SlideShare a Scribd company logo

A survey study of title security and privacy in mobile systems

Download as DOCX, PDF
K
Kavita Rastogi

This document summarizes security and privacy issues related to mobile systems. It discusses how mobile systems originally focused on securing phone calls but now must address additional challenges due to lost/stolen devices and user expectations of flexibility. The document then examines authentication techniques, security across different network domains, and technologies like encryption, digital rights management, and trusted computing platforms that aim to enhance mobile security. It concludes that secure information transmission will become increasingly important as mobile technologies continue advancing.

Technology
1 of 6
Download to read offline
1
2
3
4
5
6
A Survey Study of Title-Security and Privacy In Mobile Systems Kavita Rastogi, Research Scholar E-mail-kavita.rastogi2011@gmail.com,Department of computer application Tecnia institute of advanced studies, Rohini,Delhi Abstract This paper is based on Mobile systems and applications information security and privacy issues. This chapter discusses the need for privacy and security in mobile systems and presents technological trends which highlight that this issue is of growing concern. Mobile systems security was conceived as a natural development of conventional POTS (Plain Old Telephone Service) security. Some of the objectives, therefore, were clear and well-understood: avoiding unauthorized disclosure of a user’s or operator’s data, repelling denial-of-service (DOS) attacks and preventing unauthorized access to and use of mobile service. However, as we anticipated in the previous Section, a mobile communication environment presents a number of unique challenges due to the fact that mobile terminals are easily lost or stolen and to user expectations for flexibility and ease of use. In this section we shall focus on the main authentication and identity establishment techniques which are instrumental for the more complex mobile identity management solutions Keywords: Proximity,POTS,DOS, 2.5 Generation, Wideband Code-Division Multiple Access (WCDMA), QoS, Introduction: Access to general purpose Information and Communication Technology (ICT) is not equally distributed on our planet: developed countries represent about 70 per cent of all Internet users while its percentage of Internet hosts has raised from 90 per cent in 2000 to about 99 per cent in 2002. On the other hand, in the developed world the set of techniques going under the name of e-Mobile is becoming more and more important in e-Business transactions. The use of smart mobile terminals will allow new kind of services and new business models, overcoming time and space limitations. The technological evolution in wireless data communications is introducing a rich landscape of new services relying on three main technologies: • proximity (or personal) area networks (PANs), composed by personal 1 and wearable devices capable of automatically setting up transient communication environments (also known as ad- hoc networks); • wireless local area network technology (WLAN); • 3rd Generation of mobile telecommunications (3G), gradually replacing General Packet Radio Service (GPRS) and the related set of technologies collectively called “2.5 Generation” (2.5G). 3G services are made available through technologies such as Wideband Code-Division Multiple Access (WCDMA), offering high data speeds. PANs is a new technology bringing the “always connected” principle to the personal space. On the other hand, 3G systems and WLANs have coexisted since long; what is new is their interconnection, aimed at decoupling terminals and applications from the access method. While 3G is generally considered applicable mainly to fully mobile wireless devices (e.g., operating from a car), WLAN is more relevant to fixed and portable wireless devices (e.g., operating from an elevator). 3G mobile networks already provide video-capable bandwidth, global roaming for voice and data, and access to the Internet rich online content.
1.1 Mobile and wireless security issues While wireless communications provide great flexibility and mobility, they often come at the expense of security. Indeed, wireless communications rely on open and public transmission media that raise further vulnerabilities in addition to the security threats found in wired networks. A number of specific open issues and even inherent dangers (some of which had been already identified and described in the early stages of wireless technology adoption [Howard, 2000]) are yet to be solved. With wireless communications, important and vital information is often placed on a mobile device that is vulnerable to theft and loss. In addition, this information is transmitted over the unprotected airwaves. Thirdly, 3G networks are getting smaller and more numerous, causing opportunities for hackers and other abusers to increase. Currently, 2.5G security mechanisms include 40-bit encryption, but theoretical attacks against this and the authentication mechanisms have been demonstrated [van Oorschot et al., 1996]. 3G technologies incorporate stronger cryptographic techniques, and new authentication systems. The boom of users demand for richer content for their mobile terminals (such as through multimedia messaging, video conferencing, voice-over-IP, m-business) is increasing the need for security solution ensuring user and data confidentiality, quality of service (QoS), billing, and protection against intruders. The challenge for industry players now is to tackle all security issues within PAN, 3G and WLAN and create a profitable integrated wireless business comprising of services and value. In this chapter we shall look into some of the main security issues within the whole hierarchy of 3G and WLAN systems, including network access security, network domain security, user domain security, and personal identity management.
1.2 Wireless applications and security testing methodologies As the complexity of mobile and wireless applications increases rapidly, importance of manufacturing security test becomes more critical. The main requirements of an effective security test methodology are the establishment of functional completeness and compliance with appropriate security requirements, and minimum test execution time. Activities associated with testing include the following: • identification of the security requirements to be satisfied; • identification of proposed product security mechanisms; • determination of the test objectives; • determination of the test methodology/technique; • determination of expected test results; • conduct of the test; • documentation and analysis of test results; • feedback of test results to appropriate individuals/organizations; • determination of the next action to be taken (e.g., additional testing, corrective actions, and so on). 1.3 Personal Identity Management in 3G Mobile Systems In the previous Section, privacy and security issues of mobile systems have been described mainly from the perspective of technological security research (access control, integrity, authentication, non repudiation, availability, and confidentiality). Recent developments in ICT- based business models reveal the necessity to approach the concept of privacy and security On- the-air encryption is not mandatory in 3G networks due to concern about restrictions on the use of encryption in some countries.more broadly, embracing not only the technical aspects, but also the socioeconomic, the policy and business points of view In other words, this means that technological potentialities, business opportunities and joining industries complex dynamics have to be strongly internetworked with users’ social dynamics, standards, policy, and regulation to create a sort of digital identity management framework where digital identity is conceived as “an electronic representation of individuals’ or organizations’ sensitive information” [Damiani et al., 2003]. Support offered by this framework is crucial for building and maintaining trust relationships in today’s globally interconnected society because: • it offers adequate security and availability; • it strikes the right balance between protection of privacy and convenience; • it allows to present different subset of the users’ identity depending on the on-going and perceived application and communication context; • it guarantees that identity, personal data, and user profile (including location based information) are safeguarded and no thefts will happen.
Starting from the late ’80s, many examples of identity management system (IM) have been proposed. In 1985, David Chaum considered a device that helps the user with payment transactions and upholds the user’s privacy [Chaum, 1985a, Chaum, 1985b]. In 1993, Roger Clark proposed the digital individual, that is, the individual’s data shadow in the computer system which can be compared to user’s identity [Clark, 1993]. In 1995, John Borking published a report about the Identity Protector to protect the user’s data [van Rossum et al., 1995]. In 1999, Martin Reichenbach proposed the reachability manager applied to telephone reachability [Herbert et al., 1999]. These mechanisms work at the packet level and sit on top of the on-the-air encryption mechanism offered by some 3G networks. 6Also, service discovery relies on a broadcast message on the part of the service provider. Terminals do not have to become active, and can avoid revealing their presence just for discovering services the user may not be interested in. • Authentication • one-way authentication based on long-term shared key between user's SIM card and the home network • Charging • network operator is trusted to charge correctly; based on user authentication • Privacy • data • link-level encryption over the air; no protection in the core network • identity/location/movements, unlinkability • use of temporary identifiers (TMSI) reduce the ability of an eavedropper to track movements within a PLMN • but network can ask the mobile to send its real identity (IMSI): on synchronization failure, on database failure, or on entering a new PLMN • network can also page for mobiles using IMSI • User • Service Provider • Context • Communication • Device
1.4 Technologies for Mobile Security. As we have seen in the previous Section, technologies for 2G mobile security provide standard functions for checking the subscriber identity authenticity, for protecting the subscriber anonymity and for encrypting user and signaling data. 3G, while retaining SIM-based authentication, enhances security features organizing the issue in four domains: access, network, user and application, and adding auxiliary information on visibility and configurability. For packet data traveling over the mobile network layer, conventional security technologies apply. Two main areas can be identified: • Security Network Domain. When Mobile IP is used at the network level over a mobile infrastructure, the most salient security issue is the problem of how to authenticate the registration messages that inform the server about a mobile node’s current IP address, in order to avoid spoofing and IP impersonation attacks [Cheswick et al., 2003].7 • Security Transport Domain. The well-known Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols provide entity authentication, data confidentiality, and data authentication. Trust Management. In the previous Section we saw how SIM-based authentication is the main technique for linking a terminal to a user identity. To secure this mechanism, however, specifical mobility-related threats must be addressed. As they get smaller, mobile terminals become more and more susceptible to theft. Stolen data is often regarded as being more valuable than the terminal itself. Thus, the need to protect user data and secrets is of paramount importance in a 3G mobile computing environment. Since 1999, the Trusted Computing Platform Alliance (TCPA) [Trusted Computing Platform Alliance, ] was created to foster industry participation in the development of an open specification for a trusted computing platform focused on two areas: ensuring privacy, and enhancing security. The TCPA provides for a platform root of trust, which uniquely identifies a particular platform, and provides various encryption capabilities, including hardware-protected storage. Digital Rights Management (DRM). DRM mobile networks rely on two crucial standards: the Open Mobile Association (OMA) DRM [OMA DRM Requirements - Version 2.0, 2003] and OMA Download (OMA 2004) [Generic Content Download Over The Air Specification - Version 1.0, 2003]. OMA DRM is the Digital Rights Management standard language for mobile phones published by the Open Mobile Alliance, while OMA Download is the application-level protocol that enables reliable and 7Mobile IPv4 and Mobile IPv6 solve this issue by using a protocol specific authentication extension based on a secret key shared between mobile node and home agent, and by reusing IPSec protocol to secure the binding updates, through Internet Key Exchange (IKE) protocol, respectively.secure downloading to mobile terminals of digital content whose access rights are specified using OMA DRM. OMA Download can be integrated to other channel-specific services such as billing, and management of premium priced. However, OMA DRM and OMA Download are different technologies designed for independent purposes. Taken together, they enable secure downloading of digital content to mobile terminals and improve the consumer’s experience of mobile content. Content protected by OMA DRM can be delivered using the OMA Download or other channel-specific protocols such as the Multimedia Message System (MMS). 1.5 Implications • Public-key cryptography can provide effective solutions • increased message sizes: use of elliptic curve cryptography can help
• lack of PKI: enhanced privacy solution does not require a full-fledged PKI, some sort of infrastructure is required for charging anyway • Are these problems serious enough? • trust assumption may not change so drastically • providing true privacy is hard: hiding identity information is irrelevant as long as some other linkable information is associated with the messages • try not to preclude future solution • e.g., don’t insist on authentication when it is not essential • provide hooks for future use • e.g., 16-bit length fields to ensure sufficient room in message formats 1.6 Conclusions The amount of mobile computing is expected to increase dramatically in the near future. As the user’s demands increase with the offered services of mobile communication systems, the main expectation on such systems will be that they provide access to any service, anywhere, at anytime. Indeed, in today’s highly connected, and highly mobile environments, the secure transmission of information is imperative for every enterprise, and will grow in significance as mobile devices, networks, and applications continue to advance. However, the promise of mobile computing technologies further increases privacy and security concerns. In this chapter we have discussed the need for privacy and security in mobile systems and have presented technological trends which highlight that this issue is of growing concern. 1.6 References [Consortium, 1998] Consortium, W. W. W. (1998). P3P Guiding Principles. http://www.w3.org/TR/1998/NOTE-P3P10-principles. [Damiani et al., 2003] Damiani, E., di Vimercati, S. D. C., and Samarati, P. (2003). Managing Multiple and Dependable Identities. IEEE Internet Computing, pages 2–10. [Jendricke et al., 2002] Jendricke, U., Kreutzer, M., and Zugenmaier, A. (2002). Mobile Identity Management. In Proceedings of the Workshop on Security in Ubiquitous Computing (UBICOMP2002). [Kagal et al., 2001] Kagal, L., Finin, T., and Joshi, A. (2001). Trust-based security in pervasive computing environments. IEEE Communications. nced Topics in Database Research, volume

More Related Content

PDF
Efficient Data Security for Mobile Instant Messenger
Putra Wanda
 
PDF
Efficient Data Security for Mobile Instant Messenger
TELKOMNIKA JOURNAL
 
PDF
Trusting Smart Speakers: Understanding the Different Levels of Trust between ...
CSCJournals
 
PDF
A Critical Survey on Privacy Prevailing in Mobile Cloud Computing: Challenges...
Rida Qayyum
 
PDF
Safely Scaling Virtual Private Network for a Major Telecom Company during A P...
AIRCC Publishing Corporation
 
PDF
A survey on secure communication protocols for io t systems
Vishwesh Nagamalla
 
PDF
Paper id 25201417
IJRAT
 
PDF
PRIVACY-PRESERVING MACHINE AUTHENTICATED KEY AGREEMENT FOR INTERNET OF THINGS
IJCNCJournal
 
Efficient Data Security for Mobile Instant Messenger
Putra Wanda
 
Efficient Data Security for Mobile Instant Messenger
TELKOMNIKA JOURNAL
 
Trusting Smart Speakers: Understanding the Different Levels of Trust between ...
CSCJournals
 
A Critical Survey on Privacy Prevailing in Mobile Cloud Computing: Challenges...
Rida Qayyum
 
Safely Scaling Virtual Private Network for a Major Telecom Company during A P...
AIRCC Publishing Corporation
 
A survey on secure communication protocols for io t systems
Vishwesh Nagamalla
 
Paper id 25201417
IJRAT
 
PRIVACY-PRESERVING MACHINE AUTHENTICATED KEY AGREEMENT FOR INTERNET OF THINGS
IJCNCJournal
 

What's hot (20)

PDF
Mobile Device Users’ Susceptibility To Phishing Attacks
AIRCC Publishing Corporation
 
PDF
Comprehensive survey on security problems and key technologies of the interne...
RSIS International
 
PDF
Malware threat analysis techniques and approaches for IoT applications: a review
journalBEEI
 
PDF
Ijarcet vol-2-issue-4-1398-1404
Editor IJARCET
 
PDF
Architectural Layers of Internet of Things: Analysis of Security Threats and ...
Scientific Review SR
 
PDF
Transformation from Identity Stone Age to Digital Identity
IJNSA Journal
 
PDF
509286-Aki_Koivu-Review
Aki Koivu
 
PDF
ijais13-451015
Sathya Bala
 
PDF
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGES
IJNSA Journal
 
PDF
Design and Development of Secure Electronic Voting System Using Radio Frequen...
iosrjce
 
PDF
Deterring Sybil Attack in Online Communication System via Peer-to-peer Audio ...
Eswar Publications
 
PDF
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
IJNSA Journal
 
PDF
Steam++ An Extensible End-to-end Framework for Developing IoT Data Processing...
AIRCC Publishing Corporation
 
PDF
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
Editor IJMTER
 
PDF
ENCRYPTION BASED WATERMARKING TECHNIQUE FOR SECURITY OF MEDICAL IMAGE
ijcsit
 
PDF
Securing mobile cloud using finger print authentication
IJNSA Journal
 
PDF
Automatic Detection of Social Engineering Attacks Using Dialog
iosrjce
 
PDF
User privacy and data trustworthiness in mobile crowd sensing
LeMeniz Infotech
 
PDF
Douglas2018 article an_overviewofsteganographytechn (1)
lakshmi.ec
 
PDF
Security Issues and Challenges in Internet of Things – A Review
IJERA Editor
 
Mobile Device Users’ Susceptibility To Phishing Attacks
AIRCC Publishing Corporation
 
Comprehensive survey on security problems and key technologies of the interne...
RSIS International
 
Malware threat analysis techniques and approaches for IoT applications: a review
journalBEEI
 
Ijarcet vol-2-issue-4-1398-1404
Editor IJARCET
 
Architectural Layers of Internet of Things: Analysis of Security Threats and ...
Scientific Review SR
 
Transformation from Identity Stone Age to Digital Identity
IJNSA Journal
 
509286-Aki_Koivu-Review
Aki Koivu
 
ijais13-451015
Sathya Bala
 
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGES
IJNSA Journal
 
Design and Development of Secure Electronic Voting System Using Radio Frequen...
iosrjce
 
Deterring Sybil Attack in Online Communication System via Peer-to-peer Audio ...
Eswar Publications
 
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS
IJNSA Journal
 
Steam++ An Extensible End-to-end Framework for Developing IoT Data Processing...
AIRCC Publishing Corporation
 
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
Editor IJMTER
 
ENCRYPTION BASED WATERMARKING TECHNIQUE FOR SECURITY OF MEDICAL IMAGE
ijcsit
 
Securing mobile cloud using finger print authentication
IJNSA Journal
 
Automatic Detection of Social Engineering Attacks Using Dialog
iosrjce
 
User privacy and data trustworthiness in mobile crowd sensing
LeMeniz Infotech
 
Douglas2018 article an_overviewofsteganographytechn (1)
lakshmi.ec
 
Security Issues and Challenges in Internet of Things – A Review
IJERA Editor
 
Ad

Similar to A survey study of title security and privacy in mobile systems (20)

PPTX
Cellular wireless network security
Ankit Anand
 
DOCX
Security model evaluation of 3 g wireless network1 paper presentation
Rotract CLUB of BSAU
 
PDF
Security Models in Cellular Wireless Networks
William Chipman
 
PDF
3g Wireless Technology Paper Presentation
guestac67362
 
PPTX
Session810 ken huang
Ken Huang
 
PPTX
Hotspot 2.0 - Concept and Challenges
Dr. Mazlan Abbas
 
PDF
Wp 3g
Saurabh Shrivastava
 
PDF
Wireless and Mobile Computing Build Secure and Maintain Wireless Solutions
YogeshIJTSRD
 
PPT
Mobile security
SanjaySharma1059
 
PDF
Mobility management issues in 3 g & 4g network1
Editor Jacotech
 
PPTX
Ch 04 wireless security
ChaushreeeLamichhane
 
PDF
Optimization of Quality of Service in 4G Wireless Networks
IDES Editor
 
PDF
The common challenges of mobile internet for up coming generation
eSAT Publishing House
 
PDF
The common challenges of mobile internet for up coming generation
eSAT Journals
 
PDF
Wireless information management, a review
Andrew Olsen
 
PDF
B010331019
IOSR Journals
 
PDF
Complexity Versus Comprehendability: Simplifying Wireless Security
Olivia Moran
 
PPT
Wimax and changing wireless eco system
Kartik Mehta
 
PDF
MOBILE COMMUNICATIONS_SEC 2E skill devep
md4228787
 
PPTX
MOBILE COMMUNICATION
junnubabu
 
Cellular wireless network security
Ankit Anand
 
Security model evaluation of 3 g wireless network1 paper presentation
Rotract CLUB of BSAU
 
Security Models in Cellular Wireless Networks
William Chipman
 
3g Wireless Technology Paper Presentation
guestac67362
 
Session810 ken huang
Ken Huang
 
Hotspot 2.0 - Concept and Challenges
Dr. Mazlan Abbas
 
Wp 3g
Saurabh Shrivastava
 
Wireless and Mobile Computing Build Secure and Maintain Wireless Solutions
YogeshIJTSRD
 
Mobile security
SanjaySharma1059
 
Mobility management issues in 3 g & 4g network1
Editor Jacotech
 
Ch 04 wireless security
ChaushreeeLamichhane
 
Optimization of Quality of Service in 4G Wireless Networks
IDES Editor
 
The common challenges of mobile internet for up coming generation
eSAT Publishing House
 
The common challenges of mobile internet for up coming generation
eSAT Journals
 
Wireless information management, a review
Andrew Olsen
 
B010331019
IOSR Journals
 
Complexity Versus Comprehendability: Simplifying Wireless Security
Olivia Moran
 
Wimax and changing wireless eco system
Kartik Mehta
 
MOBILE COMMUNICATIONS_SEC 2E skill devep
md4228787
 
MOBILE COMMUNICATION
junnubabu
 
Ad

More from Kavita Rastogi (8)

DOCX
Ai applications study
Kavita Rastogi
 
DOCX
Ai applications study
Kavita Rastogi
 
PDF
Report
Kavita Rastogi
 
DOCX
Synopsis
Kavita Rastogi
 
PPTX
Yr money analyzer
Kavita Rastogi
 
PDF
Report on Mobile security
Kavita Rastogi
 
PPTX
Nanobots
Kavita Rastogi
 
DOCX
Nanotechnology
Kavita Rastogi
 
Ai applications study
Kavita Rastogi
 
Ai applications study
Kavita Rastogi
 
Report
Kavita Rastogi
 
Synopsis
Kavita Rastogi
 
Yr money analyzer
Kavita Rastogi
 
Report on Mobile security
Kavita Rastogi
 
Nanobots
Kavita Rastogi
 
Nanotechnology
Kavita Rastogi
 

Recently uploaded (20)

PDF
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
PDF
A Day in the Life of Location Data - Turning Where into How.pdf
Precisely
 
PDF
BLW VOCATIONAL TRAINING SUMMER INTERNSHIP REPORT
codernjn73
 
PDF
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
PPTX
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
 
PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
PDF
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
PPTX
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
PPTX
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
PDF
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
PDF
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
PDF
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
PDF
How-Cloud-Computing-Impacts-Businesses-in-2025-and-Beyond.pdf
Artjoker Software Development Company
 
PDF
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
PDF
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
PDF
REPORT: Heating appliances market in Poland 2024
SPIUG
 
PPTX
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
PDF
The Future of Artificial Intelligence (AI)
Mukul
 
PDF
Doc9.....................................
SofiaCollazos
 
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
A Day in the Life of Location Data - Turning Where into How.pdf
Precisely
 
BLW VOCATIONAL TRAINING SUMMER INTERNSHIP REPORT
codernjn73
 
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
How-Cloud-Computing-Impacts-Businesses-in-2025-and-Beyond.pdf
Artjoker Software Development Company
 
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
REPORT: Heating appliances market in Poland 2024
SPIUG
 
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
The Future of Artificial Intelligence (AI)
Mukul
 
Doc9.....................................
SofiaCollazos
 

A survey study of title security and privacy in mobile systems

  • 1. A Survey Study of Title-Security and Privacy In Mobile Systems Kavita Rastogi, Research Scholar [email protected],Department of computer application Tecnia institute of advanced studies, Rohini,Delhi Abstract This paper is based on Mobile systems and applications information security and privacy issues. This chapter discusses the need for privacy and security in mobile systems and presents technological trends which highlight that this issue is of growing concern. Mobile systems security was conceived as a natural development of conventional POTS (Plain Old Telephone Service) security. Some of the objectives, therefore, were clear and well-understood: avoiding unauthorized disclosure of a user’s or operator’s data, repelling denial-of-service (DOS) attacks and preventing unauthorized access to and use of mobile service. However, as we anticipated in the previous Section, a mobile communication environment presents a number of unique challenges due to the fact that mobile terminals are easily lost or stolen and to user expectations for flexibility and ease of use. In this section we shall focus on the main authentication and identity establishment techniques which are instrumental for the more complex mobile identity management solutions Keywords: Proximity,POTS,DOS, 2.5 Generation, Wideband Code-Division Multiple Access (WCDMA), QoS, Introduction: Access to general purpose Information and Communication Technology (ICT) is not equally distributed on our planet: developed countries represent about 70 per cent of all Internet users while its percentage of Internet hosts has raised from 90 per cent in 2000 to about 99 per cent in 2002. On the other hand, in the developed world the set of techniques going under the name of e-Mobile is becoming more and more important in e-Business transactions. The use of smart mobile terminals will allow new kind of services and new business models, overcoming time and space limitations. The technological evolution in wireless data communications is introducing a rich landscape of new services relying on three main technologies: • proximity (or personal) area networks (PANs), composed by personal 1 and wearable devices capable of automatically setting up transient communication environments (also known as ad- hoc networks); • wireless local area network technology (WLAN); • 3rd Generation of mobile telecommunications (3G), gradually replacing General Packet Radio Service (GPRS) and the related set of technologies collectively called “2.5 Generation” (2.5G). 3G services are made available through technologies such as Wideband Code-Division Multiple Access (WCDMA), offering high data speeds. PANs is a new technology bringing the “always connected” principle to the personal space. On the other hand, 3G systems and WLANs have coexisted since long; what is new is their interconnection, aimed at decoupling terminals and applications from the access method. While 3G is generally considered applicable mainly to fully mobile wireless devices (e.g., operating from a car), WLAN is more relevant to fixed and portable wireless devices (e.g., operating from an elevator). 3G mobile networks already provide video-capable bandwidth, global roaming for voice and data, and access to the Internet rich online content.
  • 2. 1.1 Mobile and wireless security issues While wireless communications provide great flexibility and mobility, they often come at the expense of security. Indeed, wireless communications rely on open and public transmission media that raise further vulnerabilities in addition to the security threats found in wired networks. A number of specific open issues and even inherent dangers (some of which had been already identified and described in the early stages of wireless technology adoption [Howard, 2000]) are yet to be solved. With wireless communications, important and vital information is often placed on a mobile device that is vulnerable to theft and loss. In addition, this information is transmitted over the unprotected airwaves. Thirdly, 3G networks are getting smaller and more numerous, causing opportunities for hackers and other abusers to increase. Currently, 2.5G security mechanisms include 40-bit encryption, but theoretical attacks against this and the authentication mechanisms have been demonstrated [van Oorschot et al., 1996]. 3G technologies incorporate stronger cryptographic techniques, and new authentication systems. The boom of users demand for richer content for their mobile terminals (such as through multimedia messaging, video conferencing, voice-over-IP, m-business) is increasing the need for security solution ensuring user and data confidentiality, quality of service (QoS), billing, and protection against intruders. The challenge for industry players now is to tackle all security issues within PAN, 3G and WLAN and create a profitable integrated wireless business comprising of services and value. In this chapter we shall look into some of the main security issues within the whole hierarchy of 3G and WLAN systems, including network access security, network domain security, user domain security, and personal identity management.
  • 3. 1.2 Wireless applications and security testing methodologies As the complexity of mobile and wireless applications increases rapidly, importance of manufacturing security test becomes more critical. The main requirements of an effective security test methodology are the establishment of functional completeness and compliance with appropriate security requirements, and minimum test execution time. Activities associated with testing include the following: • identification of the security requirements to be satisfied; • identification of proposed product security mechanisms; • determination of the test objectives; • determination of the test methodology/technique; • determination of expected test results; • conduct of the test; • documentation and analysis of test results; • feedback of test results to appropriate individuals/organizations; • determination of the next action to be taken (e.g., additional testing, corrective actions, and so on). 1.3 Personal Identity Management in 3G Mobile Systems In the previous Section, privacy and security issues of mobile systems have been described mainly from the perspective of technological security research (access control, integrity, authentication, non repudiation, availability, and confidentiality). Recent developments in ICT- based business models reveal the necessity to approach the concept of privacy and security On- the-air encryption is not mandatory in 3G networks due to concern about restrictions on the use of encryption in some countries.more broadly, embracing not only the technical aspects, but also the socioeconomic, the policy and business points of view In other words, this means that technological potentialities, business opportunities and joining industries complex dynamics have to be strongly internetworked with users’ social dynamics, standards, policy, and regulation to create a sort of digital identity management framework where digital identity is conceived as “an electronic representation of individuals’ or organizations’ sensitive information” [Damiani et al., 2003]. Support offered by this framework is crucial for building and maintaining trust relationships in today’s globally interconnected society because: • it offers adequate security and availability; • it strikes the right balance between protection of privacy and convenience; • it allows to present different subset of the users’ identity depending on the on-going and perceived application and communication context; • it guarantees that identity, personal data, and user profile (including location based information) are safeguarded and no thefts will happen.
  • 4. Starting from the late ’80s, many examples of identity management system (IM) have been proposed. In 1985, David Chaum considered a device that helps the user with payment transactions and upholds the user’s privacy [Chaum, 1985a, Chaum, 1985b]. In 1993, Roger Clark proposed the digital individual, that is, the individual’s data shadow in the computer system which can be compared to user’s identity [Clark, 1993]. In 1995, John Borking published a report about the Identity Protector to protect the user’s data [van Rossum et al., 1995]. In 1999, Martin Reichenbach proposed the reachability manager applied to telephone reachability [Herbert et al., 1999]. These mechanisms work at the packet level and sit on top of the on-the-air encryption mechanism offered by some 3G networks. 6Also, service discovery relies on a broadcast message on the part of the service provider. Terminals do not have to become active, and can avoid revealing their presence just for discovering services the user may not be interested in. • Authentication • one-way authentication based on long-term shared key between user's SIM card and the home network • Charging • network operator is trusted to charge correctly; based on user authentication • Privacy • data • link-level encryption over the air; no protection in the core network • identity/location/movements, unlinkability • use of temporary identifiers (TMSI) reduce the ability of an eavedropper to track movements within a PLMN • but network can ask the mobile to send its real identity (IMSI): on synchronization failure, on database failure, or on entering a new PLMN • network can also page for mobiles using IMSI • User • Service Provider • Context • Communication • Device
  • 5. 1.4 Technologies for Mobile Security. As we have seen in the previous Section, technologies for 2G mobile security provide standard functions for checking the subscriber identity authenticity, for protecting the subscriber anonymity and for encrypting user and signaling data. 3G, while retaining SIM-based authentication, enhances security features organizing the issue in four domains: access, network, user and application, and adding auxiliary information on visibility and configurability. For packet data traveling over the mobile network layer, conventional security technologies apply. Two main areas can be identified: • Security Network Domain. When Mobile IP is used at the network level over a mobile infrastructure, the most salient security issue is the problem of how to authenticate the registration messages that inform the server about a mobile node’s current IP address, in order to avoid spoofing and IP impersonation attacks [Cheswick et al., 2003].7 • Security Transport Domain. The well-known Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols provide entity authentication, data confidentiality, and data authentication. Trust Management. In the previous Section we saw how SIM-based authentication is the main technique for linking a terminal to a user identity. To secure this mechanism, however, specifical mobility-related threats must be addressed. As they get smaller, mobile terminals become more and more susceptible to theft. Stolen data is often regarded as being more valuable than the terminal itself. Thus, the need to protect user data and secrets is of paramount importance in a 3G mobile computing environment. Since 1999, the Trusted Computing Platform Alliance (TCPA) [Trusted Computing Platform Alliance, ] was created to foster industry participation in the development of an open specification for a trusted computing platform focused on two areas: ensuring privacy, and enhancing security. The TCPA provides for a platform root of trust, which uniquely identifies a particular platform, and provides various encryption capabilities, including hardware-protected storage. Digital Rights Management (DRM). DRM mobile networks rely on two crucial standards: the Open Mobile Association (OMA) DRM [OMA DRM Requirements - Version 2.0, 2003] and OMA Download (OMA 2004) [Generic Content Download Over The Air Specification - Version 1.0, 2003]. OMA DRM is the Digital Rights Management standard language for mobile phones published by the Open Mobile Alliance, while OMA Download is the application-level protocol that enables reliable and 7Mobile IPv4 and Mobile IPv6 solve this issue by using a protocol specific authentication extension based on a secret key shared between mobile node and home agent, and by reusing IPSec protocol to secure the binding updates, through Internet Key Exchange (IKE) protocol, respectively.secure downloading to mobile terminals of digital content whose access rights are specified using OMA DRM. OMA Download can be integrated to other channel-specific services such as billing, and management of premium priced. However, OMA DRM and OMA Download are different technologies designed for independent purposes. Taken together, they enable secure downloading of digital content to mobile terminals and improve the consumer’s experience of mobile content. Content protected by OMA DRM can be delivered using the OMA Download or other channel-specific protocols such as the Multimedia Message System (MMS). 1.5 Implications • Public-key cryptography can provide effective solutions • increased message sizes: use of elliptic curve cryptography can help
  • 6. • lack of PKI: enhanced privacy solution does not require a full-fledged PKI, some sort of infrastructure is required for charging anyway • Are these problems serious enough? • trust assumption may not change so drastically • providing true privacy is hard: hiding identity information is irrelevant as long as some other linkable information is associated with the messages • try not to preclude future solution • e.g., don’t insist on authentication when it is not essential • provide hooks for future use • e.g., 16-bit length fields to ensure sufficient room in message formats 1.6 Conclusions The amount of mobile computing is expected to increase dramatically in the near future. As the user’s demands increase with the offered services of mobile communication systems, the main expectation on such systems will be that they provide access to any service, anywhere, at anytime. Indeed, in today’s highly connected, and highly mobile environments, the secure transmission of information is imperative for every enterprise, and will grow in significance as mobile devices, networks, and applications continue to advance. However, the promise of mobile computing technologies further increases privacy and security concerns. In this chapter we have discussed the need for privacy and security in mobile systems and have presented technological trends which highlight that this issue is of growing concern. 1.6 References [Consortium, 1998] Consortium, W. W. W. (1998). P3P Guiding Principles. http://www.w3.org/TR/1998/NOTE-P3P10-principles. [Damiani et al., 2003] Damiani, E., di Vimercati, S. D. C., and Samarati, P. (2003). Managing Multiple and Dependable Identities. IEEE Internet Computing, pages 2–10. [Jendricke et al., 2002] Jendricke, U., Kreutzer, M., and Zugenmaier, A. (2002). Mobile Identity Management. In Proceedings of the Workshop on Security in Ubiquitous Computing (UBICOMP2002). [Kagal et al., 2001] Kagal, L., Finin, T., and Joshi, A. (2001). Trust-based security in pervasive computing environments. IEEE Communications. nced Topics in Database Research, volume