Mohamed Amine Ferrag,Leandros Maglaras,Antonios Argyriou,Dimitrios Kosmanos,Helge Janicke

DOI: https://doi.org/10.48550/arXiv.1708.04027

2017-08-14

Abstract:This paper presents a comprehensive survey of existing authentication and privacy-preserving schemes for 4G and 5G cellular networks. We start by providing an overview of existing surveys that deal with 4G and 5G communications, applications, standardization, and security. Then, we give a classification of threat models in 4G and 5G cellular networks in four categories, including, attacks against privacy, attacks against integrity, attacks against availability, and attacks against authentication. We also provide a classification of countermeasures into three types of categories, including, cryptography methods, humans factors, and intrusion detection methods. The countermeasures and informal and formal security analysis techniques used by the authentication and privacy preserving schemes are summarized in form of tables. Based on the categorization of the authentication and privacy models, we classify these schemes in seven types, including, handover authentication with privacy, mutual authentication with privacy, RFID authentication with privacy, deniable authentication with privacy, authentication with mutual anonymity, authentication and key agreement with privacy, and three-factor authentication with privacy. In addition, we provide a taxonomy and comparison of authentication and privacy-preserving schemes for 4G and 5G cellular networks in form of tables. Based on the current survey, several recommendations for further research are discussed at the end of this paper.

Cryptography and Security

Mir Ali Rezazadeh Baee,Leonie Simpson,Xavier Boyen,Ernest Foo,Josef Pieprzyk

DOI: https://doi.org/10.1186/s13638-021-01968-6

2021-05-21

EURASIP Journal on Wireless Communications and Networking

Abstract:Abstract In intelligent vehicular networks, vehicles have enhanced sensing capabilities and carry computing and communication platforms to enable new versatile systems known as Vehicular Communication (VC) systems. Vehicles communicate with other vehicles and with nearby fixed equipment to support different applications, including those which increase driver awareness of the surroundings. This should result in improved safety and may optimize traffic. However, VC systems are vulnerable to cyber attacks involving message manipulation. Research aimed at tackling this problem has resulted in the proposal of multiple authentication protocols. Several existing survey papers have attempted to classify some of these protocols based on a limited set of characteristics. However, to date there is no generic framework to support the comparison of these protocols and provide guidance for design and evaluation. Most existing classifications either use computation complexity of cryptographic techniques as a criterion, or they fail to make connections between different important aspects of authentication. This paper provides such a framework, proposing a new taxonomy to enable a consistent means of classifying authentication schemes based upon seven main criteria. The main contribution of this study is a framework to enable protocol designers and investigators to adequately compare and select authentication schemes when deciding on particular protocols to implement in an application. Our framework can be applied in design, making choices appropriate for the intended context in both intra-vehicle and inter-vehicle communications. We demonstrate the application of our framework using two different types of case study: individual analysis and hypothetical design. Additionally, this work makes several related contributions. We present the network model, outline the applications, list the communication patterns and the underlying standards, and discuss the necessity of using cryptography and key management in VC systems. We also review the threats, authentication, and privacy requirements in vehicular networks.

telecommunications,engineering, electrical & electronic

Chen Wang,Yan Wang,Yingying Chen,Hongbo Liu,Jian Liu

DOI: https://doi.org/10.1016/j.comnet.2020.107118

IF: 5.493

2020-04-01

Computer Networks

Abstract:<p>Mobile devices have brought a great convenience to us these years, which allow the users to enjoy the anytime and anywhere various applications such as the online shopping, Internet banking, navigation and mobile media. While the users enjoy the convenience and flexibility of the "Go Mobile" trend, their sensitive private information (e.g., name and credit card number) on the mobile devices could be disclosed. An adversary could access the sensitive private information stored on the mobile device by unlocking the mobile devices. Moreover, the user's mobile services and applications are all exposed to security threats. For example, the adversary could utilize the user's mobile device to conduct non-permitted actions (e.g., making online transactions and installing malwares). The authentication on mobile devices plays a significant role to protect the user's sensitive information on mobile devices and prevent any non-permitted access to the mobile devices. This paper surveys the existing authentication methods on mobile devices. In particular, based on the basic authentication metrics (i.e., knowledge, ownership and biometrics) used in existing mobile authentication methods, we categorize them into four categories, including the knowledge-based authentication (e.g., passwords and lock patterns), physiological biometric-based authentication (e.g., fingerprint and iris), behavioral biometrics-based authentication (e.g., gait and hand gesture), and two/multi-factor authentication. We compare the usability and security level of the existing authentication approaches among these categories. Moreover, we review the existing attacks to these authentication approaches to reveal their vulnerabilities. The paper points out that the trend of the authentication on mobile devices would be the multi-factor authentication, which determines the user's identity using the integration (not the simple combination) of more than one authentication metrics. For example, the user's behavior biometrics (e.g., keystroke dynamics) could be extracted simultaneously when he/she inputs the knowledge-based secrets (e.g., PIN), which can provide the enhanced authentication as well as sparing the user's trouble to conduct multiple inputs for different authentication metrics.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Milad Taleby Ahvanooey,Qianmu Li,Mahdi Rabbani,Ahmed Raza Rajput

DOI: https://doi.org/10.48550/arXiv.2001.09406

2020-01-26

Cryptography and Security

Abstract:Nowadays, the usage of smartphones and their applications have become rapidly increasing popular in people's daily life. Over the last decade, availability of mobile money services such as mobile-payment systems and app markets have significantly increased due to the different forms of apps and connectivity provided by mobile devices such as 3G, 4G, GPRS, and Wi-Fi, etc. In the same trend, the number of vulnerabilities targeting these services and communication networks has raised as well. Therefore, smartphones have become ideal target devices for malicious programmers. With increasing the number of vulnerabilities and attacks, there has been a corresponding ascent of the security countermeasures presented by the researchers. Due to these reasons, security of the payment systems is one of the most important issues in mobile payment systems. In this survey, we aim to provide a comprehensive and structured overview of the research on security solutions for smartphone devices. This survey reviews the state of the art on security solutions, threats, and vulnerabilities during the period of 2011-2017, by focusing on software attacks, such those to smartphone applications. We outline some countermeasures aimed at protecting smartphones against these groups of attacks, based on the detection rules, data collections and operating systems, especially focusing on open source applications. With this categorization, we want to provide an easy understanding for users and researchers to improve their knowledge about the security and privacy of smartphones.

Nyle Siddiqui,Laura Pryor,Rushit Dave

DOI: https://doi.org/10.1007/978-981-16-3246-4_54

2021-01-01

Abstract:With the recent advancements in technology, more and more people rely on their personal devices to store their sensitive information. Concurrently, the environment in which these devices are connected have grown to become more dynamic and complex. This opens the discussion of if the current authentication methods being used in these devices are reliable enough to keep these user’s information safe. This paper examines the different user authentication schemes proposed to increase the security of different devices. This article is split into two different avenues discussing authentication schemes that use either behavioral biometrics or physical layer authentication. This survey will discuss both the advantages and challenges that arise with the accuracy, usability, and overall security of machine learning methods in these authentication systems. This article aims to improve further research in this field by exhibiting the various current authentication models, their schematics, and their results.

Weizhi Meng,Duncan S. Wong,Steven Furnell,Jianying Zhou

DOI: https://doi.org/10.1109/comst.2014.2386915

2015-01-01

Abstract:Designing reliable user authentication on mobile phones is becoming an increasingly important task to protect users&#x27; private information and data. Since biometric approaches can provide many advantages over the traditional authentication methods, they have become a significant topic for both academia and industry. The major goal of biometric user authentication is to authenticate legitimate users and identify impostors based on physiological and behavioral characteristics. In this paper, we survey the development of existing biometric authentication techniques on mobile phones, particularly on touch-enabled devices, with reference to 11 biometric approaches (five physiological and six behavioral). We present a taxonomy of existing efforts regarding biometric authentication on mobile phones and analyze their feasibility of deployment on touch-enabled mobile phones. In addition, we systematically characterize a generic biometric authentication system with eight potential attack points and survey practical attacks and potential countermeasures on mobile phones. Moreover, we propose a framework for establishing a reliable authentication mechanism through implementing a multimodal biometric user authentication in an appropriate way. Experimental results are presented to validate this framework using touch dynamics, and the results show that multimodal biometrics can be deployed on touch-enabled phones to significantly reduce the false rates of a single biometric system. Finally, we identify challenges and open problems in this area and suggest that touch dynamics will become a mainstream aspect in designing future user authentication on mobile phones.

computer science, information systems,telecommunications

Ding Wang,Haibo Cheng,Debiao He,Ping Wang

DOI: https://doi.org/10.1109/jsyst.2016.2585681

IF: 4.802

2018-01-01

IEEE Systems Journal

Abstract:Providing secure, efficient, and privacy-preserving user authentication in mobile networks is a challenging problem due to the inherent mobility of users, variety of attack vectors, and resource-constrained nature of user devices. Recent studies show that identity-based cryptosystems can eliminate the certificate overhead and thus address the issues associated with public-key infrastructure technology-which is a rare bit of good news in today's computer security world. In this paper, we employ three representative identity-based remote user authentication schemes (i.e., Truong et al.'s scheme, Li et al.'s scheme, and Zhang et al.'s scheme) as case studies to reveal the challenges and subtleties in designing a practical authentication scheme for mobile devices. First, we demonstrate that Truong et al.'s scheme, which was presented at the IEEE AINA 2012, cannot achieve a few important security goals under our new attacking scenarios: 1) it fails to resist against known session-specific temporary information attack; 2) it cannot withstand key compromise impersonation attack; and 3) it is of poor usability. Second, we show that Li et al.'s privacy-preserving scheme, which was proposed at GLOBECOM 2012, is subject to some subtle (yet severe) efficiency problems that make it virtually impossible for any practical use. Third, we scrutinize a "provably secure" scheme for roaming services in mobile networks designed by Zhang et al. at SCN 2015 and find it prone to collusion attack and replay attack. Further, we investigate into the underlying causes for these identified failures, and figure out an improvement over Truong et al.'s scheme to overcome the revealed challenges while maintaining reasonable efficiency.

Wenting Li,Yaosheng Shen,Ping Wang

DOI: https://doi.org/10.1007/s11265-017-1305-z

2017-01-01

Abstract:Smart-card-based user authentication is a significant security mechanism that allows remote users to be granted access to services and resources in distributed computing environments. In this paper, we review three password-based authentication schemes with smart cards proposed by Mishra et al., in JISA 2015, Wu et al. in SCN 2015 and Moon et al. in IJNS 2017, respectively. We demonstrate that: (1) Despite being armed with a formal security proof in all schemes, Mishra et al.’s scheme actually cannot achieve the claimed feature of user anonymity and is vulnerable to a new insider attack scenario; and (2) Wu et al.’s scheme remains being susceptible to de-synchronization attack as they stated to overcome the weaknesses of Kumar et al.’s scheme. (3) Moon et al.’s scheme cannot achieve user anonymity and is susceptible to a novel impersonation attack. Furthermore, with the cryptanalysis of these three schemes and our previous protocol design and analysis experience, we figure out two principles to design more robust smart-card-based user authentication schemes. The proposed principles would be helpful to protocol designers for proposing schemes with desirable user friendliness and security.

Rushit Dave

DOI: https://doi.org/10.48550/arXiv.2109.02695

2021-09-07

Abstract:With the latest developments in technology, extra and extra human beings depend on their private gadgets to keep their touchy information. Concurrently, the surroundings in which these gadgets are linked have grown to grow to be greater dynamic and complex. This opens the dialogue of if the modern day authentication strategies being used in these gadgets are dependable ample to preserve these user's records safe. This paper examines the distinct consumer authentication schemes proposed to make bigger the protection of exceptional devices. This article is break up into two one of a kind avenues discussing authentication schemes that use both behavioral biometrics or physical layer authentication. This survey will talk about each the blessings and challenges that occur with the accuracy, usability, and standard protection of computing device getting to know strategies in these authentication systems. This article targets to enhance in addition lookup in this subject via exhibiting the more than a few present day authentication models, their schematics, and their results.

Cryptography and Security

Abdulaziz Alzubaidi,Jugal Kalita

DOI: https://doi.org/10.48550/arXiv.1911.04104

2019-11-11

Cryptography and Security

Abstract:Smartphones and tablets have become ubiquitous in our daily lives. Smartphones, in particular, have become more than personal assistants. These devices have provided new avenues for consumers to play, work, and socialize whenever and wherever they want. Smartphones are small in size, so they are easy to handle and to stow and carry in users' pockets or purses. However, mobile devices are also susceptible to various problems. One of the greatest concerns is the possibility of breach in security and privacy if the device is seized by an outside party. It is possible that threats can come from friends as well as strangers. Due to the size of smart devices, they can be easily lost and may expose details of users' private lives. In addition, this might enable pervasive observation or imitation of one's movements and activities, such as sending messages to contacts, accessing private communication, shopping with a credit card, and relaying information about where one has been. This paper highlights the potential risks that occur when smartphones are stolen or seized, discusses the concept of continuous authentication, and analyzes current approaches and mechanisms of behavioral biometrics with respect to methodology, associated datasets and evaluation approaches.

Habiba Farzand,Melvin Abraham,Stephen Brewster,Mohamed Khamis,Karola Marky

DOI: https://doi.org/10.1080/10447318.2024.2361519

IF: 4.92

2024-06-14

International Journal of Human-Computer Interaction

Abstract:Mobile phones are most likely the subject of targeted attacks, such as software exploits. The resources needed to carry out such attacks are becoming increasingly available and, hence, easily executable, putting users' privacy at risk. We conducted a systematic literature analysis to understand the relationship between resources and attack feasibility and present a categorisation of social engineering and side-channel attacks on mobile phones focusing on the resources attackers require. Our proposed categorisation levels facilitate an in-depth understanding of how mobile phone attacks can be executed using different combinations of partly simple resources. The analysis reveals that discrete protection mechanisms are insufficient to provide all-inclusive protection. The proposed categorisation assists in building novel solutions for safeguarding users' privacy from diverse attacks by carefully considering the potential misuse of resources. We conclude by outlining future research directions highlighting the urgent need for a holistic user defense.

computer science, cybernetics,ergonomics

Stefan Certic

DOI: https://doi.org/10.48550/arXiv.1302.4201

2016-11-17

Abstract:Mobile devices are more than just phones, they are a lifeline to the outdoor world, entertainment platform, GPS system, a little black book and a shopping and banking tool. What is not well known is that these devices are also gateways. Mobile devices can be used by a hacker as an access point into many other aspects of your digital life as well the lives of others in your network, making mobile security about more than just protecting your phone. This is an overview of technologies supporting mobile data cryptography and two-step protection mechanisms that may be used to secure online transactions and user authentication.

Cryptography and Security

Ziyi Zhou,Xing Han,Zeyuan Chen,Yuhong Nan,Juanru Li,Dawu Gu

DOI: https://doi.org/10.1109/dsn53405.2022.00059

2022-01-01

Abstract:A recently emerged cellular network based One-Tap Authentication (OTAuth) scheme allows app users to quickly sign up or log in to their accounts conveniently: Mobile Network Operator (MNO) provided tokens instead of user passwords are used as identity credentials. After conducting a first in-depth security analysis, however, we have revealed several fundamental design flaws among popular OTAuth services, which allow an adversary to easily (1) perform unauthorized login and register new accounts as the victim, (2) illegally obtain identities of victims, and (3) interfere OTAuth services of legitimate apps. To further evaluate the impact of our identified issues, we propose a pipeline that integrates both static and dynamic analysis. We examined 1,025/894 Android/iOS apps, each app holding more than 100 million installations. We confirmed 396/398 Android/iOS apps are affected. Our research systematically reveals the threats against OTAuth services. Finally, we provide suggestions on how to mitigate these threats accordingly.

Hosam Alamleh,Ali Abdullah S. AlQahtani,Baker Al Smadi

DOI: https://doi.org/10.48550/arXiv.2304.09468

2023-04-19

Cryptography and Security

Abstract:The rise of smartphones has led to a significant increase in the usage of mobile payments. Mobile payments allow individuals to access financial resources and make transactions through their mobile devices while on the go. However, the current mobile payment systems were designed to align with traditional payment structures, which limits the full potential of smartphones, including their security features. This has become a major concern in the rapidly growing mobile payment market. To address these security concerns,in this paper we propose new mobile payment architecture. This architecture leverages the advanced capabilities of modern smartphones to verify various aspects of a payment, such as funds, biometrics, location, and others. The proposed system aims to guarantee the legitimacy of transactions and protect against identity theft by verifying multiple elements of a payment. The security of mobile payment systems is crucial, given the rapid growth of the market. Evaluating mobile payment systems based on their authentication, encryption, and fraud detection capabilities is of utmost importance. The proposed architecture provides a secure mobile payment solution that enhances the overall payment experience by taking advantage of the advanced capabilities of modern smartphones. This will not only improve the security of mobile payments but also offer a more user-friendly payment experience for consumers.

Varun Chandrasekaran,Fareeha Amjad,Ashlesh Sharma,Lakshminarayanan Subramanian

DOI: https://doi.org/10.48550/arXiv.1604.04667

2016-04-16

Abstract:The unique identities of every mobile user (phone number,IMSI) and device (IMEI) are far from secure and are increasingly vulnerable to a variety of network-level threats. The exceedingly high reliance on the weak SIM authentication layer does not present any notion of end-to-end security for mobile users. We propose the design and implementation of Secure Mobile Identities (SMI), a repetitive key-exchange protocol that uses this weak SIM authentication as a foundation to enable mobile users to establish stronger identity authenticity. The security guarantees of SMI are directly reliant on the mobility of users and are further enhanced by external trusted entities providing trusted location signatures (e.g. trusted GPS, NFC synchronization points). In this paper, we demonstrate the efficacy of our protocol using an implementation and analysis across standard mobility models.

Cryptography and Security,Networking and Internet Architecture

Ahmet Cevahir Cinar,Turkan Beyza Kara

DOI: https://doi.org/10.1007/s11042-023-14400-6

Abstract:Smartphones have become small computers that meet many of our needs, from e-mail and banking transactions to communication and social media use. In line with these attractive functions, the use of smartphones has greatly increased over the years. One of the most important features of these mobile devices is that they offer users many mobile applications that they can install. However, hacker attacks and the spread of malware have also increased. Today, current mobile malware detection and defense technologies are still inadequate. Mobile security is not only directly related to the operating system and used device but also related with communication over the internet, data encryption, data summarization, and users' privacy awareness. The main aim and contribution of this study are to collect the current state of mobile security and highlight the future of mobile security in light of the recent mobile security threat reports. The studies in the field of malware, attack types, and security vulnerabilities concerning the usage of smartphones were analyzed. The malware detection techniques were analyzed into two categories: signature-based and machine learning (behavior detection)-based techniques. Additionally, the current threats and prevention methods were described. Finally, a future direction is highlighted in the light of the current mobile security reports.

Muhamed Halilovic,Abdulhamit Subasi

DOI: https://doi.org/10.48550/arXiv.1211.6610

2012-11-28

Abstract:Smartphone technology is more and more becoming the predominant communication tool for people across the world. People use their smartphones to keep their contact data, to browse the internet, to exchange messages, to keep notes, carry their personal files and documents, etc. Users while browsing are also capable of shopping online, thus provoking a need to type their credit card numbers and security codes. As the smartphones are becoming widespread so do the security threats and vulnerabilities facing this technology. Recent news and articles indicate huge increase in malware and viruses for operating systems employed on smartphones (primarily Android and iOS). Major limitations of smartphone technology are its processing power and its scarce energy source since smartphones rely on battery usage. Since smartphones are devices which change their network location as the user moves between different places, intrusion detection systems for smartphone technology are most often classified as IDSs designed for mobile ad-hoc networks. The aim of this research is to give a brief overview of IDS technology, give an overview of major machine learning and pattern recognition algorithms used in IDS technologies, give an overview of security models of iOS and Android and propose a new host-based IDS model for smartphones and create proof-of-concept application for Android platform for the newly proposed model. Keywords: IDS, SVM, Android, iOS;

Cryptography and Security,Artificial Intelligence

Huiping Sun,Junde Song,Zhong Chen

DOI: https://doi.org/10.1109/CCNC.2010.5421695

2010-01-01

Abstract:Mobile IPv6 is a very important part in the mobile computing for global Internet. However, there are some vulnerability and attacks in the current mobile IPv6 such binding update and MITM. Therefore, the safe and flexible model to authenticate every entity is required. This paper studies the existing security problems in the current mobile IPv6; meanwhile, we summary and analyze the existing authentication technology, protocols, infrastructures in the current mobile IPv6 and give the overview of this area.

Raphael Spreitzer,Veelasha Moonsamy,Thomas Korak,Stefan Mangard

DOI: https://doi.org/10.1109/comst.2017.2779824

2018-01-01

Abstract:Side-channel attacks on mobile devices have gained increasing attention since their introduction in 2007. While traditional side-channel attacks, such as power analysis attacks and electromagnetic analysis attacks, required physical presence of the attacker as well as expensive equipment, an (unprivileged) application is all it takes to exploit the leaking information on modern mobile devices. Given the vast amount of sensitive information that are stored on smartphones, the ramifications of side-channel attacks affect both the security and privacy of users and their devices. In this paper, we propose a new categorization system for side-channel attacks, which is necessary as side-channel attacks have evolved significantly since their scientific investigations during the smart card era in the 1990s. Our proposed classification system allows to analyze side-channel attacks systematically, and facilitates the development of novel countermeasures. Besides this new categorization system, the extensive survey of existing attacks and attack strategies provides valuable insights into the evolving field of side-channel attacks, especially when focusing on mobile devices. We conclude by discussing open issues and challenges in this context and outline possible future research directions.

computer science, information systems,telecommunications

Donghong Sun,Wu Liu,Ping Ren,Dongbin Sun

DOI: https://doi.org/10.1109/ctc.2012.10

2012-01-01

Abstract:The proliferations of the mobile intelligent terminal have brought them to the spotlight of the attackers for the sensitive information they carried. However, the current security schemes on the mobile intelligent terminal are fragile. This paper proposed a new transparent authentication and encryption measure to protect the confidentiality and integrity of the data on the mobile intelligent terminal. Our method is user-friendly as no interaction is needed during the process. Also, the result can be applied as evidence to identify who have used the phone.