Security and Privacy in Mobile Information and Communication Systems (eBook)

Preface 5
Organization 7
Table of Contents 9
On Trust Evaluation in Mobile Ad Hoc Networks 11
Introduction 11
Related Work 12
Definition of Trust 13
Accuracy of Trust Evaluation 14
Estimation of a Node’s Capacities 14
Number of Observations Required 17
Trust and Network Connectivity 19
Connectivity of Trust-Based Networks 19
Validation 20
Conclusion 21
References 22
A Distributed Data Storage Scheme for Sensor Networks 24
Introduction 24
Proposed Data Partitioning Scheme 25
A Stronger Variation to the Protocol Modulo a Composite Number 29
Addressing the Data Partitions 30
Future Work and Other Applications 30
Conclusions 31
References 31
A Rich Client-Server Based Framework for Convenient Security and Management of Mobile Applications 33
Introduction 33
State of the Art 35
A Framework for Secured Applications 36
A Sample Scenario 36
The Use Case 38
The Authentication Services 38
Architecture of the Plaform 39
Risk Analysis 41
The Open and Secure Mobile System 42
OSMOSYS Client and Companion 42
OSMOSYS Server 42
Conclusion and Future Work 43
References 44
A Robust Conditional Privacy-Preserving Authentication Protocol in VANET 45
Introduction 45
Security Requirements 47
SystemModel 48
Proposed Protocol 49
Setup 49
Registration 50
Multiple Anonymous Certificates Generation 50
Safety Message Authentication 51
OBU’s Real ID Trace 51
Discussion 51
Security 51
Efficiency 52
Conclusion 54
References 54
An Autonomous Attestation Token to Secure Mobile Agents in Disaster Response 56
Introduction 56
Trusted Computing 57
Mobile Agents 58
Related Work 59
Mobile Agent Security in Disaster-Relief Scenarios 59
Local Attestation 61
Operational Challenges 62
An Attestation Based Key Release Protocol 62
The AAT Hardware Architecture 64
Conclusion 65
References 66
An ECDLP-Based Threshold Proxy Signature Scheme Using Self-Certified Public Key System 68
Introduction 69
The Proposed Scheme 70
Registration 71
Proxy Share Generation 71
Proxy Signature Issuing without Revealing Proxy Shares 72
Proxy Signature Verification 72
Correctness of the Proposed Scheme 73
Security Analysis 74
Performance Evaluation 78
Conclusions 78
References 79
Building Efficient Integrity Measurement and Attestation for Mobile Phone Platforms 81
Introduction 81
Security Goals 83
Our Approach 84
Secure Boot 85
Secure Runtime 86
Putting Together: IntegrityMeasurement and Protection 89
Implementation 90
Related Work 91
Conclusion 91
References 92
Context-Aware Monitoring of Untrusted Mobile Applications 93
Introduction 93
Mobile Malware Defence 93
Execution Monitoring 94
Paper Structure 95
Modelling Application Behaviour 95
Approach Summary 95
Application Behaviour Modelling Language (ABML) 96
Demonstration 98
Existing Device Protection 98
Attacks and Countermeasures 98
Policy Compilation and Enforcement 101
Synthesising Monitors from ABML Specifications 101
ABML Policy Enforcement 102
Performance Analysis 103
Related Work 104
Conclusion 104
References 105
Extending the Belgian eID Technology with Mobile Security Functionality 107
Introduction 107
Belgian Electronic Identity Card Technology 108
Notations 109
Mobile Access to Secrets 109
Proxying the Belgian eID 112
Discussion 114
A Mobile and Secure e-mail Client 115
Requirements 115
Protocols 115
Evaluation 117
Conclusion 118
References 118
Filtering SPAM in P2PSIP Communities with Web of Trust 120
Introduction 120
A P2P SIP System 121
Trust in a Distributed System 123
Beyond the First Hop 124
Trusted Pathfinder Service 125
Implementation of the Pathfinder 126
Performance 128
Wotsap PGP Signature Data-Set 128
Measurements 129
Conclusion 130
References 130
Generating Random and Pseudorandom Sequences in Mobile Devices 132
Introduction 132
Requirements on Random Data 133
Qualitative Requirements 133
Quantitative Requirements 134
Randomness in Mobile Devices 135
Sources of Randomness in Mobile Devices 135
Secure Pseudorandom Numbers 138
Integration into Symbian OS 139
ANSI X9.31 PRNG 139
Fortuna PRNG 141
Conclusions and Future Work 142
References 143
A Context-Aware Security Framework for Next Generation Mobile Networks 144
Introduction 144
Related Work 145
Context-Aware Security Framework 146
Security Context 146
Security Actions 149
Context-Based Security Policies 150
Architectural Model 152
Conclusions 155
References 156
Information Reconciliation Using Reliability in Secret Key Agreement Scheme with ESPAR Antenna 158
Introduction 158
Secret Key Agreement Scheme Using ESPAR Antenna 159
Cascade Protocol 161
Cascade Using Reliability 162
Simulation Setting 165
System Model 165
Simulation Model 165
Simulation Results 166
The Number of Disclosed Bits 166
The Number of Communications 166
The Efficiency of Protocol 167
Conclusion 168
References 168
Protecting Privacy and Securing the Gathering of Location Proofs – The Secure Location Verification Proof Gathering Protocol 170
Introduction 170
Related Work 171
A System for the Secure Verification of Location Claims 172
System Model and Assumptions 172
Threat Model 173
The Role of the Verifier 173
The Use of Distance Bounding in the SLVPGP 174
The Secure Location Verification Proof Gathering Protocol (SLVPGP) 175
Protocol Outline 175
Protocol Discussion 176
Extending the Protocol 176
The SLVPGP: Extension 1 177
The SLVPGP: Extension 2 177
The SLVPGP: Extension 3 177
Overall Analysis 179
Cost Analysis 179
Security Analysis 179
Future Work 180
Conclusion 180
References 180
Providing Strong Security and High Privacy in Low-Cost RFID Networks 182
Introduction 182
The RFID Technology 182
A New Problematic 183
Privacy Threats 183
Related Works 184
Proposed Solution 185
A Few Assumptions 185
The Protocol 186
Security Evaluation 186
Security Analysis 186
Privacy Analysis 187
Conclusion 188
References 189
Safe, Fault Tolerant and Capture-Resilient Environmental Parameters Survey Using WSNs 190
Introduction 190
Model Architecture and Network Functioning 191
Tree Construction 192
Tree Maintenance and Convergence 192
Routing Tree 193
Nodes Querying 193
Automatic Rejoining 194
Data Integrity and Authenticity 195
Nodes Initialization 195
Data Collection and Hashchains 196
Capture-Resilience 198
Conclusion 198
References 199
SAVAH: Source Address Validation with Host Identity Protocol 200
Introduction 200
Background on Host Identity Protocol 201
Related Work 202
SAVAH Design and Implementation 202
SAVAH Architecture 203
SAVAH Router Discovery 203
Packet Authentication 205
Source Address Validation 206
Deployment and Integration with General SAVA Architecture 207
Performance Evaluation 208
Conclusions 210
References 210
Secure Service Invocation in a Peer-to-Peer Environment Using JXTA-SOAP 212
Introduction 212
Background 213
JXTA-SOAP 215
JXTA-SOAP for Java Standard Edition (J2SE) 216
JXTA-SOAP for Java Micro Edition (J2ME) 217
Secure Service Invocation 218
DefaultTLSTransport 218
DefaultWSSMessage 221
MIKEYPolicy for Mobile Applications 221
Conclusions 222
References 222
Security Aspects of Smart Cards vs. Embedded Security in Machine-to-Machine (M2M) Advanced Mobile Network Applications 224
Introduction 224
M2M Requirements 225
The Options for a TRE to Host Secure, Downloadable MCIMs 225
Smart Card Security in Mobile Networks: Why Is the Smart Card a Trusted Anchor? 227
Meeting M2M Requirements with UICCs 229
Security Analysis and Comparison: Can an Embedded TRE Ever Be as Secure as a Smart Card? 231
Conclusions 233
References 234
Simple Peer-to-Peer SIP Privacy 236
Introduction 236
Problem Scope 237
SolutionModel 238
Storage Key Obfuscation 239
Usability Considerations 240
Implementation 241
Technology 241
Prototype Overview 242
Privacy Enhancements 242
Evaluation 243
Discussion 245
Summary and Future Work 245
References 246
On Modeling Viral Diffusion in Heterogeneous Wireless Networks 248
Introduction 248
Related Works and Motivation 250
Modeling Disease with Heterogeneity of Nodes 251
Assumptions 251
Elaborate Models 252
Discussion on the Models 254
Assumption and Parameter Discussion 254
Analysis of Disease Extent 254
Simulation Results 255
Conclusions and Future Works 260
References 261
Mobile WiMAX Network Security 263
Introduction 263
WiMAX Network Architecture 263
Network Access Authentication 265
Authentication Scenarios 266
Subscription Authentication 267
Device Authentication and Subscription Provisioning 268
Key Management for Mobility Support 270
Summary and Outlook 273
References 274
LoPSiL: A Location-Based Policy-Specification Language 275
Introduction 275
LoPSiL 277
Core Linguistic Constructs 277
Example Policies 279
A LoPSiL Compiler 282
Compiler Architecture 282
Experiential Observations 284
Conclusions and Future Work 285
References 286
Impersonation Attacks on a Mobile Security Protocol for End-to-End Communications 288
Introduction 288
The LYH Mobile End-to-End Authentication and Secrecy Protocol 289
Certification Phase 289
Authentication Phase 291
Analyzing the LYH Protocol 292
Forging Certificates for the LYH Protocol 292
An Attack to Impersonate a Mobile User 293
An Attack to Impersonate a Base Station 294
Fixing the LYH Protocol 295
Using the Elgamal Signature Scheme in the LYH Protocol 295
Resistance of Fixed Protocol to the Presented Impersonation Attacks 295
Conclusions 296
References 296
Author Index 298