RSA algorithm performance in short messaging system exchange environment

Short Message Service (SMS) is a widely service for brief communication.With the rise of mobile usage it has become a popular tool for transmitting sensitive information. This sensitive information should be totally secure and reliable to exchange.This urgent need for secure SMS, led to drive for RSA implementation, which is considered one of the strongest algorithms in security since we are going to bring big security into small device.Our main goal in this project is to design an experimental test bed application in order to use this application in evaluating the performance of RSA. This report explains and documents the process of implementing an RSA in Experimental SMS Exchange Environment using J2ME language which is available in several mobile devices on the market today

A formal specification of the MIDP 2.0 security model

This paper overviews a formal specification, using the Calculus of Inductive Constructions, of the application security model defined by the Mobile Information Device Profile 2.0 for Java 2 Micro Edition. We present an abstract model of the state of the device and security-related events that allows to reason about the security properties of theplatform where the model is deployed. We then state and sketch the proof of some desirable properties of this model

Authenticated and Secure End-To-End Communication Channel Using SMS Messages

ABSTRACT One of the key issues of modern cryptography is the problem of establishing a secure end-to-end communication over an insecure communication channel. Short Message Service (SMS) is a hugely popular and easily adopted communications technology for mobile devices. Users conduct business, disclose passwords and receive sensitive notification reports from systems using this communication technology. SMSs by default are sent in clear text form within the serving GSM (Global System for Mobile communications) network, Over The Air (OTA), and potentially over the public Internet in a predictable format. This allows anyone accessing the GSM system to read, and or modify the SMS content even on the fly. In this paper, we present an approach mainly consists of two steps, first, SHA-1 authentication is used to generate a message digest that is combined with previous message digest and a shared secret key to form an initial key stream. Secondly, this key 2 will be used as input to a mathematical equation derived in prefix notation from randomly selected set of operators and functions supported by the software platform extracted from special table. The final key stream is the output of this equation which is a one time pad to encrypt the original message text. Lastly, encrypted SMS message will be sent and a randomized operation will be then applied to that table. A one-time pad, considered to be the only perfectly secure cryptosystem, secures an SMS message for transport over any medium between a mobile device and the serving GSM network and through it too

Formal analysis of security models for mobile devices, virtualization platforms and domain name systems

En esta tesis investigamos la seguridad de aplicaciones de seguridad criticas, es decir aplicaciones en las cuales una falla podria producir consecuencias inaceptables. Consideramos tres areas: dispositivos moviles, plataformas de virtualizacion y sistemas de nombres de dominio. La plataforma Java Micro Edition define el Perfil para Dispositivos de Informacion Moviles (MIDP) para facilitar el desarrollo de aplicaciones para dispositivos moviles, como telefonos celulares y asistentes digitales personales. En este trabajo primero estudiamos y comparamos formalmente diversas variantes del modelo de seguridad especificado por MIDP para acceder a recursos sensibles de un dispositivo movil. Los hipervisores permiten que multiples sistemas operativos se ejecuten en un hardware compartido y ofrecen un medio para establecer mejoras de seguridad y flexibilidad de sistemas de software. En esta tesis formalizamos un modelo de hipervisor y establecemos (formalmente) que el hipervisor asegura propiedades de aislamiento entre los diferentes sistemas operativos de la plataforma, y que las solicitudes de estos sistemas son atendidas siempre. Demostramos tambien que las plataformas virtualizadas son transparentes, es decir, que un sistema operativo no puede distinguir si ejecuta solo en la plataforma o si lo hace junto con otros sistemas operativos. Las Extensiones de Seguridad para el Sistema de Nombres de Dominio (DNSSEC) constituyen un conjunto de especificaciones que proporcionan servicios de aseguramiento de autenticacion e integridad de origen de datos DNS. Finalmente, presentamos una especificaci´on minimalista de un modelo de DNSSEC que proporciona los fundamentos necesarios para formalmente establecer y verificar propiedades de seguridad relacionadas con la cadena de confianza del arbol de DNSSEC. Desarrollamos todas nuestras formalizaciones en el C´alculo de Construccion

On the Security of Software Systems and Services

This work investigates new methods for facing the security issues and threats arising from the composition of software. This task has been carried out through the formal modelling of both the software composition scenarios and the security properties, i.e., policies, to be guaranteed. Our research moves across three different modalities of software composition which are of main interest for some of the most sensitive aspects of the modern information society. They are mobile applications, trust-based composition and service orchestration. Mobile applications are programs designed for being deployable on remote platforms. Basically, they are the main channel for the distribution and commercialisation of software for mobile devices, e.g., smart phones and tablets. Here we study the security threats that affect the application providers and the hosting platforms. In particular, we present a programming framework for the development of applications with a static and dynamic security support. Also, we implemented an enforcement mechanism for applying fine-grained security controls on the execution of possibly malicious applications. In addition to security, trust represents a pragmatic and intuitive way for managing the interactions among systems. Currently, trust is one of the main factors that human beings keep into account when deciding whether to accept a transaction or not. In our work we investigate the possibility of defining a fully integrated environment for security policies and trust including a runtime monitor. Finally, Service-Oriented Computing (SOC) is the leading technology for business applications distributed over a network. The security issues related to the service networks are many and multi-faceted. We mainly deal with the static verification of secure composition plans of web services. Moreover, we introduce the synthesis of dynamic security checks for protecting the services against illegal invocations

The usability of knowledge based authentication methods on mobile devices

Mobile devices are providing ever increasing functionality to users, and the risks associated with applications storing personal details are high. Graphical authentication methods have been shown to provide better security in terms of password space than traditional approaches, as well as being more memorable. The usability of any system is important since an unusable system will often be avoided. This thesis aims to investigate graphical authentication methods based on recall, cued recall and recognition memory in terms of their usability and security

MIDP 2.0 Security Enhancements

for resource-constrained environments. There are already millions of J2ME enabled mobile devices that support the first version of the Mobile Information Device Profile (MIDP) in J2ME. Many security threats exist in MIDP 1.0 environment since the specification addresses only a limited number of security issues. It is supposed that the next version of the MIDP will have more secure environment for mobile business and personal applications and solve the important security problems in MIDP 1.0. In this paper, we give short introduction to the J2ME and MIDP environment. Based on existing literature, we explain the threats and security needs in mobile environment for MIDP 1.0 applications. We cover the new security mechanisms and features in MIDP 2.0 and analyze against presented threats, how these address the existing security problems in MIDP 1.0. In this paper we conclude that MIDP 2.0 improves several different issues in MIDP security. Especially the secure network protocols and signed applications are major improvements. We also conclude that there still exist problems in MIDP 2.0 security, mainly related to the PKI that is part of trusted applications and new secure protocols