More Web Proxy on the site http://driver.im/

article

An architecture for secure mobile devices

Author:

René MayrhoferAuthors Info & Claims

Security and Communication Networks, Volume 8, Issue 10

Pages 1958 - 1970

https://doi.org/10.1002/sec.1028

Published: 10 July 2015 Publication History

Abstract

Mobile devices such as smart phones have become one of the preferred means of accessing digital services, both for consuming and creating content. Unfortunately, securing such mobile devices is inherently difficult for a number of reasons. In this article, we review recent research results, systematically analyze the technical issues of securing mobile device platforms against different threats, and discuss a resulting and currently unsolved problem: How to create an end-to-end secure channel between the digital service e.g., a secure wallet application on an embedded smart card or an infrastructure service connected over wireless media and the user. Although the problem has been known for years and technical approaches start appearing in products, the user interaction aspects have remained unsolved. We discuss the reasons for this difficulty and suggest potential approaches to create human-verifiable secure communication with components or services within partially untrusted devices. Copyright © 2014 John Wiley & Sons, Ltd.

References

[1]

Community framework for electronic signatures. OJ L 13 of 19.1.2000, January 2000. Available from: "http://europa.eu/legislation_summaries/information_society/other_policies/l24118_en.htm".

[2]

Egners A, Meyer U, Marschollek B. Messing with Android's permission model. In Proceedings of TrustCom 2012. IEEE CS Press: Washington, DC, USA, 2012; pp.505-514.

Digital Library

[3]

Höbarth S, Mayrhofer R. A framework for on-device privilege escalation exploit execution on Android, In Proceedings of IWSSI/SPMU 2011, colocated with Pervasive 2011, San Francisco, CA, USA, 2011.

[4]

Mayrhofer R. When users cannot verify digital signatures: on the difficulties of securing mobile devices. In Proceedings of HPCC 2013, IEEE CS Press: Washington, DC, USA, 2013; pp.1579-1584.

[5]

Nakamoto S. Bitcoin: a peer-to-peer electronic cash system, 2009. Available from: "http://www.bitcoin.org/bitcoin.pdf" [Accessed on 14 April 2014].

[6]

Egners A, Marschollek B, Meyer U. Hackers in your pocket: a survey of smartphone security across platforms. AIB-2012-07, RWTH Aachen, May 2012. Available from: "http://itsec.rwth-aachen.de/publications/ae_hacker_in_your_pocket.pdf" [Accessed on 14 April 2014].

[7]

La Polla M, Martinelli F, Sgandurra D. A survey on security for mobile devices. IEEE Communications Surveys & Tutorials February 2013; Volume 15: pp.446-471.

[8]

Halpert B. Mobile device security. In Proceedings of the 1st Annual Conference on Information Security Curriculum Development, InfoSecCD '04. ACM Press: New York, NY, USA, 2004; pp.99-101.

Digital Library

[9]

Karlson AK, Brush AB, Schechter S. Can I borrow your phone? Understanding concerns when sharing mobile phones. In Proceedings of CHI 2009. ACM Press: New York, NY, USA, 2009; pp.1647-1650.

[10]

Dolev D, Yao AC. On the security of public key protocols. IEEE Transactions on Information Theory 1983; Volume 29: pp.198-208.

[11]

Roland M, Langer J, Scharinger J. Practical attack scenarios on secure element-enabled mobile devices, Near Field Communication NFC Workshop 2012, Helsinki, Finland, 2012; pp.19-24.

Digital Library

[12]

Sailer R, Zhang X, Jaeger T, <familyNamePrefix>van</familyNamePrefix>Doorn L. Design and implementation of a TCG-based integrity measurement architecture, In Proceedings of USENIX 2004: 13th Conference on USENIX Security Symposium, San Diego, CA, USA, 2004; pp.223-238.

[13]

Rudolph C. Covert identity information in direct anonymous attestation DAA. In Proceedings of IFIP SEC 2007, IFIP, Vol.Volume 232. Springer-Verlag: Berlin, Heidelberg, 2007; pp.443-448.

[14]

Hölzl M, Mayrhofer R, Roland M. Requirements for an open ecosystem for embedded tamper resistant hardware on mobile devices. In Proceedings of MoMM 2013: 11th International Conference on Advances in Mobile Computing and Multimedia. ACM Press: New York, NY, USA, 2013; pp.249-252.

[15]

Asnake E, Hölzl M, Mayrhofer R. An efficient password-authenticated secure channel for java card applets, 2014. submitted for publication.

[16]

Roland M, Langer J, Mayrhofer R. Ab using foreign WMs: running java card applets in non-java card virtual machines. In Proceedings of MoMM 2013. ACM Press: New York, NY, USA, 2013; pp.286-292.

[17]

Brakensiek J, Dröge A, Botteck M, Härtig H, Lackorzynski A. Virtualization as an enabler for security in mobile devices. In Proceedings of IIES 2008. ACM Press: New York, NY, USA, 2008; pp.17-22.

Digital Library

[18]

Varanasi P, Heiser G. Hardware-supported virtualization on ARM. In Proceedings of the Second Asia-Pacific Workshop on Systems, APSys '11. ACM Press: New York, NY, USA, 2011; pp.11:1-11:5.

Digital Library

[19]

Shabtai A, Fledel Y, Elovici Y. Securing Android-powered mobile devices using SELinux. IEEE Security and Privacy 2010; Volume 8: pp.36-44.

[20]

Seifert J, De Luca A, Conradi B, Hussmann H. TreasurePhone: context-sensitive user data protection on mobile phones. In Proceedings of Pervasive 2010, vol.Volume 6030, <bookSeriesTitle>LNCS</bookSeriesTitle>. Springer-Verlag: Berlin, Heidelberg, 2010, pp.130-137.

[21]

Riedl P, Koller P, Mayrhofer R, Kranz M, Möller A, Koelle M. Visualizations and switching mechanisms for security zones. In Proceedings of MoMM 2013. ACM Press: New York, NY, USA, 2013; pp.278-281.

Digital Library

[22]

Oberheide J, Veeraraghavan K, Cooke E, Flinn J, Jahanian F. Virtualized in-cloud security services for mobile devices. In Proceedings of the First Workshop on Virtualization in Mobile Computing, MobiVirt '08. ACM Press: New York, NY, USA, 2008; pp.31-35.

Digital Library

[23]

Kumar A, Saxena N, Tsudik G, Uzun E. Caveat emptor: a comparative study of secure device pairing methods, In Proceedings of PerCom2009, Galveston, Texas, USA, 2009; pp.1-10.

[24]

Mayrhofer R, Fuss J, Ion I. UACAP: a unified auxiliary channel authentication protocol. IEEE Transactions on Mobile Computing April 2013; Volume 12 Issue 4: pp.710-721.

[25]

Mayrhofer R, Gellersen H. Shake well before use: intuitive and secure pairing of mobile devices. IEEE Transactions on Mobile Computing June 2009; Volume 8 Issue 6: pp.792-806. Revised and extended version of <link href="#sec1028-bib-0048"/>.

[26]

Groza B, Mayrhofer R. SAPHE - simple accelerometer based wireless pairing with heuristic trees. In Proceedings of MoMM 2012: 10th International Conference on Advances in Mobile Computing and Multimedia. ACM Press: New York, NY, USA, 2012; pp.161-168.

[27]

Mayrhofer R. The candidate key protocol for generating secret shared keys from similar sensor data streams. In Proceedings of ESAS 2007: 4th European Workshop on Security and Privacy in Ad hoc and Sensor Networks, vol.Volume 4572, <bookSeriesTitle>LNCS</bookSeriesTitle>. Springer-Verlag: Berlin, Heidelberg, 2007; pp.1-15.

[28]

Mayrhofer R. Towards an open source toolkit for ubiquitous device authentication. In Workshops Proceedings of PerCom 2007: 5th IEEE International Conference on Pervasive Computing and Communications. IEEE CS Press: Washington, DC, USA, 2007; pp.247-252. Track PerSec 2007: 4th IEEE International Workshop on Pervasive Computing and Communication Security.

[29]

Mayrhofer R, Welch M. A human-verifiable authentication protocol using visible laser light. In Proceedings of ARES 2007: 2nd International Conference on Availability, Reliability and Security. IEEE CS Press: Washington, DC, USA, 2007; pp.1143-1147.

[30]

Soriente C, Tsudik G, Uzun E. HAPADEP: human asisted pure audio device pairing. Cryptology ePrint Archive. Report 2007/093, March 2007.

[31]

Soriente C, Tsudik G, Uzun E. BEDA: button-enabled device pairing, In Proceedings of IWSSI 2007, Innsbruck, Austria, 2007; pp.443-449.

[32]

Sigg S, Schürmann D. Secure communication based on ambient audio. IEEE Transactions on Mobile Computing TMC 2013; Volume 12 Issue 2: pp.358-370.

[33]

Saxena N, Ekberg JE, Kostiainen K, Asokan N. Secure device pairing based on a visual channel. Cryptology ePrint Archive. Report 2006/050, 2006.

[34]

Nithyanand R, Saxena N, Tsudik G, Uzun E. Groupthink: on the usability of secure group association of wireless devices. In Proceedings of Pervasive 2010, <bookSeriesTitle>LNCS</bookSeriesTitle>. Springer-Verlag: Berlin, Heidelberg, 2010; pp.331-340.

[35]

Varshavsky A, Scannell A, LaMarca A, <familyNamePrefix>de</familyNamePrefix>Lara E. Amigo: proximity-based authentication of mobile devices. In Proceedings of UbiComp 2007. Springer-Verlag: Berlin, Heidelberg, 2007; pp.253-270.

[36]

Findling R, Mayrhofer R. Towards pan shot face unlock: using biometric face information from different perspectives to unlock mobile devices. International Journal of Pervasive Computing and Communications IJPCC 2013; Volume 9: pp.190-208. A preliminary version of this work was published in MoMM 2012 with a limited set of classifiers and a significantly smaller data set used for evaluation.

[37]

Findling R, Wenny F, Holzmann C, Mayrhofer R. Range face segmentation: face detection and segmentation for authentication in mobile device range images. In Proceedings of MoMM 2013: 11th International Conference on Advances in Mobile Computing and Multimedia. ACM Press: New York, NY, USA, 2013; pp.260-269.

[38]

Findling R, Mayrhofer R. Towards secure personal device unlock using stereo camera pan shots. In Proceedings of EUROCAST 2013: 14th International Conference on Computer Aided Systems Theory, <bookSeriesTitle>LNCS</bookSeriesTitle>. Springer-Verlag: Berlin, Heidelberg, 2013; pp.417-425.

[39]

Muaaz M, Mayrhofer R. An analysis of different approaches to gait recognition using cell phone based accelerometer. In Proceedings of MoMM 2013. ACM Press: New York, NY, USA, 2013; pp.293-300.

Digital Library

[40]

Mayrhofer R, Kaiser T. Towards usable authentication on mobile phones: an evaluation of speaker and face recognition on off-the-shelf handsets, In Proceedings of IWSSI/SPMU 2012: 4th International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use, colocated with Pervasive 2012, Newcastle, UK, 2012. Available online at "http://www.medien.ifi.lmu.de/iwssi2011/".

[41]

Riva O, Qin C, Strauss K, Lymberopoulos D. Progressive authentication: deciding when to authenticate on mobile phones, In Proceedings of USENIX 2012, USENIX, Bellevue, WA, USA, 2012; pp.301-316.

[42]

Oberheide J, Jahanian F. When mobile is harder than fixed and vice versa: demystifying security challenges in mobile environments. In Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications. ACM Press: New York, NY, USA, 2010; pp.43-48.

[43]

Feske N, Helmuth C. A Nitpicker's guide to a minimal-complexity secure GUI, 21st Annual Computer Security Applications Conference ACSAC, Tucson, Arizona, USA, 2005; pp.85-94.

Digital Library

[44]

Gilad Y, Herzberg A, Trachtenberg A. Securing smartphones: a micro-TCB approach. ArXiv e-prints arXiv:1401.7444v1 Jan 2014.

[45]

Rasmusson L, Corcoran D. Performance overhead of KVM on Linux 3.9 on ARM Cortex-A15, In Proceedings of VtRES: Workshop on Virtualization for Real-Time Embedded Systems, Taipei, Taiwan, 2013.

[46]

Xu Y, Bruns F, Gonzalez E, Traboulsi S, Mott K, Bilgic A. Performance evaluation of para-virtualization on modern mobile phone platform, In Proceedings of International Conference on Computer, Electrical, and Systems Science, and Engineering, Penang, Malaysia, 2010; pp.237-244.

[47]

Qu J, Li T, Dang F. Performance evaluation and analysis of OpenVPN on Android, In Proceedings of Fourth International Conference on Computational and Information Sciences, 2012; pp.1088-1091.

[48]

Mayrhofer R, Gellersen H. Shake well before use: authentication based on accelerometer data. In Proceedings of Pervasive 2007: 5th International Conference on Pervasive Computing, vol.Volume 4480, <bookSeriesTitle>LNCS</bookSeriesTitle>. Springer-Verlag: Berlin, Heidelberg, 2007; pp.144-161.

Cited By

Laka PMazurczyk W(2018)User perspective and security of a new mobile authentication methodTelecommunications Systems10.1007/s11235-018-0437-169:3(365-379)Online publication date: 1-Nov-2018
https://dl.acm.org/doi/10.1007/s11235-018-0437-1
Galibus TDe B. Vieira TFreitas EO. Albuquerque RC. L Da Costa JT. De Sousa Júnior RKrasnoproshin VZaleski AVissia HGaldo G(2017)Offline Mode for Corporate Mobile Client Security ArchitectureMobile Networks and Applications10.1007/s11036-017-0839-422:4(743-759)Online publication date: 1-Aug-2017
https://dl.acm.org/doi/10.1007/s11036-017-0839-4

Recommendations

A Survey on Multi-Factor Authentication Methods for Mobile Devices
ICSIM '21: Proceedings of the 2021 4th International Conference on Software Engineering and Information Management

The use of mobile devices worldwide has been on the increase. More and more people are using mobile devices to carry out activities on the Internet. The activities include checking emails, online banking, school, and work activities. However, mobile ...
A Secure Architecture for Operating System-Level Virtualization on Mobile Devices
Inscrypt 2015: Revised Selected Papers of the 11th International Conference on Information Security and Cryptology - Volume 9589

In this paper, we present a novel secure architecture for OS-level virtualization on mobile devices. OS-level virtualization allows to simultaneously operate multiple userland OS instances on one physical device. Compared to previous approaches, our ...
Secure asynchronous communication for mobile devices
WUP '09: Proceedings of the Warm Up Workshop for ACM/IEEE ICSE 2010

Mobile devices are now used not only for communication but also as working units. As more sensitive information is stored on and transmitted through these devices, security is becoming a growing concern. This is especially true for SMS messages which do ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Security and Communication Networks

Security and Communication Networks Volume 8, Issue 10

July 2015

142 pages

ISSN:1939-0114

EISSN:1939-0122

Issue’s Table of Contents

Publisher

John Wiley & Sons, Inc.

United States

Publication History

Published: 10 July 2015

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Laka PMazurczyk W(2018)User perspective and security of a new mobile authentication methodTelecommunications Systems10.1007/s11235-018-0437-169:3(365-379)Online publication date: 1-Nov-2018
https://dl.acm.org/doi/10.1007/s11235-018-0437-1
Galibus TDe B. Vieira TFreitas EO. Albuquerque RC. L Da Costa JT. De Sousa Júnior RKrasnoproshin VZaleski AVissia HGaldo G(2017)Offline Mode for Corporate Mobile Client Security ArchitectureMobile Networks and Applications10.1007/s11036-017-0839-422:4(743-759)Online publication date: 1-Aug-2017
https://dl.acm.org/doi/10.1007/s11036-017-0839-4

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents