8,104 research outputs found
Secure Authentication Protocols for Mobile Commerce Transactions
[[abstract]]Several years ago, handheld devices were regarded luxuries. But they are almost
taking the place of the traditional phones. It is because of the speedy development of
mobile and wireless communication technologies. Nowadays, the mobile station plays an
important role in most people?s daily life. Furthermore, the explosion of the Internet has
led to an electronic commerce environment such that people can conduct most transactions
electronically. To improve the convenience and portability of electronic commerce,
the mobile commerce system is proposed. In 2003, Lam et al. proposed a lightweight security
mechanism for mobile commerce. Unfortunately, we find that there exists a security
weakness in their method. Hence, we provide improvements on their proposed authentication
protocol to make it secure. Besides, we propose a new authentication protocol for
the mobile commerce transactions without adopting the public key cryptosystem
Semi-Trusted Mixer Based Privacy Preserving Distributed Data Mining for Resource Constrained Devices
In this paper a homomorphic privacy preserving association rule mining
algorithm is proposed which can be deployed in resource constrained devices
(RCD). Privacy preserved exchange of counts of itemsets among distributed
mining sites is a vital part in association rule mining process. Existing
cryptography based privacy preserving solutions consume lot of computation due
to complex mathematical equations involved. Therefore less computation involved
privacy solutions are extremely necessary to deploy mining applications in RCD.
In this algorithm, a semi-trusted mixer is used to unify the counts of itemsets
encrypted by all mining sites without revealing individual values. The proposed
algorithm is built on with a well known communication efficient association
rule mining algorithm named count distribution (CD). Security proofs along with
performance analysis and comparison show the well acceptability and
effectiveness of the proposed algorithm. Efficient and straightforward privacy
model and satisfactory performance of the protocol promote itself among one of
the initiatives in deploying data mining application in RCD.Comment: IEEE Publication format, International Journal of Computer Science
and Information Security, IJCSIS, Vol. 8 No. 1, April 2010, USA. ISSN 1947
5500, http://sites.google.com/site/ijcsis
Recommended from our members
Towards NFC payments using a lightweight architecture for the Web of Things
The Web (and Internet) of Things has seen the rapid emergence of new protocols and standards, which provide for innovative models of interaction for applications. One such model fostered by the Web of Things (WoT) ecosystem is that of contactless interaction between devices. Near Field Communication (NFC) technology is one such enabler of contactless interactions. Contactless technology for the WoT requires all parties to agree one common definition and implementation and, in this paper, we propose a new lightweight architecture for the WoT, based on RESTful approaches. We show how the proposed architecture supports the concept of a mobile wallet, enabling users to make secure payments employing NFC technology with their mobile devices. In so doing, we argue that the vision of the WoT is brought a step closer to fruition
A Secure Mobile-based Authentication System
Financial information is extremely sensitive. Hence, electronic banking must provide a robust system to authenticate its customers and let them access their data remotely. On the other hand, such system must be usable, affordable, and portable.We propose a challengeresponse based one-time password (OTP) scheme that uses symmetric
cryptography in combination with a hardware security module. The proposed protocol safeguards passwords from keyloggers and phishing attacks.
Besides, this solution provides convenient mobility for users who want to bank online anytime and anywhere, not just from their own
trusted computers.La informació financera és extremadament sensible. Per tant, la banca electrònica ha de proporcionar un sistema robust per autenticar als seus clients i fer-los accedir a les dades de forma remota. D'altra banda, aquest sistema ha de ser usable, accessible, i portàtil. Es proposa una resposta al desafiament basat en una contrasenya única (OTP), esquema que utilitza la criptografia simètrica en combinació amb un mòdul de maquinari de seguretat. Amés, aquesta solució ofereix mobilitat convenient per als usuaris que volen bancària en línia en qualsevol moment i en qualsevol lloc, no només des dels seus propis equips de confiança.La información financiera es extremadamente sensible. Por lo tanto, la banca electrónica debe proporcionar un sistema robusto para autenticar a sus clientes y hacerles acceder a sus datos de forma remota. Por otra parte, dicho sistema debe ser usable, accesible, y portátil. Se propone una respuesta al desafío basado en una contraseña única (OTP), esquema que utiliza la criptografía simétrica en combinación con un módulo hardware de seguridad hardware. Además, esta solución ofrece una movilidad conveniente para los usuarios que quieren la entidad bancaria en línea en cualquier momento y en cualquier lugar, no sólo des de sus propios equipos de confianza
Recommended from our members
Integrity protection for code-on-demand mobile agents in e-commerce
The mobile agent paradigm has been proposed as a promising solution to facilitate distributed computing over open and heterogeneous networks. Mobility, autonomy, and intelligence are identified as key features of mobile agent systems and enabling characteristics for the next-generation smart electronic commerce on the Internet. However, security-related issues, especially integrity protection in mobile agent technology, still hinder the widespread use of software agents: from the agent’s perspective, mobile agent integrity should be protected against attacks from malicious hosts and other agents. In this paper, we present Code-on-Demand(CoD) mobile agents and a corresponding agent integrity protection scheme. Compared to the traditional assumption that mobile agents consist of invariant code parts, we propose the use of dynamically upgradeable agent code, in which new agent function modules can be added and redundant ones can be deleted at runtime. This approach will reduce the weight of agent programs, equip mobile agents with more flexibility, enhance code privacy and help the recoverability of agents after attack. In order to meet the security challenges for agent integrity protection, we propose agent code change authorization protocols and a double integrity verification scheme. Finally, we discuss the Java implementation of CoD mobile agents and integrity protection
- …