End-to-end security for mobile devices

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2004Includes bibliographical references (leaves: 120)Text in English; Abstract: Turkish and Englishix, 133 leavesEnd-to-end security has been an emerging need for mobile devices with the widespread use of personal digital assistants and mobile phones. Transport Layer Security Protocol (TLS) is an end-to-end security protocol that is commonly used in Internet, together with its predecessor, SSL protocol. By using TLS protocol in mobile world, the advantage of the proven security model of this protocol can be taken.J2ME (Java 2 Micro Edition) has been the de facto application platform used in mobile devices. This thesis aims to provide an end-to-end security protocol implementation based on TLS 1.0 specification and that can run on J2ME MIDP (Mobile Information Device Profile) environment. Because of the resource intensive public-key operations used in TLS, this protocol needs high resources and has low performance. Another motivation for the thesis is to adapt the protocol for mobile environment and to show that it is possible to use the protocol implementation in both client and server modes. An alternative serialization mechanism is used instead of the standard Java object serialization that is lacking in MIDP. In this architecture, XML is used to transmit object data.The mobile end-to-end security protocol has the main design issues of maintainability and extensibility. Cryptographic operations are performed with a free library, Bouncy Castle Cryptography Package. The object-oriented architecture of the protocol implementation makes the replacement of this library with another cryptography package easier.Mobile end-to-end security protocol is tested with a mobile hospital reservation system application. Test cases are prepared to measure the performance of the protocol implementation with different cipher suites and platforms. Measured values of all handshake operation and defined time spans are given in tables and compared with graphs

Performance evaluation of WTLS handshake protocol using RSA and elliptic curve cryptosystems /

WTLS (Wireless Transport Layer Security) is the security protocol designed for WAP (Wireless Application Protocol) protocol stack. Negotiation of the security parameters and authentication of the peers require using public key cryptosystems. Public key operations are generally slow. Thus, use of these cryptosystems in resource constrained handheld devices becomes a significant problem. Server (WAP Gateway) waiting time and handshake data transmission time may also be bottlenecks that occur during the WTLS handshake. In this study, WTLS Handshake Protocol is implemented using C++ and performance measurements are done using Nokia 7650 as client and open source Kannel gateway as the WAP Gateway. GSM CSD (Global System for Mobile Communication - Circuit Switched Data) data bearer with 9600 bps data rate has been used during the tests. Networking time has also been measured using GPRS bearer. Mutual authenticated and Server Authenticated WTLS full handshake performance with RSA (Rivest-Shamir-Adleman) and ECDH_ECDSA (Elliptic Curve Diffie-Hellman Elliptic Curve Digital Signature Algorithm) key exchange suites has been compared for three different categories. Each category contains four groups: three of these groups use certificates with ECC (Elliptic Curve Cryptography) curve parameters and the fourth group uses RSA certificates. All of the groups in each category are assumed to provide the same level of security. Three groups of ECC certificates are composed of prime, Koblitz and random curve parameters. Client and server processing times have been measured for each handshake message of the test cases. These values have been used to analyze the processing load of the corresponding key exchange suite, overall handshake time and server queue delay. Server has been modeled as an M/G/1 queue and the average waiting time in the server queue has been modeled based on the well-known Pollaczek-Khincin (P-K) formula. Queue delay model has been implemented in Matlab 6.0 and queue delay characteristics of the considered test cases have been analyzed using the measured server processing times. Data transmission time model includes two components. The first component is the amount of time necessary to transmit the measured size of data with specified channel transmission rate. The second component is the traversal delay of the network that is added to the data transmission time regardless of how much data is sent. Simulation results show that ECC has better processing time performance than RSA. Server queue delay does not seem to be bottleneck for mutual authenticated WTLS handshake using ECC certificates with prime curve parameters. Server authenticated WTLS handshake using any of the three ECC certificate types also has a good queue delay characteristic. However, there exists a practical upper limit of handshake requests per second for other key exchange suites. Traversal delay of the network is much more effective on the overall handshake time when using GSM CSD or GPRS bearer

Mobile commerce (mCommerce) security. An appraisal of current issues and trends

Millions of data capable mobile devices are currently in use around the world enabled by the growing acceptance of Internet over wireless networks. However, security mechanisms still remain nascent. Security plays a crucial role in facilitating the level of trust users place on mobile devices and applications. To effectively diffuse the mobile devices in the marketplace, sufficient levels of trust has to be established in the underlying security of mobile devices and applications. This paper is an appraisal of recent issues and emerging trends regarding mobile security, within the context of conducting mobile commerce via mobile networks by individual consumers and businesses.<br /

PROTOCOLO DE APLICACIONES INALAMBRICAS(WAP)

La idea inicial de crear un mini navegador de hipertexto para que los teléfonos móviles tuviesen acceso a los servicios Internet sin la necesidad de dispositivos adicionales o línea telefónica, fue concebida por American Company Unwired Planet (ahora llamado Phone.com). Al tiempo, Nokia propuso su propio sistema, basado en el protocolo Smart Message. Ambos tenían ideas excelentes, pero fallaban en un factor básico para el éxito de un sistema de estas características: Estandarización. Dado que el concepto general de navegar por Internet usando un teléfono era extenso, Ericsson, Motorola, Nokia, y Unwired Planet acordaron encontrar una manera de rectificar el problema de la carencia de un estándar común. Decidieron formar a un grupo con la meta de encontrar un nuevo estándar que se podría utilizar por todos sin tener que pagar ningún impuesto sobre patente. Este estándar fue llamado WAP (protocolo de aplicación inalámbrica), y el grupo inicial que formaron estas cuatro compañías se llamó el foro WAP o mas conocido como WAP Forum. La intención de desarrollar un nuevo protocolo es que tuviera una serie de características determinadas: -Independiente del estándar usado en las redes inalámbricas -Posibilidad de usar diferentes tipos de transmisión (conexiones de datos, SMS, etc.) -Posibilidad de usarlo en diferentes instrumentos (teléfono celular, ordenador de bolsillo, etc.) -Libertad para poder ser usado por cualquiera. El WAP Forum pronto tuvo el apoyo de prácticamente todas las compañías de la industria de las telecomunicaciones (más de 150) excepto una: Microsoft. En realidad, el WAP se puede utilizar no solo en teléfonos portátiles, sino también para otros dispositivos de mano como los PDAS. En este caso, sin embargo, para tener acceso a las funciones más avanzadas es necesario un sistema operativo mucho más avanzado que los que utilizan normalmente los móviles. Éste es una de las razones por las que Ericsson, Motorola, y Nokia han elegido el sistema operativo EPOC (hecho por Psion) como estándar para su siguiente generación de "teléfonos inteligentes". Junto con Psion, formaron una nueva empresa llamada Symbian en un intento de superar el dominio del Windows CE de Microsoft. Básicamente, Microsoft fue excluido del proyecto porque su sistema operativo no estaba considerado capaz de manejar la gerencia del teléfono, voz y los datos, y porque Microsoft no apoyó en su momento al estándar WAP ni quiso formar parte de su foro. Microsoft, sintiéndose excluido por un grupo que representa más que 60% del mercado del teléfono del mundo, inmediatamente llegó a un acuerdo con Americam Qualcomm, creando empresa común a la que llamó Wireless Knowledge, a la que se sumaron otra serie de empresas, la mayor parte de ellas americanas. En 1997 Nokia, Ericsson, Motorola y Unwired Planet, ahora Phone.com, se unieron en el Forum WAP con objeto de establecer un marco de trabajo para propiciar un protocolo que permitiera superar el PC como equipo tradicional para acceso a Internet con un valor añadido: la movilidad del usuari

Towards Forward Secure Internet Traffic

Forward Secrecy (FS) is a security property in key-exchange algorithms which guarantees that a compromise in the secrecy of a long-term private-key does not compromise the secrecy of past session keys. With a growing awareness of long-term mass surveillance programs by governments and others, FS has become widely regarded as a highly desirable property. This is particularly true in the TLS protocol, which is used to secure Internet communication. In this paper, we investigate FS in pre-TLS 1.3 protocols, which do not mandate FS, but still widely used today. We conduct an empirical analysis of over 10 million TLS servers from three different datasets using a novel heuristic approach. Using a modern TLS client handshake algorithms, our results show 5.37% of top domains, 7.51% of random domains, and 26.16% of random IPs do not select FS key-exchange algorithms. Surprisingly, 39.20% of the top domains, 24.40% of the random domains, and 14.46% of the random IPs that do not select FS, do support FS. In light of this analysis, we discuss possible paths toward forward secure Internet traffic. As an improvement of the current state, we propose a new client-side mechanism that we call "Best Effort Forward Secrecy" (BEFS), and an extension of it that we call "Best Effort Forward Secrecy and Authenticated Encryption" (BESAFE), which aims to guide (force) misconfigured servers to FS using a best effort approach. Finally, within our analysis, we introduce a novel adversarial model that we call "discriminatory" adversary, which is applicable to the TLS protocol

Remote software upload techniques in future vehicles and their performance analysis

Updating software in vehicle Electronic Control Units (ECUs) will become a mandatory requirement for a variety of reasons, for examples, to update/fix functionality of an existing system, add new functionality, remove software bugs and to cope up with ITS infrastructure. Software modules of advanced vehicles can be updated using Remote Software Upload (RSU) technique. The RSU employs infrastructure-based wireless communication technique where the software supplier sends the software to the targeted vehicle via a roadside Base Station (BS). However, security is critically important in RSU to avoid any disasters due to malfunctions of the vehicle or to protect the proprietary algorithms from hackers, competitors or people with malicious intent. In this thesis, a mechanism of secure software upload in advanced vehicles is presented which employs mutual authentication of the software provider and the vehicle using a pre-shared authentication key before sending the software. The software packets are sent encrypted with a secret key along with the Message Digest (MD). In order to increase the security level, it is proposed the vehicle to receive more than one copy of the software along with the MD in each copy. The vehicle will install the new software only when it receives more than one identical copies of the software. In order to validate the proposition, analytical expressions of average number of packet transmissions for successful software update is determined. Different cases are investigated depending on the vehicle\u27s buffer size and verification methods. The analytical and simulation results show that it is sufficient to send two copies of the software to the vehicle to thwart any security attack while uploading the software. The above mentioned unicast method for RSU is suitable when software needs to be uploaded to a single vehicle. Since multicasting is the most efficient method of group communication, updating software in an ECU of a large number of vehicles could benefit from it. However, like the unicast RSU, the security requirements of multicast communication, i.e., authenticity, confidentiality and integrity of the software transmitted and access control of the group members is challenging. In this thesis, an infrastructure-based mobile multicasting for RSU in vehicle ECUs is proposed where an ECU receives the software from a remote software distribution center using the road side BSs as gateways. The Vehicular Software Distribution Network (VSDN) is divided into small regions administered by a Regional Group Manager (RGM). Two multicast Group Key Management (GKM) techniques are proposed based on the degree of trust on the BSs named Fully-trusted (FT) and Semi-trusted (ST) systems. Analytical models are developed to find the multicast session establishment latency and handover latency for these two protocols. The average latency to perform mutual authentication of the software vendor and a vehicle, and to send the multicast session key by the software provider during multicast session initialization, and the handoff latency during multicast session is calculated. Analytical and simulation results show that the link establishment latency per vehicle of our proposed schemes is in the range of few seconds and the ST system requires few ms higher time than the FT system. The handoff latency is also in the range of few seconds and in some cases ST system requires less handoff time than the FT system. Thus, it is possible to build an efficient GKM protocol without putting too much trust on the BSs

A new protocol with unbalanced RSA for authentication and key distribution in WLAN.

In wireless network, security concerns have haunted 802.11 deployments since the standardization effort began. IEEE attempts to provide confidentiality by using WEP (Wire Equivalent Privacy), and treats WEP as an option during the authentication. Unfortunately, WEP had been proved that neither authentication nor data confidentiality is reliable. For the short-term solution, IEEE offers TKIP (Temporal Key Integrity Protocol) to address the flaws found in 802.11, combined with 802.1X for authentication. In order to provide solid mutual authentication and key-distribution, TLS (Transport Layer Security) handshake protocol has been used in 802.1X. However, since TLS was not designed specifically for 802.11 in WLAN, there are some redundant steps in TLS which is not necessary if used for 802.11. Furthermore, in WLAN, it is normal that the computation abilities between client and server could be significantly different, which make the client a bottleneck during the handshake process. According to those drawbacks, a new protocol for authentication and key-distribution is proposed in this thesis. This new protocol can not only eliminate the redundant steps in TLS handshake, but also reduce the time consumption for client during the authentication and key-distribution by applying unbalanced RSA . The proposed protocol with the use of unbalanced RSA solves the problems in original 802.11 standard, while offering efficiency and security at the same time.Dept. of Electrical and Computer Engineering. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2004 .Z546. Source: Masters Abstracts International, Volume: 43-05, page: 1761. Advisers: Huapeng Wu; Kemal Tepe. Thesis (M.A.Sc.)--University of Windsor (Canada), 2004

Beyond Modes: Building a Secure Record Protocol from a Cryptographic Sponge Permutation

Abstract. BLINKER is a light-weight cryptographic suite and record protocol built from a single permutation. Its design is based on the Sponge construction used by the SHA-3 algorithm KECCAK. We examine the SpongeWrap authen-ticated encryption mode and expand its padding mechanism to offer explicit do-main separation and enhanced security for our specific requirements: shared se-cret half-duplex keying, encryption, and a MAC-and-continue mode. We motivate these enhancements by showing that unlike legacy protocols, the resulting record protocol is secure against a two-channel synchronization attack while also having a significantly smaller implementation footprint. The design facilitates security proofs directly from a single cryptographic primitive (a single security assump-tion) rather than via idealization of multitude of algorithms, paddings and modes of operation. The protocol is also uniquely suitable for an autonomous or semi-autonomous hardware implementation of protocols where the secrets never leave the module, making it attractive for smart card and HSM designs