Security and Privacy in Mobile Computing: Challenges and Solutions

abstract: Mobile devices are penetrating everyday life. According to a recent Cisco report [10], the number of mobile connected devices such as smartphones, tablets, laptops, eReaders, and Machine-to-Machine (M2M) modules will hit 11.6 billion by 2021, exceeding the world's projected population at that time (7.8 billion). The rapid development of mobile devices has brought a number of emerging security and privacy issues in mobile computing. This dissertation aims to address a number of challenging security and privacy issues in mobile computing. This dissertation makes fivefold contributions. The first and second parts study the security and privacy issues in Device-to-Device communications. Specifically, the first part develops a novel scheme to enable a new way of trust relationship called spatiotemporal matching in a privacy-preserving and efficient fashion. To enhance the secure communication among mobile users, the second part proposes a game-theoretical framework to stimulate the cooperative shared secret key generation among mobile users. The third and fourth parts investigate the security and privacy issues in mobile crowdsourcing. In particular, the third part presents a secure and privacy-preserving mobile crowdsourcing system which strikes a good balance among object security, user privacy, and system efficiency. The fourth part demonstrates a differentially private distributed stream monitoring system via mobile crowdsourcing. Finally, the fifth part proposes VISIBLE, a novel video-assisted keystroke inference framework that allows an attacker to infer a tablet user's typed inputs on the touchscreen by recording and analyzing the video of the tablet backside during the user's input process. Besides, some potential countermeasures to this attack are also discussed. This dissertation sheds the light on the state-of-the-art security and privacy issues in mobile computing.Dissertation/ThesisDoctoral Dissertation Electrical Engineering 201

The Prom Problem: Fair and Privacy-Enhanced Matchmaking with Identity Linked Wishes

In the Prom Problem (TPP), Alice wishes to attend a school dance with Bob and needs a risk-free, privacy preserving way to find out whether Bob shares that same wish. If not, no one should know that she inquired about it, not even Bob. TPP represents a special class of matchmaking challenges, augmenting the properties of privacy-enhanced matchmaking, further requiring fairness and support for identity linked wishes (ILW) – wishes involving specific identities that are only valid if all involved parties have those same wishes. The Horne-Nair (HN) protocol was proposed as a solution to TPP along with a sample pseudo-code embodiment leveraging an untrusted matchmaker. Neither identities nor pseudo-identities are included in any messages or stored in the matchmaker’s database. Privacy relevant data stay within user control. A security analysis and proof-of-concept implementation validated the approach, fairness was quantified, and a feasibility analysis demonstrated practicality in real-world networks and systems, thereby bounding risk prior to incurring the full costs of development. The SecretMatch™ Prom app leverages one embodiment of the patented HN protocol to achieve privacy-enhanced and fair matchmaking with ILW. The endeavor led to practical lessons learned and recommendations for privacy engineering in an era of rapidly evolving privacy legislation. Next steps include design of SecretMatch™ apps for contexts like voting negotiations in legislative bodies and executive recruiting. The roadmap toward a quantum resistant SecretMatch™ began with design of a Hybrid Post-Quantum Horne-Nair (HPQHN) protocol. Future directions include enhancements to HPQHN, a fully Post Quantum HN protocol, and more

Evaluation of Trust in the Internet Of Things: Models, Mechanisms And Applications

In the blooming era of the Internet of Things (IoT), trust has become a vital factor for provisioning reliable smart services without human intervention by reducing risk in autonomous decision making. However, the merging of physical objects, cyber components and humans in the IoT infrastructure has introduced new concerns for the evaluation of trust. Consequently, a large number of trust-related challenges have been unsolved yet due to the ambiguity of the concept of trust and the variety of divergent trust models and management mechanisms in different IoT scenarios. In this PhD thesis, my ultimate goal is to propose an efficient and practical trust evaluation mechanisms for any two entities in the IoT. To achieve this goal, the first important objective is to augment the generic trust concept and provide a conceptual model of trust in order to come up with a comprehensive understanding of trust, influencing factors and possible Trust Indicators (TI) in the context of IoT. Following the catalyst, as the second objective, a trust model called REK comprised of the triad Reputation, Experience and Knowledge TIs is proposed which covers multi-dimensional aspects of trust by incorporating heterogeneous information from direct observation, personal experiences to global opinions. The mathematical models and evaluation mechanisms for the three TIs in the REK trust model are proposed. Knowledge TI is as “direct trust” rendering a trustor’s understanding of a trustee in respective scenarios that can be obtained based on limited available information about characteristics of the trustee, environment and the trustor’s perspective using a variety of techniques. Experience and Reputation TIs are originated from social features and extracted based on previous interactions among entities in IoT. The mathematical models and calculation mechanisms for the Experience and Reputation TIs also proposed leveraging sociological behaviours of humans in the real-world; and being inspired by the Google PageRank in the web-ranking area, respectively. The REK Trust Model is also applied in variety of IoT scenarios such as Mobile Crowd-Sensing (MCS), Car Sharing service, Data Sharing and Exchange platform in Smart Cities and in Vehicular Networks; and for empowering Blockchain-based systems. The feasibility and effectiveness of the REK model and associated evaluation mechanisms are proved not only by the theoretical analysis but also by real-world applications deployed in our ongoing TII and Wise-IoT projects