Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices

2016 ◽  
Keyword(s):  
Mobile Devices ◽  
Security And Privacy

Security and Privacy Issues, Solutions, and Tools for MCC

2017 ◽  
pp. 121-147 ◽  
Author(s):  
Darshan M. Tank
Keyword(s):  
Cloud Computing ◽  
Mobile Devices ◽  
Mobile Cloud Computing ◽  
Mobile Network ◽  
Wireless Channel ◽  
Security And Privacy ◽  
Mobile Cloud ◽  
Processing Power ◽  
Key Issues ◽  
Self Service

With the development of cloud computing and mobility, mobile cloud computing has emerged and become a focus of research. Mobile Cloud Computing (MCC) integrates mobile computing and cloud computing aiming to extend mobile devices capabilities. By the means of on-demand self-service and extendibility, it can offer the infrastructure, platform, and software services in a cloud to mobile users through the mobile network. There is huge market for mobile based e-Commerce applications across the globe. Security and privacy are the key issues for mobile cloud computing applications. The limited processing power and memory of a mobile device dependent on inherently unreliable wireless channel for communication and battery for power leaves little scope for a reliable security layer. Thus there is a need for a lightweight secure framework that provides security with minimum communication and processing overhead on mobile devices. The security and privacy protection services can be achieved with the help of secure mobile-cloud application services.

Bring your own device to work: How serious is the risk?

2020 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Fenio Annansingh
Keyword(s):  
Organizational Performance ◽  
Mobile Devices ◽  
Regulatory Compliance ◽  
Cyber Attacks ◽  
Security And Privacy ◽  
Bring Your Own Device ◽  
Security Risks ◽  
Content Type ◽  
Knowledge Leakage ◽  
Policies And Practices

Purpose Currently, one of the most significant challenges organizations face is that corporate data is being delivered to mobile devices that are not managed by the information technology department. This has security implications regarding knowledge leakage, data theft, and regulatory compliance. With these unmanaged devices, companies have less control and visibility, and fewer mitigation options when protecting against the risks of cyber-attacks. Therefore, the purpose of this study is to investigate how millennials' use of personal mobile devices for work contributes to increased exposure to cyber-attacks and, consequently, security and knowledge leakage risks. Design/methodology/approach This research used a mixed-method approach by using survey questionnaires to elicit the views of millennials regarding the cybersecurity risks associated with bring your own device policies and practices. Interviews were done with security personnel. Data analysis consisted of descriptive analysis and open coding. Findings The results indicate that millennials expect to have ready access to technology and social media at all times, irrespective of security and privacy concerns. Companies also need to improve and enforce bring your own device policies and practices to mitigate against knowledge leakage and security risks. Millennials increasingly see the use of personal devices as a right and not a convenience. They are expecting security measures to be more seamless within the full user experience. Originality/value This paper can help organizations and millennials to understand the security risks entering the workforce if the threats of using privately owned devices on the job are ignored and to improve organizational performance.

A password-authenticated secure channel for App to Java Card applet communication

2015 ◽  
Vol 11 (4) ◽  
pp. 374-397 ◽  
Author(s):  
Michael Hölzl ◽  
Endalkachew Asnake ◽  
Rene Mayrhofer ◽  
Michael Roland
Keyword(s):  
Mobile Devices ◽  
Data Transfer ◽  
Computation Time ◽  
Security And Privacy ◽  
Sensitive Data ◽  
Content Type ◽  
Fine Grained ◽  
Java Card ◽  
Dedicated Hardware ◽  
Secure Channel

Purpose – The purpose of this paper is to design, implement and evaluate the usage of the password-authenticated secure channel protocol SRP to protect the communication of a mobile application to a Java Card applet. The usage of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing or mobile digital identities has continuously risen in recent years. This development makes the protection of personal and security sensitive data on mobile devices more important than ever. Design/methodology/approach – A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications. Findings – To address this issue, this paper presents a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a and SRP-5), an authenticated key agreement protocol, with a user-provided password at run-time. Originality/value – By exploiting the Java Card cryptographic application programming interfaces (APIs) and minor adaptations to the protocol, which do not affect the security, the authors were able to implement this scheme on Java Cards with reasonable computation time.

scholarly journals Using the Same PayWord Chains Associated with a Single Account from Multiple Mobile Devices

2020 ◽  
Vol 2020 ◽  
pp. 1-6
Author(s):  
Tao-Ku Chang ◽  
Fu-Hao Yeh
Keyword(s):  
Mobile Devices ◽  
Personal Data ◽  
Security And Privacy ◽  
Mobile Payments ◽  
Multiple Devices ◽  
Privacy Risks

Customer awareness and interest in mobile payments are increasing. However, security and privacy risks remain major barriers to their adoption, with customers worrying about their personal data being hacked or intercepted. In this paper, we present the design of a secure scheme for mobile payments that can guarantee mutual nonrepudiation between the customer, merchant, and banker. A customer can use the proposed scheme to make a payment with the same PayWord chains of a single account from multiple devices.

Usable and Secure P2P VoIP for Mobile Use

2015 ◽  
Vol 7 (1) ◽  
pp. 25-41
Author(s):  
Joakim Koskela ◽  
Kristiina Karvonen ◽  
Theofanis Kilinkaridis
Keyword(s):  
Mobile Devices ◽  
Communication Systems ◽  
Usability Testing ◽  
Voice Over Ip ◽  
End Users ◽  
Peer To Peer ◽  
Security And Privacy ◽  
Security Threats ◽  
P2p Networks ◽  
Mobile Use

The use of Voice over IP (VoIP) applications is relatively insecure and can involve a number of security threats and usability issues, potentially leading to loss of privacy. With the adoption of future peer-to-peer (P2P) communication systems the challenges grow even more as we need to rely on untrusted peers to access the service. The authors have developed a P2P VoIP system for mobile devices, which features techniques for improving the security and privacy of users in P2P networks. However, due to the fundamental differences in how the services are provided, the threats are not likely to be immediately understandable to the end users. Presenting these threats in an easy-to-use fashion can be quite challenging. The authors have sought to improve the usability of the emerging application by conducting iterative rounds of user interviews, questionnaires and usability testing with potential end users.

Security and Privacy Issues, Solutions, and Tools for MCC

2016 ◽  
pp. 79-99
Author(s):  
Darshan M. Tank
Keyword(s):  
Cloud Computing ◽  
Mobile Devices ◽  
Mobile Cloud Computing ◽  
Mobile Network ◽  
Wireless Channel ◽  
Security And Privacy ◽  
Mobile Cloud ◽  
Processing Power ◽  
Key Issues ◽  
Self Service

With the development of cloud computing and mobility, mobile cloud computing has emerged and become a focus of research. Mobile Cloud Computing (MCC) integrates mobile computing and cloud computing aiming to extend mobile devices capabilities. By the means of on-demand self-service and extendibility, it can offer the infrastructure, platform, and software services in a cloud to mobile users through the mobile network. There is huge market for mobile based e-Commerce applications across the globe. Security and privacy are the key issues for mobile cloud computing applications. The limited processing power and memory of a mobile device dependent on inherently unreliable wireless channel for communication and battery for power leaves little scope for a reliable security layer. Thus there is a need for a lightweight secure framework that provides security with minimum communication and processing overhead on mobile devices. The security and privacy protection services can be achieved with the help of secure mobile-cloud application services.

Sign in / Sign up

Export Citation Format

Share Document