End-to-end security for mobile devices

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2004Includes bibliographical references (leaves: 120)Text in English; Abstract: Turkish and Englishix, 133 leavesEnd-to-end security has been an emerging need for mobile devices with the widespread use of personal digital assistants and mobile phones. Transport Layer Security Protocol (TLS) is an end-to-end security protocol that is commonly used in Internet, together with its predecessor, SSL protocol. By using TLS protocol in mobile world, the advantage of the proven security model of this protocol can be taken.J2ME (Java 2 Micro Edition) has been the de facto application platform used in mobile devices. This thesis aims to provide an end-to-end security protocol implementation based on TLS 1.0 specification and that can run on J2ME MIDP (Mobile Information Device Profile) environment. Because of the resource intensive public-key operations used in TLS, this protocol needs high resources and has low performance. Another motivation for the thesis is to adapt the protocol for mobile environment and to show that it is possible to use the protocol implementation in both client and server modes. An alternative serialization mechanism is used instead of the standard Java object serialization that is lacking in MIDP. In this architecture, XML is used to transmit object data.The mobile end-to-end security protocol has the main design issues of maintainability and extensibility. Cryptographic operations are performed with a free library, Bouncy Castle Cryptography Package. The object-oriented architecture of the protocol implementation makes the replacement of this library with another cryptography package easier.Mobile end-to-end security protocol is tested with a mobile hospital reservation system application. Test cases are prepared to measure the performance of the protocol implementation with different cipher suites and platforms. Measured values of all handshake operation and defined time spans are given in tables and compared with graphs

LPKI - A Lightweight Public Key Infrastructure for the Mobile Environments

The non-repudiation as an essential requirement of many applications can be provided by the asymmetric key model. With the evolution of new applications such as mobile commerce, it is essential to provide secure and efficient solutions for the mobile environments. The traditional public key cryptography involves huge computational costs and is not so suitable for the resource-constrained platforms. The elliptic curve-based approaches as the newer solutions require certain considerations that are not taken into account in the traditional public key infrastructures. The main contribution of this paper is to introduce a Lightweight Public Key Infrastructure (LPKI) for the constrained platforms such as mobile phones. It takes advantages of elliptic curve cryptography and signcryption to decrease the computational costs and communication overheads, and adapting to the constraints. All the computational costs of required validations can be eliminated from end-entities by introduction of a validation authority to the introduced infrastructure and delegating validations to such a component. LPKI is so suitable for mobile environments and for applications such as mobile commerce where the security is the great concern.Comment: 6 Pages, 6 Figure

Efficient encryption on limited devices

Encryption algorithms have been used since the dawn of time to ensure secure communication over insecure communication channels. Once a secret encryption key is established and as long as the key remains secret, two parties can communicate freely over open channels. The question of how to obtain such a secret key is a large dilemma. Many methods of obtaining such keys have been tried from the most basic form of a one-on-one encounter to more advanced techniques like Diffie-Hellman. This paper compares three versions of the Diffie-Hellman key exchange protocol -- using arithmetic in the field of integers modulo a prime, arithmetic in an Elliptic Curve field (ECC), and arithmetic in the Extended Compact Subgroup Trace Representation (XTR), respectively -- to determine which would be the most appropriate, in terms of computational efficiency, for a small personal computing device

A new architecture for secure two-party mobile payment transactions

xi, 229 leaves : ill. ; 29 cmThe evolution of wireless networks and mobile device technologies has increased concerns about performance and security of mobile systems. We propose a new secured applicationlevel architecture for a two-party mobile payment transaction that is carried out between a resource-limited mobile device and a resource-rich computer server over wireless networks. As an example of such transactions, the mobile banking transaction is focused on throughout this thesis. The proposed architecture, namely SA2pMP, employs a lightweight cryptography scheme (combining both a Public-key cryptography algorithm (ECDSA) and a Symmetric-key cryptography algorithm (AES)), a multi-factor authentication mechanism, and a transaction log strategy. The proposed architecture is designed to satisfy the four properties of confidentiality, authentication, integrity and non-repudiation that are required by any secure system. The architecture can be implemented on a Java ME enabled mobile device. The security API library can be reused in implementing other two-party mobile applications. The present study shows that SA2pMP is a unique lightweight security architecture providing comprehensive security for two-party mobile payment transactions. In addition, simulations demonstrate that SA2pMP can be installed in resource-limited mobile devices as a downloadable software application. The main contribution of the thesis is to suggest a design for a security architecture for two-party mobile payment transactions, for example, mobile banking. It suggests a four-layer model of mobile payment participants, based on Karnouskos (2004). This model clarifies how participants are involved in a mobile payment transaction. In addition, an improved model is suggested to guide security aspects of system design, which is based on an Onion Layer Framework (Wei, C.Liu, & Koong, 2006)

Efficient Queue And Gsi Security Management Framework For Mobile Desktop Grid

Kemajuan dan perkembangan yang amat besar dalam teknologi barangan pegang-tangan telah membuatkan pihak pengkaji berfikir akan cara untuk menggunakan kuasa alat-alat mobil dalam bidang arkitek yang begitu luas berhubungan dengan Penggunaan Komputer Bergrid. Peralatan mobil mempunyai sumber komputer dan kuasa operasi yang terhad, isu-isu lain yang terbatas dalam persumberan komputer adalah seperti jaringan terselindung, ketidaksinambungan jaringan yang kerap berlaku, penggunaan tenaga bateri, sekuriti dan kualiti servis dan lain-lain. Salah satu kajian pendekatan untuk membangkitkan isu ini ialah bidang arkitek proksi grid yang mobil dimana, alat-alat mobil berkomunikasi dengan alat servis proksi grid yang menghantarkan permintaan ke grid komputer bagi pihak alat mobil itu, dengan itu ia memperolehi kebanyakan daripada kegunaan grid komputer. Tremendous advancement and growth in the hand-held technology make the researchers think to utilize the power of mobile devices into the vast architecture of the Grid Computing hence lead to the new paradigm of mobile grid computing. Mobile devices are resource limited and have many issues such as computational resources limitations, network latency, frequent network disconnection, battery power consumption, security etc. To address these issues, researchers proposed mobile proxy grid architecture in which mobile devices communicated with grid proxy server which sends the request to the computational grid on behalf of the mobile device hence gets the most of the functionality of the grid computing

Implementations of Wireless and Wired Intelligent Systems for Healthcare with Focus on Diabetes and Ultrasound Applications

The research and implementations presented in this thesis focuses mainly on healthcare applications utilizing the wireless and wired communication and “Micro-Electro-Mechanical Systems” (MEMS) technologies, and secondly on security aspects. Chapters four and five presents new work in intelligent diabetes remote monitoring front-end system and into the corresponding new ultrasound simulator training systems. The motivation from the University of Sheffield of Electronic and Electrical Engineering Department and Sheffield Children Hospital with the partial grant scholarship from “Engineering and Physical Sciences Research Council” (EPSRC) for involvement in one “Collaborations for Leadership in Applied Health Research and Care” (CLAHRC) projects, was to improve the existing WithCare+ system and also the development of multiple new front-end solutions for it. My motivation to create solutions which will improve the life of patients who suffer from chronic disease such as type-1 diabetes, and also to provide new methods in management of that illness by clinicians and possible resulting annual government money saving, drives me to the successful result. From the other side, the motivation from the department of Neonatal in Sheffield Royal Hallamshire Hospital and the University of Sheffield of Electronic and Electrical Engineering Department drives me to the creation of a new, very low cost ultrasound simulation training system, using new components such as MEMS sensors. The hardware design and embedded source code was created in order to provide a ready library, for use by other projects, where 3D space orientation is required through exploitation of MEMS sensors and intelligent fusion filter algorithm. The third contribution affects the cryptographic aspects. The new implementation of fast and very efficient portable C code algorithm for t-adic NAF Key generation in ECC cryptographic principle for utilization of it with Koblitz curves presented in Appendix I

A framework for cryptography algorithms on mobile devices

Mobile communication devices have become a popular tool for gathering and disseminating information and data. With the evidence of the growth of wireless technology and a need for more flexible, customizable and better-optimised security schemes, it is evident that connection-based security such as HTTPS may not be sufficient. In order to provide sufficient security at the application layer, developers need access to a cryptography package. Such packages are available as third party mobile cryptographic toolkits or are supported natively on the mobile device. Typically mobile cryptographic packages have reduced their number of API methods to keep the package lightweight in size, but consequently making it quite complex to use. As a result developers could easily misuse a method which can weaken the entire security of a system without knowing it. Aside from the complexities in the API, mobile cryptography packages often do not apply sound cryptography within the implementation of the algorithms thus causing vulnerabilities in its utilization and initialization. Although FIPS 140-2 and CAPI suggest guidelines on how cryptographic algorithms should be implemented, they do not define the guidelines for implementing and using cryptography in a mobile environment. In our study, we do not define new cryptographic algorithms, instead, we investigate how sound cryptography can be applied practically in a mobile application environment and developed a framework called Linca (which stands for Logical Integration of Cryptographic Architectures) that can be used as a mobile cryptographic package to demonstrate our findings. The benefit that Linca has is that it hides the complexity of making incorrect cryptographic algorithm decisions, cryptographic algorithm initialization and utilization and key management, while maintaining a small size. Linca also applies sound cryptographic fundamentals internally within the framework, which radiates these benefits outwards at the API. Because Linca is a framework, certain architecture and design patterns are applied internally so that the cryptographic mechanisms and algorithms can be easily maintained. Linca showed better results when evaluated against two mobile cryptography API packages namely Bouncy Castle API and Secure and Trust Service API in terms of security and design. We demonstrate the applicability of Linca on using two realistic examples that cover securing network channels and on-device data.Dissertation (MSc (Computer Science))--University of Pretoria, 2007.Computer ScienceMScunrestricte

Designing an architecture for secure sharing of personal health records : a case of developing countries

Includes bibliographical references.While there has been an increase in the design and development of Personal Health Record (PHR) systems in the developed world, little has been done to explore the utility of these systems in the developing world. Despite the usual problems of poor infrastructure, PHR systems designed for the developing world need to conform to users with different models of security and literacy than those designed for developed world. This study investigated a PHR system distributed across mobile devices with a security model and an interface that supports the usage and concerns of low literacy users in developing countries. The main question addressed in this study is: “Can personal health records be stored securely and usefully on mobile phones?” In this study, mobile phones were integrated into the PHR architecture that we/I designed because the literature reveals that the majority of the population in developing countries possess mobile phones. Additionally, mobile phones are very flexible and cost efficient devices that offer adequate storage and computing capabilities to users for typically communication operations. However, it is also worth noting that, mobile phones generally do not provide sufficient security mechanisms to protect the user data from unauthorized access