Autenticazione degli utenti in scenari WLAN-3G: valutazione delle caratteristiche e prestazioni di protocolli ed architetture.

Studio ed analisi dei protocolli di autenticazione per l'interworking delle reti 3G e WLAN. Dopo aver analizzato l'architettura di rete e i protocolli già standardizzati, vengono evidenziate lacune e difetti e i tentativi in letteratura per ovviare a questi inconvenienti. Viene anche proposto un possibile protocollo che supporti la maggior parte delle caratteristiche necessarie per un buon funzionamento

On secure communication in integrated internet and heterogeneous multi-hop wireless networks.

Integration of the Internet with a Cellular Network, WMAN, WLAN, and MANET presents an exceptional promise by having co-existence of conventional WWANs/WMANs/WLANs with wireless ad hoc networks to provide ubiquitous communication. We call such integrated networks providing internet accessibility for mobile users as heterogeneous multi-hop wireless networks where the Internet and wireless infrastructure such as WLAN access points (APs) and base stations (BSs) constitute the backbone for various emerging wireless networks (e.g., multi-hop WLAN and ad hoc networks. Earlier approaches for the Internet connectivity either provide only unidirectional connectivity for ad hoc hosts or cause high overhead as well as delay for providing full bi-directional connections. In this dissertation, a new protocol is proposed for integrated Internet and ad hoc networks for supporting bi-directional global connectivity for ad hoc hosts. In order to provide efficient mobility management for mobile users in an integrated network, a mobility management protocol called multi-hop cellular IP (MCIP) has been proposed to provide a micro-mobility management framework for heterogeneous multi-hop network. The micro-mobility is achieved by differentiating the local domain from the global domain. At the same time, the MCIP protocol extends Mobile IP protocol for providing macro-mobility support between local domains either for single hop MSs or multi-hop MSs. In the MCIP protocol, new location and mobility management approaches are developed for tracking mobile stations, paging, and handoff management. This dissertation also provides a security protocol for integrated Internet and MANET to establish distributed trust relationships amongst mobile infrastructures. This protocol protects communication between two mobile stations against the attacks either from the Internet side or from wireless side. Moreover, a secure macro/micro-mobility protocol (SM3P) have been introduced and evaluated for preventing mobility-related attacks either for single-hop MSs or multi-hop MSs. In the proposed SM3P, mobile IP security has been extended for supporting macro-mobility across local domains through the process of multi-hop registration and authentication. In a local domain, a certificate-based authentication achieves the effective routing and micro-mobility protection from a range of potential security threats

Security Analysis of Mobile Payments: Direct Carrier Billing

Payments are a compensation for a product or a service received. The funds are transferred from one party (consumer) to another (merchant). Mobile payments are a particular form of electronic payment where a mobile device serves as the key instrument to initiate, authorize or complete a payment. The payment methods have been continuously changing to adjust to cashless trends. Seeking to reach a larger number of customers has promoted the development of different solutions to provide means of payment. With an increasing number of mobile subscribers, mobile solutions such as carrier billing, SMS-based payments, and mobile wallets are gaining importance, permeating different markets, such as public transportation, digital content, advertisements and charity. This thesis investigates and analyses mobile payment solutions. The main purpose is, primarily, to identify and describe the security protocols that occur during the payment transaction. Subsequently, to distinguish the mechanisms utilised to identify and authenticate consumers and the mechanisms providing integrity to the payment data. Additionally, to recognize the possible security threats overlooked during the design and deployment of payment solutions. The analysis and tests carried out showed opportunity areas for the service providers to improve the security level of their services. We found vulnerabilities that jeopardise the integrity and authenticity of transactions from the merchant and consumer sides. The major vulnerabilities found lead to conclude that despite the development of protocols and technologies to strengthen security, an appropriate analysis is required to design and develop secure solutions. Neglecting security requirements in exchange for simplicity could come at a high price for the parties involved in mobile payments, specially, in direct carrier billing

Security Threats to 5G Networks for Social Robots in Public Spaces: A Survey

This paper surveys security threats to 5G-enabled wireless access networks for social robots in public spaces (SRPS). The use of social robots (SR) in public areas requires specific Quality of Service (QoS) planning to meet its unique requirements. Its 5G threat landscape entails more than cybersecurity threats that most previous studies focus on. This study examines the 5G wireless RAN for SRPS from three perspectives: SR and wireless access points, the ad hoc network link between SR and user devices, and threats to SR and users’ communication equipment. The paper analyses the security threats to confidentiality, integrity, availability, authentication, authorisation, and privacy from the SRPS security objectives perspective. We begin with an overview of SRPS use cases and access network requirements, followed by 5G security standards, requirements, and the need for a more representative threat landscape for SRPS. The findings confirm that the RAN of SRPS is most vulnerable to physical, side-channel, intrusion, injection, manipulation, and natural and malicious threats. The paper presents existing mitigation to the identified attacks and recommends including physical level security (PLS) and post-quantum cryptography in the early design of SRPS. The insights from this survey will provide valuable risk assessment and management input to researchers, industrial practitioners, policymakers, and other stakeholders of SRPS.publishedVersio

A framework for secure mobile computing in healthcare

Mobile computing is rapidly becoming part of healthcare’s electronic landscape, helping to provide better quality of care and reduced cost. While the technology provides numerous advantages to the healthcare industry, it is not without risk. The size and portable nature of mobile computing devices present a highly vulnerable environment, which threaten the privacy and security of health information. Since these devices continually access possibly sensitive healthcare information, it is imperative that these devices are considered for security in order to meet regulatory compliance. In fact, the increase in government and industry regulation to ensure the privacy and security of health information, makes mobile security no longer just desirable, but mandatory. In addition, as healthcare becomes more aware of the need to reinforce patient confidence to gain competitive advantage, it makes mobile security desirable. Several guidelines regarding security best practices exist. Healthcare institutions are thus faced with matching the guidelines offered by best practices, with the legal and regulatory requirements. While this is a valuable question in general, this research focuses on the aspect of considering this question when considering the introduction of mobile computing into the healthcare environment. As a result, this research proposes a framework that will aid IT administrators in healthcare to ensure that privacy and security of health information is extended to mobile devices. The research uses a comparison between the best practices in ISO 17799:2005 and the regulatory requirements stipulated in HIPAA to provide a baseline for the mobile computing security model. The comparison ensures that the model meets healthcare specific industry requirement and international information security standard. In addition, the framework engages the Information Security Management System (ISMS) model based on the ISO 27000 standard. The framework, furthermore, points to existing technical security measurers associated with mobile computing. It is believed that the framework can assist in achieving mobile computing security that is compliant with the requirements in the healthcare industry

A framework for secure mobile computing in healthcare

Mobile computing is rapidly becoming part of healthcare’s electronic landscape, helping to provide better quality of care and reduced cost. While the technology provides numerous advantages to the healthcare industry, it is not without risk. The size and portable nature of mobile computing devices present a highly vulnerable environment, which threaten the privacy and security of health information. Since these devices continually access possibly sensitive healthcare information, it is imperative that these devices are considered for security in order to meet regulatory compliance. In fact, the increase in government and industry regulation to ensure the privacy and security of health information, makes mobile security no longer just desirable, but mandatory. In addition, as healthcare becomes more aware of the need to reinforce patient confidence to gain competitive advantage, it makes mobile security desirable. Several guidelines regarding security best practices exist. Healthcare institutions are thus faced with matching the guidelines offered by best practices, with the legal and regulatory requirements. While this is a valuable question in general, this research focuses on the aspect of considering this question when considering the introduction of mobile computing into the healthcare environment. As a result, this research proposes a framework that will aid IT administrators in healthcare to ensure that privacy and security of health information is extended to mobile devices. The research uses a comparison between the best practices in ISO 17799:2005 and the regulatory requirements stipulated in HIPAA to provide a baseline for the mobile computing security model. The comparison ensures that the model meets healthcare specific industry requirement and international information security standard. In addition, the framework engages the Information Security Management System (ISMS) model based on the ISO 27000 standard. The framework, furthermore, points to existing technical security measurers associated with mobile computing. It is believed that the framework can assist in achieving mobile computing security that is compliant with the requirements in the healthcare industry

A Survey on Security and Privacy of 5G Technologies: Potential Solutions, Recent Advancements, and Future Directions

Security has become the primary concern in many telecommunications industries today as risks can have high consequences. Especially, as the core and enable technologies will be associated with 5G network, the confidential information will move at all layers in future wireless systems. Several incidents revealed that the hazard encountered by an infected wireless network, not only affects the security and privacy concerns, but also impedes the complex dynamics of the communications ecosystem. Consequently, the complexity and strength of security attacks have increased in the recent past making the detection or prevention of sabotage a global challenge. From the security and privacy perspectives, this paper presents a comprehensive detail on the core and enabling technologies, which are used to build the 5G security model; network softwarization security, PHY (Physical) layer security and 5G privacy concerns, among others. Additionally, the paper includes discussion on security monitoring and management of 5G networks. This paper also evaluates the related security measures and standards of core 5G technologies by resorting to different standardization bodies and provide a brief overview of 5G standardization security forces. Furthermore, the key projects of international significance, in line with the security concerns of 5G and beyond are also presented. Finally, a future directions and open challenges section has included to encourage future research.European CommissionNational Research Tomsk Polytechnic UniversityUpdate citation details during checkdate report - A