protocol that is designed for use in a mobile communication environment. The goal of the analysed protocol is to ensure secure end-to-end communication between two mobile users that are connected to different base stations. The analysis reveals a serious flaw in the used signature scheme of the security protocol. Exploitation of this flaw enables an intruder to use algebraic simplifications to forge signatures on arbitrary messages. Two attacks, which exploit this weakness, are detailed showing the impersonation of a mobile user and a base station, respectively. Corrections to the flawed protocol are proposed and analysed. It is established that the corrected protocol is secure against the presented attacks.