发布求助
文献互助 智能选刊 最新文献

2015 First Conference on Mobile and Secure Services (MOBISECSERV)最新文献

筛选
英文 中文
Manage your own security domain on your smartphone 在智能手机上管理自己的安全域
2015 First Conference on Mobile and Secure Services (MOBISECSERV) Pub Date : 2015-04-02 DOI: 10.1109/MOBISECSERV.2015.7072869
Arne Munch-Ellingsen, Anders Andersen, S. Akselsen
{"title":"Manage your own security domain on your smartphone","authors":"Arne Munch-Ellingsen, Anders Andersen, S. Akselsen","doi":"10.1109/MOBISECSERV.2015.7072869","DOIUrl":"https://doi.org/10.1109/MOBISECSERV.2015.7072869","url":null,"abstract":"Mobile network operators' role as keystone players in the smartphone ecosystem is challenged by other actors and technologies that aim to reduce the importance of the Universal Integrated Circuit Card (also known as SIM card). Modern Universal Integrated Circuit Cards are Java Cards that also include a Global Platform conformant Secure Element, usually under the mobile operator's control. We argue that mobile operators still have the opportunity to defend their role by offering easy access for customers and service providers to the Secure Element on the Universal Integrated Circuit Card for storing data and executing applications with high demands for security. The mobile operators could let the customers or service providers own and manage their private Global Platform specified supplementary security domain on the Secure Element. Such access to supplementary security domains on the Universal Integrated Circuit Card can enable new ecosystems and new business models created around this asset. This paper describes a novel smartphone, customer and service provider oriented, technical approach to management of the secure element. We have designed and implemented SecurePlay, a client side, proxy based \"lightweight\" Trusted Service Manager prototype and have successfully used it to manage Secure Elements on Universal Integrated Circuit Cards in the Telenor operated mobile phone network in Norway. SecurePlay allow operators to cost efficiently enable end users' ownership and operation of their own private security. Implementation details of a proof-of-concept prototype are presented.","PeriodicalId":164383,"journal":{"name":"2015 First Conference on Mobile and Secure Services (MOBISECSERV)","volume":"161 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123026874","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Over-the-internet: efficient remote content management for secure elements in mobile devices 互联网上:有效的远程内容管理的安全元素在移动设备
2015 First Conference on Mobile and Secure Services (MOBISECSERV) Pub Date : 2015-04-02 DOI: 10.1109/MOBISECSERV.2015.7072873
M. Sabt, Mohammed Achemlal, A. Bouabdallah
{"title":"Over-the-internet: efficient remote content management for secure elements in mobile devices","authors":"M. Sabt, Mohammed Achemlal, A. Bouabdallah","doi":"10.1109/MOBISECSERV.2015.7072873","DOIUrl":"https://doi.org/10.1109/MOBISECSERV.2015.7072873","url":null,"abstract":"We propose Over-the-Internet (OTI), a novel system that manages secure element based applications. We demonstrate our solution in the context of NFC ecosystem and show that it can be effectively used for transmitting big applications to the secure element. Our system leverages the GlobalPlatform card specification as well as the GlobalPlatform user-centric ownership model. Our solution integrates the different actors of the NFC ecosystem in its architecture. We propose to leverage the concept of security domain, so that service providers can manage their applications independently from the SE issuer. We implement our solution within available platforms and show that it is secure, fast, reliable and easily deployable.","PeriodicalId":164383,"journal":{"name":"2015 First Conference on Mobile and Secure Services (MOBISECSERV)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114556758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Performance variation in host-based card emulation compared to a hardware security element 与硬件安全元素相比,基于主机的卡模拟中的性能变化
2015 First Conference on Mobile and Secure Services (MOBISECSERV) Pub Date : 2015-04-02 DOI: 10.1109/MOBISECSERV.2015.7072872
A. Umar, K. Mayes, K. Markantonakis
{"title":"Performance variation in host-based card emulation compared to a hardware security element","authors":"A. Umar, K. Mayes, K. Markantonakis","doi":"10.1109/MOBISECSERV.2015.7072872","DOIUrl":"https://doi.org/10.1109/MOBISECSERV.2015.7072872","url":null,"abstract":"Traditionally, card emulation mode in Near Field Communication devices makes use of a hardware Secure Element (SE) as a secure storage and execution environment for applications. However, a different way of card emulation that bypasses the SE has emerged, referred to as Host-based Card Emulation (HCE). HCE relies on the phone CPU for processing power, sharing it with other running processes. This produces variable readings in terms of response times from the phone. This paper investigates this variability in HCE implementation as compared to an SE implementation. We also discuss how our findings may call into question the use of HCE in time critical scenarios.","PeriodicalId":164383,"journal":{"name":"2015 First Conference on Mobile and Secure Services (MOBISECSERV)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115537898","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Sesame: a secure and convenient mobile solution for passwords 芝麻:安全便捷的移动密码解决方案
2015 First Conference on Mobile and Secure Services (MOBISECSERV) Pub Date : 2015-04-02 DOI: 10.1109/MOBISECSERV.2015.7072879
Mehrdad Aliasgari, Nick Sabol, Ashutosh Sharma
{"title":"Sesame: a secure and convenient mobile solution for passwords","authors":"Mehrdad Aliasgari, Nick Sabol, Ashutosh Sharma","doi":"10.1109/MOBISECSERV.2015.7072879","DOIUrl":"https://doi.org/10.1109/MOBISECSERV.2015.7072879","url":null,"abstract":"Passwords are the main and most common method of remote authentication. However, they have their own frustrating challenges. Users tend to forget passwords that are chosen to be hard to guess. Password managers are an approach to keeping our passwords safe. However, they mainly rely on one master password to secure all of our passwords. If this master password is compromised then all other passwords can be recovered. In this work, we introduce Sesame: a secure yet convenient mobile-based, voice-activated password manager. It combines all different methods of user authentication to create a more robust digital vault for personal data. Each password is encrypted with a new fresh key on the user's mobile device for maximum security. The keys are stored in our servers in a protected format. The user has the option of backing up the encrypted passwords in any cloud service. To view a password, the user only needs to utter the name of a web service, and speaker and speech recognition are applied for authentication. Only the key for that service is sent to the mobile application and the password is decrypted and displayed. The biggest advantage of Sesame is that the user need not assume any trust to neither our servers nor any cloud storage. Also, there is no need to enter a master password every time since speaker recognition is used. However, as an alternative to voice, users can view their passwords using a master password in case voice is not available. We provide a brief analysis of the security of our solution that has been implemented on Android platform and freely available on Google Play. Sesame is an ideal and practical solution for mobile password managers.","PeriodicalId":164383,"journal":{"name":"2015 First Conference on Mobile and Secure Services (MOBISECSERV)","volume":"118 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129728025","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
An authentication architecture for cloud-based firewalling service 基于云的防火墙服务的身份验证体系结构
2015 First Conference on Mobile and Secure Services (MOBISECSERV) Pub Date : 2015-04-02 DOI: 10.1109/MOBISECSERV.2015.7072870
F. Guenane, G. Pujolle, A. Serhrouchni
{"title":"An authentication architecture for cloud-based firewalling service","authors":"F. Guenane, G. Pujolle, A. Serhrouchni","doi":"10.1109/MOBISECSERV.2015.7072870","DOIUrl":"https://doi.org/10.1109/MOBISECSERV.2015.7072870","url":null,"abstract":"The use of cloud computing is growing by 2016, this growth will increase to become the bullk of new IT spend. Companies are interested in outsourcing security service to Cloud providers in order to reduce management and deployment costs. This outsourcing addresses many problems related to identification, authentication, secure data transfer, and privacy in Security As A Service (SECAAS)Model. Our article presents a secure, strong and efficient authentication architecture and identity management for cloud based firewalling service using EAP-TLS smart cards technology.","PeriodicalId":164383,"journal":{"name":"2015 First Conference on Mobile and Secure Services (MOBISECSERV)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115625643","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Handling cross site scripting attacks using cache check to reduce webpage rendering time with elimination of sanitization and filtering in light weight mobile web browser 处理跨站点脚本攻击,使用缓存检查,减少网页渲染时间,消除清理和过滤在轻量级移动web浏览器
2015 First Conference on Mobile and Secure Services (MOBISECSERV) Pub Date : 2015-04-02 DOI: 10.1109/MOBISECSERV.2015.7072878
Biswajit Panja, T. Gennarelli, Priyanka Meharia
{"title":"Handling cross site scripting attacks using cache check to reduce webpage rendering time with elimination of sanitization and filtering in light weight mobile web browser","authors":"Biswajit Panja, T. Gennarelli, Priyanka Meharia","doi":"10.1109/MOBISECSERV.2015.7072878","DOIUrl":"https://doi.org/10.1109/MOBISECSERV.2015.7072878","url":null,"abstract":"In this paper we propose a new approach to prevent and detect potential cross-site scripting attacks. Our method called Buffer Based Cache Check, will utilize both the server-side as well as the client-side to detect and prevent XSS attacks and will require modification of both in order to function correctly. With Cache Check, instead of the server supplying a complete whitelist of all the known trusted scripts to the mobile browser every time a page is requested, the server will instead store a cache that contains a validated “trusted” instance of the last time the page was rendered that can be checked against the requested page for inconsistencies. We believe that with our proposed method that rendering times in mobile browsers will be significantly reduced as part of the checking is done via the server, and fewer checking within the mobile browser which is slower than the server. With our method the entire checking process isn't dumped onto the mobile browser and as a result the mobile browser should be able to render pages faster as it is only checking for “untrusted” content whereas with other approaches, every single line of code is checked by the mobile browser, which increases rendering times.","PeriodicalId":164383,"journal":{"name":"2015 First Conference on Mobile and Secure Services (MOBISECSERV)","volume":"2012 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131969140","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Two-factor authentication for android host card emulated contactless cards android主机卡模拟非接触式卡的双因素认证
2015 First Conference on Mobile and Secure Services (MOBISECSERV) Pub Date : 2015-04-02 DOI: 10.1109/MOBISECSERV.2015.7072874
Arne Munch-Ellingsen, Richard Karlsen, Anders Andersen, S. Akselsen
{"title":"Two-factor authentication for android host card emulated contactless cards","authors":"Arne Munch-Ellingsen, Richard Karlsen, Anders Andersen, S. Akselsen","doi":"10.1109/MOBISECSERV.2015.7072874","DOIUrl":"https://doi.org/10.1109/MOBISECSERV.2015.7072874","url":null,"abstract":"With the introduction of Host Card Emulation (HCE) in Android 4.4 KitKat the Near Field Communication (NFC) card emulation mode took a twist. On one side, HCE allows for easier development and a shorter deployment path for contactless card services on the mobile phone (e.g. payment, ticketing, loyalty cards etc.). On the other side, it introduces new security issues since it does not intrinsically involve a secure element on the mobile phone. As an example, the Cipurse open ticketing standard for public transportation, published by OSPT, implies usage of a secure element for the authentication mechanism and key storage. How can Cipurse benefit from the advantages of HCE and still provide secure authentication and encryption of transferred data? We have designed a two-factor authentication mechanism that involves usage of the Universal Integrated Circuit Card (also known as the SIM card) as the secure second-factor that allows for the implementation of the Cipurse specification as a secure HCE application. The benefit is faster execution of the Cipurse emulated card but still with feasible security for many application areas.","PeriodicalId":164383,"journal":{"name":"2015 First Conference on Mobile and Secure Services (MOBISECSERV)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122436371","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Towards token-requestor for epayment based on cloud of secure elements and HCE mobiles 基于安全元素云和HCE移动的支付令牌请求器
2015 First Conference on Mobile and Secure Services (MOBISECSERV) Pub Date : 2015-04-02 DOI: 10.1109/MOBISECSERV.2015.7072876
P. Urien
{"title":"Towards token-requestor for epayment based on cloud of secure elements and HCE mobiles","authors":"P. Urien","doi":"10.1109/MOBISECSERV.2015.7072876","DOIUrl":"https://doi.org/10.1109/MOBISECSERV.2015.7072876","url":null,"abstract":"The EMVco consortium recently released a tokenization technical framework addressing POS and on-line transactions. This paper introduces a new architecture for Token-Generators based on Cloud of Secure Elements (CoSE), and user/administrator relationships with Token-Providers. Mobiles equipped with HCE interfaces remotely access Token- Generator applications hosted in the CoSE.","PeriodicalId":164383,"journal":{"name":"2015 First Conference on Mobile and Secure Services (MOBISECSERV)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125450870","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Low-power wireless climate monitoring system with RFID security access feature for mosquito and pathogen research 具有RFID安全门禁功能的低功耗无线气候监测系统,用于蚊子和病原体的研究
2015 First Conference on Mobile and Secure Services (MOBISECSERV) Pub Date : 2015-04-02 DOI: 10.1109/MOBISECSERV.2015.7072871
B. Hur, W. Eisenstadt
{"title":"Low-power wireless climate monitoring system with RFID security access feature for mosquito and pathogen research","authors":"B. Hur, W. Eisenstadt","doi":"10.1109/MOBISECSERV.2015.7072871","DOIUrl":"https://doi.org/10.1109/MOBISECSERV.2015.7072871","url":null,"abstract":"This paper introduces a low-power wireless climate monitoring system with an RFID security access feature for mosquito and pathogen research. Mosquito-borne diseases, which are critical threats to human health, include malaria, yellow fever, dengue fever, and West Nile Virus. The wireless monitoring system provides environmental data such as temperature, humidity, wind speed, and wind direction. The measured data can be used to predict the habitat of mosquitoes and be used to recommend the amount and location of pesticide application. This paper describes the design and implementation of the low-power wireless climate monitoring system with various environmental sensors, 2.4-GHz wireless module, RFID reader for the security access control, audio system, and a solar charger system. The measured data was received and processed by a custom Windows application. The measured data was available through both desktop and mobile internet browsers and a mobile android application. Five wireless climate monitoring systems were used for multiple field tests. The analysis example of the pseudo climate data for the reduced use of pesticides is also presented.","PeriodicalId":164383,"journal":{"name":"2015 First Conference on Mobile and Secure Services (MOBISECSERV)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127660034","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Leveraging COBIT5 in NFC-based payment technology: challenges and opportunities for security risk mitigation and audit 在基于nfc的支付技术中利用COBIT5:安全风险缓解和审计的挑战和机遇
2015 First Conference on Mobile and Secure Services (MOBISECSERV) Pub Date : 2015-04-02 DOI: 10.1109/MOBISECSERV.2015.7072875
Tebug Mba Techoro, S. Butakov, S. Aghili, Ron Ruhl
{"title":"Leveraging COBIT5 in NFC-based payment technology: challenges and opportunities for security risk mitigation and audit","authors":"Tebug Mba Techoro, S. Butakov, S. Aghili, Ron Ruhl","doi":"10.1109/MOBISECSERV.2015.7072875","DOIUrl":"https://doi.org/10.1109/MOBISECSERV.2015.7072875","url":null,"abstract":"Near field communication (NFC) payment technology was expected to revolutionize businesses, yet presents major challenges relating to security and assurance in the Canadian payment ecosystem. This paper suggest some of the best practices in various frameworks for Risks and Assurance management in implementing NFC-based payment technology (NFC-BPT). The NFC-BPT risks and threats are analyzed in conjunction with justified risks data from Canadian NFC Mobile Payment Reference Model (Canadian NFC-MPRM). The output of the analyzed risk is mapped to COBIT5 (Control objective for Information and Related Technology) for Risk and COBIT5 for Assurance processes through which, a comprehensive assurance steps will be obtained on data security, fraud, theft and malware for payment credential issuers and acquirers.","PeriodicalId":164383,"journal":{"name":"2015 First Conference on Mobile and Secure Services (MOBISECSERV)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116298802","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信