YAO Lin,FAN Qing-na,KONG Xiang-wei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.32.030

2010-01-01

Abstract:Pervasive computing raises new challenges to the security and privacy of the Internet communication,and conventional authentication protocols cannot meet the requirements of this new pervasive environment.A novel mutual authentication and key establishment scheme to secure the interactions between mobile users and service providers is proposed.Highly integrating biometric encryption and the Diffie-Hellman key exchange,the proposed protocol achieves mutual authentication without revealing any privacy information of the user.Secure session key establishment is enabled by the proposed algorithm.Differentiated service access control is also achieved with the biometric encryption.It is shown that the protocol can resist most of the attacks,especially the denial of service attack.

Li Kuang,Yingjie Xia,Caijun Sun,Jiaming Wu,Liangdi Bao

DOI: https://doi.org/10.19026/rjaset.5.4738

2013-01-01

Abstract:With wide adoption of Service Computing and Mobile Computing, people tend to invoke services with mobile devices, requiring accurate and real-time feedback from services at any time and any place. Among these services, some are private to limited users and require identity authorization before use; hence secure access control in wireless network should be provided. To address the challenge, in this study, we propose the architecture and protocols of a system of access to private services for mobile clients, which combines the technologies of trusted computing, Diffie-Hellman key agreement protocol, digital certificate, DES data encryption algorithm and twice verification. We further show the implementation of the proposed system, in which we have realized the authentication and authorization of mobile clients and then secure data transfer between mobile clients in the unsafe Internet and private services in the Intranet. © 2013 Maxwell Scientific Organization.

Qi Li,Xinwen Zhang,Jean-Pierre Seifer,Hulin Zhong

DOI: https://doi.org/10.1109/aptc.2008.24

2008-01-01

Abstract:Mobile payment (m-payment) received significant attention because it enables an easy payment mechanism and becomes an important complement to traditional payment means. However, m-payment over open devices and networks poses security challenges of a new dimension. Although many researchers address security issues in m-payment, there are still some security problems that are not well resolved, such as platform integrity and user privacy protection. In this paper, we propose a general payment architecture with Trusted Computing (TC) technologies to secure mobile payment. Using only a simple mobile payment infrastructure, a platform integrity protection solution is proposed to secure payment software downloading, application initialization, and secure payment transactions. We further propose two schemes to enhance the performance and flexibility of our solution. The first scheme provides platform attestation using an identity-based signature (IBS) algorithm instead of a traditional credential-based public-key signature algorithm within Trusted Computing Group (TCG) technologies, which fully utilizes the merits of the mobile computing infrastructure and improves the flexibility and performance of the payment solution. The second scheme provides attestation caching without sacrificing security achievements. We have implemented a real prototype system based on an emulated payment environment. Our security analysis and experimental results prove that our scheme can effectively meet the security requirements of a practical m-payment with acceptable performance.

Chen Tianzhou,Huang Yu,Chen Feng,Hu Wei

2006-01-01

Abstract:There are many security defects in existing mobile communication systems, such as unidirectional authentication and cipher key transmission in plaintext. With the expansion of the mobile communication services, the mobile security becomes more and more important, but the existing communication systems can not prevent hostile attacks to supply high-quality service because of their defects in security. To solve these problems, we propose a new Security Architecture for Mobile Communication (SAMC), which employs new authentication protocols, chooses different encryption algorithms for different requirements and implements integrity control mechanism. Good security is developed in an open environment with the collaboration of experts. It has the robust security and the outstanding performance, just a slight and acceptable loss.

Rui Chang,Liehui Jiang,Wenzhi Chen,Hong-qi He,Shuiqiao Yang,Hang Jiang,Wei Liu,Yong Liu

DOI: https://doi.org/10.1002/cpe.4180

2018-01-01

Abstract:This paper discusses security issues on the user equipment, which is the last mile of social networks. One of the main Achilles' heel of social networks is not the organization of networks themselves, but the user devices, typically Android ones. The existing system of privileges makes it easy to infiltrate the network via applications installed on users' devices. Conventional signature-based and static analysis methods are vulnerable. Access to privacy- and security-relevant parts of the application programming interface is controlled by the corresponding permission in a manifest file. While requesting access to permissions, it may offer opportunities to malicious codes, which will cause security issues. Few works among permission analysis, however, pay attention to the prevention of permission leakage on both hardware and software frameworks. In this paper we tackle the challenge of providing our multilayered permission-based security extension scheme on Android platforms. We propose a usage and access control model and an effective method of preventing permission leakage based on ARM TrustZone security extension mechanism. In contrast to previous work, the proposed security architecture provides a permission-based mandatory access control on Android middleware, Linux kernel, and hardware layers. The evaluation results demonstrate the effectiveness of the proposed scheme in mitigating permission leakage vulnerabilities.

Xiaoping Wu,Zhidong Shen

DOI: https://doi.org/10.1109/CSSE.2008.888

2008-12-12

Abstract:The Mobile Agent (MA) has been seen as a promising distributed computing technology. According to the analysis of security problems of current mobile agents that are exposed in opening environment, a model system for mobile agent is proposed in this paper. In this system, the mobile agent security is enhanced by the Trusted Computing Technology. The mobile agent security supporting environment (MASSE) is designed by using trusted software stack (TSS) and trusted computing platform (TCP). To improve the security of MA system, some MA security services, such as authentication, role based access control and MA negotiation, are discussed in this paper. The working process of MASSE is also described.

Computer Science,Engineering

Xuebin Sun,Shuang Men,Chenglin Zhao,Zheng Zhou

DOI: https://doi.org/10.1002/sec.551

IF: 1.968

2012-05-10

Security and Communication Networks

Abstract:Machine‐to‐machine (M2M) techniques have significant application potential in the emerging internet of things, which may cover many fields from intelligence to ubiquitous environment. However, because of the data exposure when transmitted via cable, wireless mobile devices, and other technologies, its security vulnerability has become a great concern during its further extending development. This problem may even get worse if the user privacy and property are considered. Therefore, the authentication process of communicating entities has attracted wide investigation. Meanwhile, the data confidentiality also becomes an important issue in M2M, especially when the data are transmitted in a public and thereby insecure channel. In this paper, we propose a promising M2M application model that connects a mobile user with the home network using the existing popular Time Division‐Synchronous Code Division Multiple Access (TD‐SCDMA) network. Subsequently, a password‐based authentication and key establishment protocol is designed to identify the communicating parties and hence establish a secure channel for data transmissions. The final analysis shows the reliability of our proposed protocol. Copyright © 2012 John Wiley & Sons, Ltd. In this article, we propose a promising M2M application model that connects a mobile user with the home network by using the existing popular Time Division‐Synchronous Code Division Multiple Access (TD‐SCDMA) network. A reliability password‐based authentication and key establishment protocol is also designed to identify the communicating parties and hence, establish a secure channel for data transmissions.

computer science, information systems,telecommunications

Daojing He,Maode Ma,Yan Zhang,Chun Chen,Jiajun Bu

DOI: https://doi.org/10.1016/j.comcom.2010.02.031

IF: 5.047

2011-01-01

Computer Communications

Abstract:Seamless roaming over wireless network is highly desirable to mobile users, and security such as authentication of mobile users is challenging. Recently, due to tamper-resistance and convenience in managing a password file, some smart card based secure authentication schemes have been proposed. This paper shows some security weaknesses in those schemes. As the main contribution of this paper, a secure and light-weight authentication scheme with user anonymity is presented. It is simple to implement for mobile user since it only performs a symmetric encryption/decryption operation. Having this feature, it is more suitable for the low-power and resource-limited mobile devices. In addition, it requires four message exchanges between mobile user, foreign agent and home agent. Thus, this protocol enjoys both computation and communication efficiency as compared to the well-known authentication schemes. As a special case, we consider the authentication protocol when a user is located in his/her home network. Also, the session key will be used only once between the mobile user and the visited network. Besides, security analysis demonstrates that our scheme enjoys important security attributes such as preventing the various kinds of attacks, single registration, user anonymity, no password/verifier table, and high efficiency in password authentication, etc. Moreover, one of the new features in our proposal is: it is secure in the case that the information stored in the smart card is disclosed but the user password of the smart card owner is unknown to the attacker. To the best of our knowledge, until now no user authentication scheme for wireless communications has been proposed to prevent from smart card breach. Finally, performance analysis shows that compared with known smart card based authentication protocols, our proposed scheme is more simple, secure and efficient.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

DOI: https://doi.org/10.23919/tst.2017.8030534

2017-01-01

Tsinghua Science & Technology

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, such as smart hardware as well as wearable and mobile devices. Typically, these devices use universal hardware and software to connect with public networks via the Internet, and are probably open to security threats from Trojan viruses and other malware. As a result, the security of sensitive personal data is threatened and economic interests in the industry are compromised. To address the run-time security problems efficiently, first, a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Finally, both analytical and experimental evaluations are provided. The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme.

Feng Qiu,Xiaoqian Li

DOI: https://doi.org/10.1007/978-3-319-49145-5_11

2016-01-01

Abstract:To address the information leakage problems existed in the smartphone mobility office of enterprises and institutions, we propose security mobile office architecture and design application security authentication mechanism, software and hardware resource control mechanism, security storage isolation mechanism, which provide safe protection for sensitive data. To evaluate the propose schemes, we implement them in the android system and cloud service platform. The evaluation results verify the feasibility and effectiveness of the security mobile office technology.

Chen Tianzhou,Mao Haixia,Dai Hongjun

2006-01-01

Abstract:This paper briefly analyzes the security mechanisms of GSM/UMTS and finds their security defects, such as unidirectional authentication and cipher key transmission without encryption. For these defects, existing mobile communication systems can not prevent hostile attacks to satisfy high-level security demands. To solve these problems, we propose the robust Middleware Architecture for Mobile Communication Security (MAMCS), which employs new Authentication and Key Agreement (AKA) protocols, chooses different encryption algorithms for different applications and implements integrity control mechanism. In the end, we analyze the performance of MAMCS and show that MAMCS gets a 200%~2% improvement in security only at the cost of 1.51% descent in bandwidth and 18.14 ms extra latency.

Hongil Ju,Yong-Sung Jeon,Youngsae Kim,Jeongnyeo Kim

DOI: https://doi.org/10.1109/TCE.2015.7389805

2015-11-01

IEEE Transactions on Consumer Electronics

Abstract:The purpose of this study is to suggest a solution to recently emerging security threats to mobile devices and enable users to use mobile services in a secure manner. To that end, this paper presents the design and implementation method for a hardware security chip required for providing advanced mobile security services. The proposed method could be the fastest and most efficient approach among various approaches. This study implements a Mobile Trusted Module (MTM) chip as a hardware security chip and confirms its commercial potential through interface testing with a smartphone. The implemented MTM chip is based on a smart card IC, and it includes an interface conversion chip that supports the I/O interface with a mobile device. The chip size is 5mm × 5mm, and the chip does not consume more than 10 mA of current. In addition, it provides additional security functions, including the required functions for an MTM chip. Therefore, with the proposed hardware security chip, it is possible to establish a secure service execution environment for mobile devices.

Engineering,Computer Science

Tu Shanshan,Huang Yongfeng

DOI: https://doi.org/10.1109/cc.2015.7385527

2015-01-01

China Communications

Abstract:This paper proposes a new access architecture onmobile cloud, which introduces a middle layer sitting between mobile devices and their cloud infrastructure. This middle layer is composed of cloudlets which are deployed by cloud services providers, such as wireless network access points (APs), to improve the performance of mobile cloud servicesand be different from traditional mobile operator mode. Then based on this new architecture,we improve our previous (Attribute-basedencryption) ABE access control scheme on cloud for mobile cloud, which is proposed to offload the main amount of computations to the cloudlet as the function of cloud. Simulationresults demonstratethe new access control scheme takes into consideration response time constraints and network statusof access task execution, while satisfying certain network security for mobile cloud.

Jiaqing Mo,Zhongwang Hu,Hang Chen,Wei Shen

DOI: https://doi.org/10.1155/2019/4520685

2019-01-01

Wireless Communications and Mobile Computing

Abstract:Nowadays, due to the rapid development and wide deployment of handheld mobile devices, the mobile users begin to save their resources, access services, and run applications that are stored, deployed, and implemented in cloud computing which has huge storage space and massive computing capability with their mobile devices. However, the wireless channel is insecure and vulnerable to various attacks that pose a great threat to the transmission of sensitive data. Thus, the security mechanism of how the mobile devices and remote cloud server authenticate each other to create a secure session in mobile cloud computing environment has aroused the interest of researchers. In this paper, we propose an efficient and provably secure anonymous two-factor user authentication protocol for the mobile cloud computing environment. The proposed scheme not only provides mutual authentication between mobile devices and cloud computing but also fulfills the known security evaluation criteria. Moreover, utilization of ECC in our scheme reduces the computing cost for mobile devices that are computation capability limited and battery energy limited. In addition, the formal security proof is given to show that the proposed scheme is secure under random oracle model. Security analysis and performance comparisons indicate that the proposed scheme has reasonable computation cost and communication overhead at the mobile client side as well as the server side and is more efficient and more secure than the related competitive works.

Yongkai Fan,Shengle Liu,Gang Tan,Fei Qiao

DOI: https://doi.org/10.1016/j.future.2018.05.062

IF: 7.307

2020-01-01

Future Generation Computer Systems

Abstract:With the wide adoption of mobile devices, it becomes increasingly a reality that mobile users use a variety of apps from various sources. Since the enforcement of strict privacy is difficult, the inappropriate access by malicious apps is a major concern for mobile users, and access control becomes a challenge. In order to prevent the leakage of sensitive information ( such as the contact lists, or private pictures) by inappropriate or illegal access, we propose a fine-grained access-control scheme based on Ciphertext-Policy Attribute-Based Encryption (CPABE) and Trusted Execution Environment (TEE), which can effectively protect data. In the scheme, CPABE is adopted in a novel way to solve the important security problems by supporting fine-grained access control during the access period and by supporting the critical operations running in the trusted execution environment. The scheme can be used to mitigate the sensitive information attacks and enhance confidentiality. Moreover, it can reduce the risk in the case of one single authority. Compared to the traditional access-control mechanisms, our experimental results indicate that the proposed scheme satisfies the security requirements, and is superior to other existing schemes. (C) 2018 Elsevier B.V. All rights reserved.

Yichuan Wang,Wen Gao,Xinhong Hei,Irenee Mungwarama,Ju Ren

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata-cybermatics50389.2020.00032

2020-01-01

Abstract:The development of mobile internet has brought convenience to people, but the openness and diversity of mobile Internet make it face the security threat of communication privacy data disclosure. In this paper, a trusted android device security communication method based on TrustZone is proposed. Firstly, Elliptic Curve Diffie-Hellman (ECDH) key agreement algorithm is used to make both parties negotiate the session key in the Trusted Execution Environment (TEE), and then, we stored the key safely in the TEE. Finally, TEE completes the encryption and decryption of the transmitted data. This paper constructs a secure communication between mobile devices without a trusted third party and analyzes the feasibility of the method from time efficiency and security. The experimental results show that the method can resist malicious application monitoring in the process of data encryption and ensures the security of the session key. Compared with the traditional scheme, it is found that the performance of the scheme is not significantly reduced.

Haojie Lu

2009-01-01

Abstract:User authentication is mostly carried out by sending a pair of username and password to the server in insecure network,since most users have not a certificate.Just based on this fact,some attacks are achieved.The method of phishing and the common mechanism of protecting key are analyzed,and an authentication scheme employing trusted computing technology is proposed.Since the scheme combines protected storage,authentication chain,and password partition etc,thieving only the password will not have an affect on user security.In the end,the proposed approach is proven to protect against phishing attacks.

Donghong Sun,Wu Liu,Ping Ren,Dongbin Sun

DOI: https://doi.org/10.1109/ctc.2012.10

2012-01-01

Abstract:The proliferations of the mobile intelligent terminal have brought them to the spotlight of the attackers for the sensitive information they carried. However, the current security schemes on the mobile intelligent terminal are fragile. This paper proposed a new transparent authentication and encryption measure to protect the confidentiality and integrity of the data on the mobile intelligent terminal. Our method is user-friendly as no interaction is needed during the process. Also, the result can be applied as evidence to identify who have used the phone.

Niu Shaozhang,Tu Shanshan,Huang Yongfeng

DOI: https://doi.org/10.1049/cje.2015.07.015

IF: 1.019

2015-01-01

Chinese Journal of Electronics

Abstract:Cloud computing services have got rapid development in the field of the lightweight terminal, especially wireless communications. The comprehensive access control system framework is proposed for the cloud. A kind of access control scheme based on attribute encryption is designed, in which lightweight devices can safely use cloud computing resources to outsource encrypt/decrypt operations, and not worry for exposing terminal sensitive data. The scheme is verified by performance evaluation about the security, computing, storage, to ensure the legitimate interests of users in the cloud.

Kaiping Xue,Xinyi Luo,Hangyu Tian,Jianan Hong,David S. L. Wei,Jian Li

DOI: https://doi.org/10.1109/tvt.2021.3138203

IF: 6.8

2022-01-01

IEEE Transactions on Vehicular Technology

Abstract:In mobile communication networks, when a user roams to and accesses a foreign network, the foreign operator needs to request the user’s subscription data from a centralized authentication server, which is managed by the user’s home operator. However, centralized authentication introduces single point of failure. Meanwhile, the real-time participation of the home operator and the trust relationship between the foreign operator and the home operator are difficult to guarantee. In this paper, by adopting blockchain and smart contracts, we propose a secure and efficient access control scheme of user subscription data in roaming scenarios. We further design a flexible user authentication scheme, which utilizes derivable tokens based on the proposed access control scheme. By using blockchain to store and manage user subscription data, access control can be decentralized without any trusted third party. Besides, by implementing automatic verification of access privilege through smart contracts, the limitation of the home operators’ real-time participation is eliminated. In addition, to further improve security and reduce the on-chain storage overhead, we optimize the data encryption and storage scheme utilizing threshold secret sharing. Our security and performance analysis show that the proposed user subscription data access control scheme for roaming service provides high-level security while causing acceptable time and storage overhead.