Energy-aware encryption mechanism for m-commerce devices

Hamad, F. M.

January 2010

With the wide spread of mobile phones, PDAs, and Smartphones, M-Commerce has become a major application domain for mobile devices, unlike conventional wired networks, mobile devices allow the user to conduct online transactions regardless of the time and the place as long as there is mobile network coverage. However, online transactions require adequate level of security to insure the confidentiality, the integrity, and the availability of the user’s information. Security measures consume a considerable amount of energy and require more time in processing. The aim of this thesis is to optimise the energy and the resources consumption of mobile phones when applying variant symmetric and asymmetric schemes. This aim can be achieved through developing A System State Security Management Framework, SSSM, which will implement encryption schemes, symmetric and asymmetric, and will provide different options to enable the user to choose the type of encryption, the key size, and number of rounds of computation to optimise the energy consumption level of the mobile phone. This thesis compares the power and the resources consumed by the most commonly used encryption algorithms such as CAST, IDEA, Triple-DES, RSA, and AlGamal. This comparison helps to draw the advantages and disadvantages of each algorithm scheme used in reference to the security level it provides and the power it consumes. Implementing this mechanism will enhance the performance of mobile phones by increasing the security levelsprovided by the encryption schemes and utilising the limited power and resources efficiency. Therefore, confidentiality will be presented in mobile phones and variant encryption schemes, symmetric and asymmetric, and changeable key sizes and rounds, will ensure the authenticity of both senders and recipients depending on their needs as well as resources available. This research makes contributions in two major areas; the first area consists of the novel Energy Aware Encryption polices generated by this work, the second area of contribution is the energy measurements and experimental results which validate the approach presented in the research.

658.8

Hardware encryption of AES algorithm on Android platform

Joshi, Yogesh

08 October 2012

No description available.

Computer Engineering

Hardware Encryption

AES-128 bit

Android platform

FPGA Encryption

Smartphone Security

Secure Mobile Transactions

A Dynamic Security And Authentication System For Mobile Transactions : A Cognitive Agents Based Approach

Babu, B Sathish

05 1900

In the world of high mobility, there is a growing need for people to communicate with each other and have timely access to information regardless of the location of the individuals or the information. This need is supported by the advances in the technologies of networking, wireless communications, and portable computing devices with reduction in the physical size of computers, lead to the rapid development in mobile communication infrastructure. Hence, mobile and wireless networks present many challenges to application, hardware, software and network designers and implementers. One of the biggest challenge is to provide a secure mobile environment. Security plays a more important role in mobile communication systems than in systems that use wired communication. This is mainly because of the ubiquitous nature of the wireless medium that makes it more susceptible to security attacks than wired communications. The aim of the thesis is to develop an integrated dynamic security and authentication system for mobile transactions. The proposed system operates at the transactions-level of a mobile application, by intelligently selecting the suitable security technique and authentication protocol for ongoing transaction. To do this, we have designed two schemes: the transactions-based security selection scheme and the transactions-based authentication selection scheme. These schemes use transactions sensitivity levels and the usage context, which includes users behaviors, network used, device used, and so on, to decide the required security and authentication levels. Based on this analysis, requisite security technique, and authentication protocols are applied for the trans-action in process. The Behaviors-Observations-Beliefs (BOB) model is developed using cognitive agents to supplement the working of the security and authentication selection schemes. A transaction classification model is proposed to classify the transactions into various sensitivity levels. The BOB model The BOB model is a cognitive theory based model, to generate beliefs over a user, by observing various behaviors exhibited by a user during transactions. The BOB model uses two types of Cognitive Agents (CAs), the mobile CAs (MCAs) and the static CAs (SCAs). The MCAs are deployed over the client devices to formulate beliefs by observing various behaviors of a user during the transaction execution. The SCA performs belief analysis, and identifies the belief deviations w.r.t. established beliefs. We have developed four constructs to implement the BOB model, namely: behaviors identifier, observations generator, beliefs formulator, and beliefs analyser. The BOB model is developed by giving emphasis on using the minimum computation and minimum code size, by keeping the resource restrictiveness of the mobile devices and infrastructure. The knowledge organisation using cognitive factors, helps in selecting the rational approach for deciding the legitimacy of a user or a session. It also reduces the solution search space by consolidating the user behaviors into an high-level data such as beliefs, as a result the decision making time reduces considerably. The transactions classification model This model is proposed to classify the given set of transactions of an application service into four sensitivity levels. The grouping of transactions is based on the operations they perform, and the amount of risk/loss involved if they are misused. The four levels are namely, transactions who’s execution may cause no-damage (level-0), minor-damage (level-1), significant-damage (level-2) and substantial-damage (level-3). A policy-based transaction classifier is developed and incorporated in the SCA to decide the transaction sensitivity level of a given transaction. Transactions-based security selection scheme (TBSS-Scheme) The traditional security schemes at application-level are either session or transaction or event based. They secure the application-data with prefixed security techniques on mobile transactions or events. Generally mobile transactions possesses different security risk profiles, so, empirically we may find that there is a need for various levels of data security schemes for the mobile communications environment, which face the resource insufficiency in terms of bandwidth, energy, and computation capabilities. We have proposed an intelligent security techniques selection scheme at the application-level, which dynamically decides the security technique to be used for a given transaction in real-time. The TBSS-Scheme uses the BOB model and transactions classification model, while deciding the required security technique. The selection is purely based on the transaction sensitivity level, and user behaviors. The Security techniques repository is used in the proposed scheme, organised under three levels based on the complexity of security techniques. The complexities are decided based on time and space complexities, and the strength of the security technique against some of the latest security attacks. The credibility factors are computed using the credibility module, over transaction network, and transaction device are also used while choosing the security technique from a particular level of security repository. Analytical models are presented on beliefs analysis, security threat analysis, and average security cost incurred during the transactions session. The results of this scheme are compared with regular schemes, and advantageous and limitations of the proposed scheme are discussed. A case study on application of the proposed security selection scheme is conducted over mobile banking application, and results are presented. Transactions-based authentication selection scheme (TBAS-Scheme) The authentication protocols/schemes are used at the application-level to authenticate the genuine users/parties and devices used in the application. Most of these protocols challenges the user/device to get the authentication information, rather than deploying the methods to identify the validity of a user/device. Therefore, there is a need for an authentication scheme, which intelligently authenticates a user by continuously monitoring the genuinity of the activities/events/ behaviors/transactions through out the session. Transactions-based authentication selection scheme provides a new dimension in authenticating users of services. It enables strong authentication at the transaction level, based on sensitivity level of the given transaction, and user behaviors. The proposed approach intensifies the procedure of authentication by selecting authentication schemes by using the BOB-model and transactions classification models. It provides effective authentication solution, by relieving the conventional authentication systems, from being dependent only on the strength of authentication identifiers. We have made a performance comparison between transactions-based authentication selection scheme with session-based authentication scheme in terms of identification of various active attacks, and average authentication delay and average authentication costs are analysed. We have also shown the working of the proposed scheme in inter-domain and intra-domain hand-off scenarios, and discussed the merits of the scheme comparing it with mobile IP authentication scheme. A case study on application of the proposed authentication selection scheme for authenticating personalized multimedia services is presented. Implementation of the TBSS and the TBAS schemes for mobile commerce application We have implemented the integrated working of both the TBSS and TBAS schemes for a mo-bile commerce application. The details on identifying vendor selection, day of purchase, time of purchase, transaction value, frequency of purchase behaviors are given. A sample list of mobile commerce transactions is presented along with their classification into various sensitivity levels. The working of the system is discussed using three cases of purchases, and the results on trans-actions distribution, deviation factor generation, security technique selection, and authentication challenge generation are presented. In summary, we have developed an integrated dynamic security and authentication system using, the above mentioned selection schemes for mobile transactions, and by incorporating the BOB model, transactions classification model, and credibility modules. We have successfully implemented the proposed schemes using cognitive agents based middleware. The results of experiments suggest that incorporating user behaviors, and transaction sensitivity levels will bring dynamism and adaptiveness to security and authentication system. Through which the mobile communication security could be made more robust to attacks, and resource savvy in terms of reduced bandwidth and computation requirements by using an appropriate security and authentication technique/protocol.

Mobile Transactions

Mobile Communication

Computer And Communication Security

Mobile Communications - Security

Mobile Transactions - Authentication

Mobile Transactions - Security

Transactions Classification Model

Cognitive Agents

Mobile Multimedia Applications

Mobile e-Commerce

Mobile Multimedia Services

Communication Engineering

Användarnas förtroende för mobila tjänsters säkerhet : Vilka säkerhetskrav uppfyller mobila betalningstjänster och vilket förtroende finns för sådana tjänster? / User trust in the security surrounding mobile services : Trust and performance regarding mobile security?

Johansson, Mattias, Andersson, Linus

January 2006

<p>Tekniken kring mobiltelefoni är under ständig utveckling och mobiltelefonen har idag fått nya funktioner utöver dess grundfunktion röstsamtal. Efterfrågan efter nya mobila tjänster drivs hela tiden framåt då mobilen får allt större kapacitet och prestanda. Bland de tjänster som växts fram märks möjligheten att utföra monetära transaktioner. Detta innebär helt enkelt att använda sin mobiltelefon för att betala och utföra allehanda tjänster kopplade till användarens monetära tillgångar. Överföringen av pengar kräver dock hög säkerhet. Vad vet egentligen konsumenterna om säkerheten kring dessa tjänster? Många betalningar och transaktioner sker idag över Internet och bankerna förmedlar budskapet om att säkerheten runt deras Internettjänster är mycket hög, men vad säger de om säkerheten för deras mobila alternativ? Finns den höga säkerheten även för de mobila tjänsterna och har användarna förtroende fullt ut för dessa? Finns inte användarnas förtroende för säkerheten hos de nya mobila tjänsterna kommer de troligtvis inte heller användas. Vi ämnar därför i denna uppsats utreda om säkerheten i en mobil betalningstjänst motsvarar den som finns när den utförs på en dator i hemmet och har detta i slutändan användarnas förtroende? </p><p>Syftet med detta arbete är att undersöka vilket förtroende användarna har för säkerheten hos mobila betalningstjänster samt om dessa tjänster uppfyller samma säkerhetskrav som när de används via normal datoranvändning. Studien påbörjades med en genomgång av befintlig litteratur inom säkerheten för mobilt Internet samt Internetanvändande vid hemdatorn. Sedan genomfördes intervjuer av personer med stor kunskap kring säkerheten hos mobilt Internet. För att få reda på användarnas förtroende kring mobila betaltjänster genomförde vi sedan en webbaserad surveyundersökning varvid en fokusgrupps-undersökning användes till hjälp gällande framtagningen av frågorna. Utfallen från intervjuerna samt surveyundersökningen analyserades sedan tillsammans med utvald teori.</p><p>Våra resultat visar att majoriteten av respondenterna inte känner förtroende för säkerheten hos mobila betalningstjänster. De flesta anser att det inte är lika säkert att surfa via mobilen som via datorn i hemmet. Däremot kan hälften av individerna i populationen tänka sig att betala över Internet med mobiltelefonen och en betydande del kan även tänka sig att utföra finansiella affärer med hjälp av mobiltelefonen. Vi anser också att en mobiltelefon inte når upp till samma säkerhetsnivå som hos en stationär dator med fast Internet.</p> / <p>The mobile technology is under constant development and the mobile phone today has many other functions besides just talking. The demand for new mobile services is constantly getting stronger since the mobile phone becomes more and more powerful. Among these services is the possibility to perform transactions of money. With this we mean using the mobile phone to pay bills and other services that is connected to a user’s assets. The transaction of money of course requires high security. What do the consumers know about the security surrounding these kinds of services? Today many payments and transactions that involve money takes place over the Internet from the home computer and the banks that offers these services claims that this is safe. But what do they say about the security surrounding their mobile alternatives? Does the necessary security exist for these mobile services and does it have the consumers trust? If the users do not trust the security surrounding the mobile service, they will probably not use them. We will therefore with this thesis try to investigate if the security that surrounds the mobile payment services is equivalent to when the services is used on a home computer and if the services has the users trust?</p><p>The purpose with this thesis is to investigate the users trust regarding mobile payment services and if these services fulfil the same security demands as when they are used normally at the home computer. The study began with a review of existing theories regarding the security for mobile Internet and Internet usage on the home computer. Thereafter interviews took place with experts having great knowledge regarding mobile Internet security. We then performed a web-based survey to get information about the users trust for the security surrounding mobile payment services. We used a focus group with the aim of helping us selecting relevant questions for the survey. The results from the interviews and the survey study were then analyzed with the chosen theory.</p><p>On the basis of our survey we can draw the conclusion that the majority of respondents do not trust the security that surrounds mobile payment services. The majority is of the opinion that it is not as safe to use mobile Internet services as to use the corresponding service from the computer at home. However half of the population could very well consider paying bills with the mobile phone and a large part of the respondents would also like to use financial transactions with this kind of media. We also conclude that a mobile phone does not reach the security standard of a home computer.</p>

Mobile security

mobile transactions

user trust for mobile security

Internet security

Mobil säkerhet

mobila transaktioner

Internetsäkerhet

Informatics

Informatik

Användarnas förtroende för mobila tjänsters säkerhet : Vilka säkerhetskrav uppfyller mobila betalningstjänster och vilket förtroende finns för sådana tjänster? / User trust in the security surrounding mobile services : Trust and performance regarding mobile security?

Johansson, Mattias, Andersson, Linus

January 2006

Tekniken kring mobiltelefoni är under ständig utveckling och mobiltelefonen har idag fått nya funktioner utöver dess grundfunktion röstsamtal. Efterfrågan efter nya mobila tjänster drivs hela tiden framåt då mobilen får allt större kapacitet och prestanda. Bland de tjänster som växts fram märks möjligheten att utföra monetära transaktioner. Detta innebär helt enkelt att använda sin mobiltelefon för att betala och utföra allehanda tjänster kopplade till användarens monetära tillgångar. Överföringen av pengar kräver dock hög säkerhet. Vad vet egentligen konsumenterna om säkerheten kring dessa tjänster? Många betalningar och transaktioner sker idag över Internet och bankerna förmedlar budskapet om att säkerheten runt deras Internettjänster är mycket hög, men vad säger de om säkerheten för deras mobila alternativ? Finns den höga säkerheten även för de mobila tjänsterna och har användarna förtroende fullt ut för dessa? Finns inte användarnas förtroende för säkerheten hos de nya mobila tjänsterna kommer de troligtvis inte heller användas. Vi ämnar därför i denna uppsats utreda om säkerheten i en mobil betalningstjänst motsvarar den som finns när den utförs på en dator i hemmet och har detta i slutändan användarnas förtroende? Syftet med detta arbete är att undersöka vilket förtroende användarna har för säkerheten hos mobila betalningstjänster samt om dessa tjänster uppfyller samma säkerhetskrav som när de används via normal datoranvändning. Studien påbörjades med en genomgång av befintlig litteratur inom säkerheten för mobilt Internet samt Internetanvändande vid hemdatorn. Sedan genomfördes intervjuer av personer med stor kunskap kring säkerheten hos mobilt Internet. För att få reda på användarnas förtroende kring mobila betaltjänster genomförde vi sedan en webbaserad surveyundersökning varvid en fokusgrupps-undersökning användes till hjälp gällande framtagningen av frågorna. Utfallen från intervjuerna samt surveyundersökningen analyserades sedan tillsammans med utvald teori. Våra resultat visar att majoriteten av respondenterna inte känner förtroende för säkerheten hos mobila betalningstjänster. De flesta anser att det inte är lika säkert att surfa via mobilen som via datorn i hemmet. Däremot kan hälften av individerna i populationen tänka sig att betala över Internet med mobiltelefonen och en betydande del kan även tänka sig att utföra finansiella affärer med hjälp av mobiltelefonen. Vi anser också att en mobiltelefon inte når upp till samma säkerhetsnivå som hos en stationär dator med fast Internet. / The mobile technology is under constant development and the mobile phone today has many other functions besides just talking. The demand for new mobile services is constantly getting stronger since the mobile phone becomes more and more powerful. Among these services is the possibility to perform transactions of money. With this we mean using the mobile phone to pay bills and other services that is connected to a user’s assets. The transaction of money of course requires high security. What do the consumers know about the security surrounding these kinds of services? Today many payments and transactions that involve money takes place over the Internet from the home computer and the banks that offers these services claims that this is safe. But what do they say about the security surrounding their mobile alternatives? Does the necessary security exist for these mobile services and does it have the consumers trust? If the users do not trust the security surrounding the mobile service, they will probably not use them. We will therefore with this thesis try to investigate if the security that surrounds the mobile payment services is equivalent to when the services is used on a home computer and if the services has the users trust? The purpose with this thesis is to investigate the users trust regarding mobile payment services and if these services fulfil the same security demands as when they are used normally at the home computer. The study began with a review of existing theories regarding the security for mobile Internet and Internet usage on the home computer. Thereafter interviews took place with experts having great knowledge regarding mobile Internet security. We then performed a web-based survey to get information about the users trust for the security surrounding mobile payment services. We used a focus group with the aim of helping us selecting relevant questions for the survey. The results from the interviews and the survey study were then analyzed with the chosen theory. On the basis of our survey we can draw the conclusion that the majority of respondents do not trust the security that surrounds mobile payment services. The majority is of the opinion that it is not as safe to use mobile Internet services as to use the corresponding service from the computer at home. However half of the population could very well consider paying bills with the mobile phone and a large part of the respondents would also like to use financial transactions with this kind of media. We also conclude that a mobile phone does not reach the security standard of a home computer.

Mobile security

mobile transactions

user trust for mobile security

Internet security

Mobil säkerhet

mobila transaktioner

Internetsäkerhet

Information Systems

Design And Development Of Solutions To Some Of The Networking Problems In Hybrid Wireless Superstore Networks

Shankaraiah, *

09 1900

Hybrid Wireless Networks (HWNs) are composite networks comprises of different technologies, possibly with overlapping coverage. Users with multimode terminals in HWNs are able to initiate connectivity that best suits their attributes and the requirements of their applications. There are many complexities in hybrid wireless networks due to changing data rates, frequency of operation, resource availability, QoS and also, complexities in terms of mobility management across different technologies. A superstore is a very large retail store that serves as a one-stop shopping destination by offering a wide variety of goods that range from groceries to appliances. It provide all types services such as banking, photo center, catering, etc. The good examples of superstores are: Tesco (hypermarkets, United Kingdom), Carrefour(hypermarkets, France), etc. Generally, the mobile customer communicates with superstore server using a transaction. A transaction corresponds to a finite number of interactive processes between the customer and superstore server. A few superstore transactions, examples are, product browsing, Technical details inquiry, Financial transactions, billing, etc. This thesis aims to design and develop the following schemes to solve some of the above indicated problems of a hybrid wireless superstore network: 1 Transaction based bandwidth management. 2 Transaction-based resource management. 3 Transaction-based Quality of Service management. 4. Transactions-based topology management. We, herewith, present these developed schemes, the simulation carried out and results obtained, in brief. Transaction-based bandwidth management The designed Transaction-Based Bandwidth Management Scheme (TB-BMS) operates at application-level and intelligently allocates the bandwidth by monitoring the profit oriented sensitivity variations in the transactions, which are linked with various profit profiles created over type, time, and history of transactions. The scheme mainly consists of transaction classifier, bandwidth determination and transactions scheduling modules. We have deployed these scheme over a downlink of HWNs, since the uplink caries simple quires from customers to superstore server. The scheme uses transaction scheduling algorithm, which decides how to schedule an outgoing transaction based on its priority with efficient use of available BW. As we observe, not all superstore transactions can have the same profit sensitive information, data size and operation type. Therefore, we classify the superstore transactions into four levels based on profit, data size, operation type and the degree of severity of information that they are handling. The aim of transaction classification module is to find the transaction sensitivity level(TSL) for a given transaction. The bandwidth determination module estimates bandwidth requirement for each of the transactions. The transactions scheduling module schedules the transactions based on availability of bandwidth as per the TSL of the transaction. The scheme schedules the highest priority transactions first, keeping the lowest priority transaction pending. If all the highest priority transactions are over, then it continues with next priority level transactions, and so on, in every slot. We have simulated the hybrid wireless superstore network environment with WiFi and GSM technologies. We simulated four TSL levels with different bandwidth. The simulation under consideration uses different transactions with different bandwidth requirements. The performance results describe that the proposed scheme considerably improves the bandwidth utilization by reducing transaction blocking and accommodating more essential transactions at the peak time of the business. Transaction-based resource management In the next work, we have proposed the transaction-based resource management scheme (TB-RMS) to allocate the required resources among the various customer services based on priority of transactions. The scheme mainly consists of transaction classifier, resource estimation and transactions scheduling modules. This scheme also uses a downlink transaction scheduling algorithm, which decides how to schedule an outgoing transaction based on its priority with efficient use of available resources. The transaction-based resource management is similar to that of TB-BMS scheme, except that the scheme estimates the resources like buffer, bandwidth, processing time for each of transaction rather than bandwidth. The performance results indicate that the proposed TB-RMS scheme considerably improves the resource utilization by reducing transaction blocking and accommodating more essential transactions at the peak time. Transaction-based Quality of Service management In the third segment, we have proposed a police-based transaction-aware QoS management architecture for the downlink QoS management. We derive a policy for the estimation of QoS parameters, like, delay, jitter, bandwidth, transaction loss for every transaction before scheduling on the downlink. We use Policy-based Transaction QoS Management(PTQM) to achieve the transaction based QoS management. Policies are rules that govern a transaction behavior, usually implemented in the form of if(condition) then(action) policies. The QoS management scheme is fully centralized, and is based on the ideas of client-server interaction. Each mobile terminal is connected to a server via WiFi or GSM. The master policy controller (MPDF) connects to the policy controller of the WiFi network (WPDF)and the GSM policy controller(PDF). We have considered the simulation environment similar to earlier schemes. The results shows that the policy-based transaction QoS management is improves performance and utilizes network resources efficiently at the peak time of the superstore business. Transactions-Aware Topology Management(TATM) Finally, we have proposed a topology management scheme to the superstore hybrid wireless networks. A wireless topology management that manages the activities and features of a wireless network connection. It may control the process of selecting an available access points, authentication and associating to it and setting up other parameters of the wireless connection. The proposed topology management scheme consists of the transaction classifier, resource estimation module, network availability and status module and transaction-aware topology management module. The TATM scheme is to select the best network among available networks to provide transaction response(or execution). We have simulated hybrid wireless superstore network with five WiFi and two GSM technologies. The performance results indicate that the transaction-based topology management scheme utilizes the available resources efficiently and distributed transaction loads evenly in both WiFi and GSM networks based on the capacity.

Wireless Communications

Hybrid Wireless Superstore Network

Mobile Transactions

Mobile Communication

Superstore Networks

Hybrid Wireless Networks (HWNs)

Hybrid Wireless Superstore Environment

Transaction-based Resource Management

Transaction-based Bandwidth Management

Communication Engineering