5,992 research outputs found

    Secure Identification in Social Wireless Networks

    Get PDF
    The applications based on social networking have brought revolution towards social life and are continuously gaining popularity among the Internet users. Due to the advanced computational resources offered by the innovative hardware and nominal subscriber charges of network operators, most of the online social networks are transforming into the mobile domain by offering exciting applications and games exclusively designed for users on the go. Moreover, the mobile devices are considered more personal as compared to their desktop rivals, so there is a tendency among the mobile users to store sensitive data like contacts, passwords, bank account details, updated calendar entries with key dates and personal notes on their devices. The Project Social Wireless Network Secure Identification (SWIN) is carried out at Swedish Institute of Computer Science (SICS) to explore the practicality of providing the secure mobile social networking portal with advanced security features to tackle potential security threats by extending the existing methods with more innovative security technologies. In addition to the extensive background study and the determination of marketable use-cases with their corresponding security requirements, this thesis proposes a secure identification design to satisfy the security dimensions for both online and offline peers. We have implemented an initial prototype using PHP Socket and OpenSSL library to simulate the secure identification procedure based on the proposed design. The design is in compliance with 3GPP‟s Generic Authentication Architecture (GAA) and our implementation has demonstrated the flexibility of the solution to be applied independently for the applications requiring secure identification. Finally, the thesis provides strong foundation for the advanced implementation on mobile platform in future

    Secure Mobile Social Networks using USIM in a Closed Environment

    Get PDF
    Online social networking and corresponding mobile based applications are gaining popularity and now considered a well-integrated service within mobile devices. Basic security mechanisms normally based on passwords for the authentication of social-network users are widely deployed and poses a threat for the user security. In particular, for dedicated social groups with high confidentiality and privacy demands, stronger and user friendly principles for the authentication and identification of group members are needed. On the other hand, most of the mobile units already provide strong authentication procedures through the USIM/ISIM module. This paper explores how to build an architectural framework for secure enrollment and identification of group members in dedicated closed social groups using the USIM/SIM authentication and in particular, the 3GPP Generic Authentication Architecture (GAA), which is built upon the USIM/SIM capabilities. One part of the research is to identify the marketable use-cases with corresponding security challenges to fulfill the requirements that extend beyond the online connectivity. This paper proposes a secure identification design to satisfy the security dimensions for both online and offline peers. We have also implemented an initial proof of the concept prototype to simulate the secure identification procedure based on the proposed design. Our implementation has demonstrated the flexibility of the solution to be applied independently for applications requiring secure identification

    A Flexible and Secure Deployment Framework for Distributed Applications

    Get PDF
    This paper describes an implemented system which is designed to support the deployment of applications offering distributed services, comprising a number of distributed components. This is achieved by creating high level placement and topology descriptions which drive tools that deploy applications consisting of components running on multiple hosts. The system addresses issues of heterogeneity by providing abstractions over host-specific attributes yielding a homogeneous run-time environment into which components may be deployed. The run-time environments provide secure binding mechanisms that permit deployed components to bind to stored data and services on the hosts on which they are running.Comment: 2nd International Working Conference on Component Deployment (CD 2004), Edinburgh, Scotlan

    Security functions for a file repository

    Get PDF
    When personal machines are incorporated into distributed\ud systems a new mixture of threats is exposed.\ud The security effort in the MobyDick project\ud is aimed at understanding how privacy can be protected\ud in this new environment. Our claim is that\ud a two-step process for authentication and authorisation\ud is required, but also sufficient. The research\ud vehicle is a distributed file repository

    Authentication for mobile computing

    Get PDF
    Host mobility is becoming an increasingly important feature with the recent arrival of laptop and palmtop computers, the development of wireless network interfaces and the implementation of global networks. Unfortunately, this mobile environment is also much more vulnerable to penetration by intruders. A possible means of protection can be authentication. This guarantees the identity of a communication peer. This thesis studies the constraints imposed on the mobile environment with respect to authentication. It compares the two prevailing authentication mechanisms, Kerberos and SPX, and tries to make suggestions of how a mechanism can be adapted to the mobile environment

    Secure 3G user authentication in ad-hoc serving networks

    Get PDF
    The convergence of cellular and IP technologies has pushed the integration of 3G and WLAN networks to the forefront. With 3G networks\u27 failure to deliver feasible bandwidth to the customer and the emerging popularity, ease of use and high throughput of 802.11 WLANs, integrating secure access to 3G services from WLANs has become a primary focus. 3G user authentication initiated from WLANs has been defined by an enhancement to the extensible authentication protocol, EAP, used to transport user authentication requests over WLANs. The EAP-AKA protocol executes the 3G USIM user challenge and response authentication process over the IP backbone for WLAN serving networks. To improve the degree of control of 3G subscribers, spatial control has been proposed for 3G-WLAN user authentication. Successful execution of 3G security algorithms can be limited to a specified area by encrypting a user\u27s authentication challenge with spatial data defining his/her visited WLAN. With 3G networks\u27 limited capacity to determine a user\u27s location to the granularity of a small WLAN area and restricted access to users\u27 location due to privacy, 3G operators must rely on spatial data sent from visited WLANs to implement control for authentication. The risks of implementing EAP-AKA spatial control by 3G operators with no prior relationship or trust for serving WLAN networks are presented in this paper. An ad-hoc architecture is proposed for serving networks in 3G-WLAN integration and the advantages of this architecture that facilitate secure 3G user authentication are identified. Algorithms are proposed to define robust trust relationships between the parties in 3G-WLAN networks. The security of 3G user authentication is further protected by new mechanisms defined that are based on the quality of trust established between parties

    Greenpass Client Tools for Delegated Authorization in Wireless Networks

    Get PDF
    Dartmouth\u27s Greenpass project seeks to provide strong access control to a wireless network while simultaneously providing flexible guest access; to do so, it augments the Wi-Fi Alliance\u27s existing WPA standard, which offers sufficiently strong user authentication and access control, with authorization based on SPKI certificates. SPKI allows certain local users to delegate network access to guests by issuing certificates that state, in essence, he should get access because I said it\u27s okay. The Greenpass RADIUS server described in Kim\u27s thesis [55] performs an authorization check based on such statements so that guests can obtain network access without requiring a busy network administrator to set up new accounts in a centralized database. To our knowledge, Greenpass is the first working delegation-based solution to Wi-Fi access control. My thesis describes the Greenpass client tools, which allow a guest to introduce himself to a delegator and allow the delegator to issue a new SPKI certificate to the guest. The guest does not need custom client software to introduce himself or to connect to the Wi-Fi network. The guest and delegator communicate using a set of Web applications. The guest obtains a temporary key pair and X.509 certificate if needed, then sends his public key value to a Web server we provide. The delegator looks up her guest\u27s public key and runs a Java applet that lets her verify her guests\u27 identity using visual hashing and issue a new SPKI certificate to him. The guest\u27s new certificate chain is stored as an HTTP cookie to enable him to push it to an authorization server at a later time. I also describe how Greenpass can be extended to control access to a virtual private network (VPN) and suggest several interesting future research and development directions that could build on this work.My thesis describes the Greenpass client tools, which allow a guest to introduce himself to a delegator and allow the delegator to issue a new SPKI certificate to the guest. The guest does not need custom client software to introduce himself or to connect to the Wi-Fi network. The guest and delegator communicate using a set of Web applications. The guest obtains a temporary key pair and X.509 certificate if needed, then sends his public key value to a Web server we provide. The delegator looks up her guest\u27s public key and runs a Java applet that lets her verify her guests\u27 identity using visual hashing and issue a new SPKI certificate to him. The guest\u27s new certificate chain is stored as an HTTP cookie to enable him to push it to an authorization server at a later time. I also describe how Greenpass can be extended to control access to a virtual private network (VPN) and suggest several interesting future research and development directions that could build on this work
    • …
    corecore