End-to-end security for mobile devices

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2004Includes bibliographical references (leaves: 120)Text in English; Abstract: Turkish and Englishix, 133 leavesEnd-to-end security has been an emerging need for mobile devices with the widespread use of personal digital assistants and mobile phones. Transport Layer Security Protocol (TLS) is an end-to-end security protocol that is commonly used in Internet, together with its predecessor, SSL protocol. By using TLS protocol in mobile world, the advantage of the proven security model of this protocol can be taken.J2ME (Java 2 Micro Edition) has been the de facto application platform used in mobile devices. This thesis aims to provide an end-to-end security protocol implementation based on TLS 1.0 specification and that can run on J2ME MIDP (Mobile Information Device Profile) environment. Because of the resource intensive public-key operations used in TLS, this protocol needs high resources and has low performance. Another motivation for the thesis is to adapt the protocol for mobile environment and to show that it is possible to use the protocol implementation in both client and server modes. An alternative serialization mechanism is used instead of the standard Java object serialization that is lacking in MIDP. In this architecture, XML is used to transmit object data.The mobile end-to-end security protocol has the main design issues of maintainability and extensibility. Cryptographic operations are performed with a free library, Bouncy Castle Cryptography Package. The object-oriented architecture of the protocol implementation makes the replacement of this library with another cryptography package easier.Mobile end-to-end security protocol is tested with a mobile hospital reservation system application. Test cases are prepared to measure the performance of the protocol implementation with different cipher suites and platforms. Measured values of all handshake operation and defined time spans are given in tables and compared with graphs

M-Learning Using Mobile Learning Engine

The objective of M-Learning is to integrate the technology combined with the education in order to enhance the effectiveness of student's traditional learning process. In order to explore the use of mobile and handheld IT devices as a learning tool, many factors need to be considered such as its constraint and limitations. Therefore, intensive researches need to be done. The main purpose of M-Learning is to create flexible learning environment for students where the implementation of just-in-time learning is applied. Besides, it creates new approach of learning style. The most challenging part in implementing MLearning is in delivering the content as how users will view the materials in mobile devices instead of the usual large screen desktops. Apart from that, the technology of M-Learning is still new in Malaysia, therefore, a lot of risk and challenges involved in this project. Meanwhile, the target user is students. In this project the methodology used follows four processes which are planning, analysis, design and implementation. Efficiency and flexibly together with ease ofuse become the essential elements inconstructing the final system

M-Learning Using Mobile Learning Engine

The objective of M-Learning is to integrate the technology combined with the education in order to enhance the effectiveness of student's traditional learning process. In order to explore the use of mobile and handheld IT devices as a learning tool, many factors need to be considered such as its constraint and limitations. Therefore, intensive researches need to be done. The main purpose of M-Learning is to create flexible learning environment for students where the implementation of just-in-time learning is applied. Besides, it creates new approach of learning style. The most challenging part in implementing MLearning is in delivering the content as how users will view the materials in mobile devices instead of the usual large screen desktops. Apart from that, the technology of M-Learning is still new in Malaysia, therefore, a lot of risk and challenges involved in this project. Meanwhile, the target user is students. In this project the methodology used follows four processes which are planning, analysis, design and implementation. Efficiency and flexibly together with ease ofuse become the essential elements inconstructing the final system

Acceleration and semantic foundations of embedded Java platforms

Tableau d'honneur de la Faculté des études supérieures et postdoctorales, 2006-200

DEVELOPMENT AND USABILITY EVALUATION OF PLATFORM INDEPENDENT MOBILE LEARNING APPLICATION (M-LA)

In today’s digital age, wireless technology and widespread use of handheld devices are going under a continuous advancement to provide information anywhere and at anytime. Furthermore, these technologies are being utilized in the field of education and called mobile learning (M-Learning). Hence, M-learning means using of mobile devices and wireless computing as a learning instrument and communication technology respectively. The limitations of M-learning include either hardware or software of mobile devices, content creation, and no standards for mobile learning system (M-LS), wireless technology, and security. The main objectives of this research are to study and design model for M-learning approach; to develop platform independent M-learning application (M-LA) for Fundamentals of Programming course; to design M-LS platform classification, and to evaluate the effectiveness and usability of the application. In addition, under the development of this application the following aspects are considered: learning theories, M-learning development principles, and some of the aforementioned M-learning limitations. To achieve the above mentioned objectives, ADDIE (Analysis, Design, Development, Implementation, and Evaluation) life cycle is adapted which is one type of instructional design model (IDM). The application has been developed using Java 2 Micro Edition (J2ME), and Extensible Markup Language (XML). It contains several sections, but the main modules are Lecture Materials, and Quiz. Quasi Experiment Design and usability attributes was used to evaluate the effectiveness and usability of the application respectively using Universiti Teknologi PETRONAS foundation students. Finally, the data was analyzed using quantitative and qualitative method. The quantitative data was analyzed using coefficient variance and independent t-Test, and Cronbach alpha used to measure the internal reliability of the data. Overall results show that M-LA is efficient to improve learners’ performance, makes learning enjoyable, support continuous learning and learning time is reduced, and fulfilled the usability needs

A new architecture for secure two-party mobile payment transactions

xi, 229 leaves : ill. ; 29 cmThe evolution of wireless networks and mobile device technologies has increased concerns about performance and security of mobile systems. We propose a new secured applicationlevel architecture for a two-party mobile payment transaction that is carried out between a resource-limited mobile device and a resource-rich computer server over wireless networks. As an example of such transactions, the mobile banking transaction is focused on throughout this thesis. The proposed architecture, namely SA2pMP, employs a lightweight cryptography scheme (combining both a Public-key cryptography algorithm (ECDSA) and a Symmetric-key cryptography algorithm (AES)), a multi-factor authentication mechanism, and a transaction log strategy. The proposed architecture is designed to satisfy the four properties of confidentiality, authentication, integrity and non-repudiation that are required by any secure system. The architecture can be implemented on a Java ME enabled mobile device. The security API library can be reused in implementing other two-party mobile applications. The present study shows that SA2pMP is a unique lightweight security architecture providing comprehensive security for two-party mobile payment transactions. In addition, simulations demonstrate that SA2pMP can be installed in resource-limited mobile devices as a downloadable software application. The main contribution of the thesis is to suggest a design for a security architecture for two-party mobile payment transactions, for example, mobile banking. It suggests a four-layer model of mobile payment participants, based on Karnouskos (2004). This model clarifies how participants are involved in a mobile payment transaction. In addition, an improved model is suggested to guide security aspects of system design, which is based on an Onion Layer Framework (Wei, C.Liu, & Koong, 2006)

Plug-and-Participate for Limited Devices in the Field of Industrial Automation

Ausgangspunkt und gleichzeitig Motivation dieser Arbeit ist die heutige Marktsituation: Starke Kundenbedürfnisse nach individuellen Gütern stehen oftmals eher auf Massenproduktion ausgerichteten Planungs- und Automatisierungssystemen gegenüber - die Befriedigung individueller Kundenbedürfnisse setzt aber Flexibilität und Anpassungsfähigkeit voraus. Ziel dieser Arbeit ist es daher, einen Beitrag zu leisten, der es Unternehmen ermöglichen soll, auf diese individuellen Bedürfnisse flexibel reagieren zu können. Hierbei kann es im Rahmen der Dissertation natürlich nicht um eine Revolutionierung der gesamten Automatisierungs- und Planungslandschaft gehen; vielmehr ist die Lösung, die der Autor der Arbeit präsentiert, ein integraler Bestandteil eines Automatisierungskonzeptes, das im Rahmen des PABADIS Projektes entwickelt wurde: Während PABADIS das gesamte Spektrum von Planung und Maschineninfrastruktur zum Inhalt hat, bezieht sich der Kern dieser Arbeit weitestgehend auf den letztgenannten Punkt - Maschineninfrastruktur. Ziel war es, generische Maschinenfunktionalität in einem Netzwerk anzubieten, durch das Fertigungsaufträge selbstständig navigieren. Als Lösung präsentiert diese Dissertation ein Plug-and-Participate basiertes Konzept, welches beliebige Automatisierungsfunktionen in einer spontanen Gemeinschaft bereitstellt. Basis ist ein generisches Interface, in dem die generellen Anforderungen solcher ad-hoc Infrastrukturen aggregiert sind. Die Implementierung dieses Interfaces in der PABADIS Referenzimplementierung sowie die Gegenüberstellung der Systemanforderungen und Systemvoraussetzungen zeigte, das klassische Plug-and-Participate Technologien wie Jini und UPnP aufgrund ihrer Anforderungen nicht geeignet sind - Automatisierungsgeräte stellen oftmals nur eingeschränkte Ressourcen bereit. Daher wurde als zweites Ergebnis neben dem Plug-and-Participate basierten Automatisierungskonzept eine Plug-and-Participate Technologie entwickelt - Pini - die den Gegebenheiten der Automatisierungswelt gerecht wird und schließlich eine Anwendung von PABADIS auf heutigen Automatisierungsanlagen erlaubt. Grundlegende Konzepte von Pini, die dies ermöglichen, sind die gesamte Grundarchitektur auf Basis eines verteilten Lookup Service, die Art und Weise der Dienstrepräsentation sowie die effiziente Nutzung der angebotenen Dienste. Mit Pini und darauf aufbauenden Konzepten wie PLAP ist es nun insbesondere möglich, Automatisierungssysteme wie PABADIS auf heutigen Anlagen zu realisieren. Das wiederum ist ein Schritt in Richtung Kundenorientierung - solche Systeme sind mit Hinblick auf Flexibilität und Anpassungsfähigkeit gestaltet worden, um Kundenbedürfnissen effizient gerecht zu werden

MobiHealth: Ambulant Patient Monitoring Over Next Generation Public Wireless Networks

The wide availability of high bandwidth public wireless networks as well as the miniaturisation of medical sensors and network access hardware allows the development of advanced ambulant patient monitoring systems. The MobiHealth project developed a complete system and service that allows the continuous monitoring of vital signals and their transmission to the health care institutes in real time using GPRS and UMTS networks. The MobiHealth system is based on the concept of a Body Area Network (BAN) allowing high personalization of the monitored signals and thus adaptation to different classes of patients. The system and service has been trialed in four European countries and for different patient cases. First results confirm the usefulness of the system and the advantages it offers to patients and medical personnel