A password-authenticated secure channel for App to Java Card applet communication

Purpose – The purpose of this paper is to design, implement and evaluate the usage of the password-authenticated secure channel protocol SRP to protect the communication of a mobile application to a Java Card applet. The usage of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing or mobile digital identities has continuously risen in recent years. This development makes the protection of personal and security sensitive data on mobile devices more important than ever. Design/methodology/approach – A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications. Findings – To address this issue, this paper presents a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a and SRP-5), an authenticated key agreement protocol, with a user-provided password at run-time. Originality/value – By exploiting the Java Card cryptographic application programming interfaces (APIs) and minor adaptations to the protocol, which do not affect the security, the authors were able to implement this scheme on Java Cards with reasonable computation time.

Download Full-text

Bring your own device to work: How serious is the risk?

Journal of Business Strategy ◽

10.1108/jbs-04-2020-0069 ◽

2020 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Fenio Annansingh

Keyword(s):

Organizational Performance ◽

Mobile Devices ◽

Regulatory Compliance ◽

Cyber Attacks ◽

Security And Privacy ◽

Bring Your Own Device ◽

Security Risks ◽

Content Type ◽

Knowledge Leakage ◽

Policies And Practices

Purpose Currently, one of the most significant challenges organizations face is that corporate data is being delivered to mobile devices that are not managed by the information technology department. This has security implications regarding knowledge leakage, data theft, and regulatory compliance. With these unmanaged devices, companies have less control and visibility, and fewer mitigation options when protecting against the risks of cyber-attacks. Therefore, the purpose of this study is to investigate how millennials' use of personal mobile devices for work contributes to increased exposure to cyber-attacks and, consequently, security and knowledge leakage risks. Design/methodology/approach This research used a mixed-method approach by using survey questionnaires to elicit the views of millennials regarding the cybersecurity risks associated with bring your own device policies and practices. Interviews were done with security personnel. Data analysis consisted of descriptive analysis and open coding. Findings The results indicate that millennials expect to have ready access to technology and social media at all times, irrespective of security and privacy concerns. Companies also need to improve and enforce bring your own device policies and practices to mitigate against knowledge leakage and security risks. Millennials increasingly see the use of personal devices as a right and not a convenience. They are expecting security measures to be more seamless within the full user experience. Originality/value This paper can help organizations and millennials to understand the security risks entering the workforce if the threats of using privately owned devices on the job are ignored and to improve organizational performance.

Download Full-text

SPEProxy: Enforcing fine grained security and privacy controls on unmodified mobile devices

2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON) ◽

10.1109/uemcon.2017.8248985 ◽

2017 ◽

Author(s):

Brian Krupp ◽

Dan Jesenseky ◽

Amanda Szampias

Keyword(s):

Mobile Devices ◽

Security And Privacy ◽

Fine Grained

Download Full-text

Secure Smart Cameras by Aggregate-Signcryption with Decryption Fairness for Multi-Receiver IoT Applications

Sensors ◽

10.3390/s19020327 ◽

2019 ◽

Vol 19 (2) ◽

pp. 327 ◽

Cited By ~ 8

Author(s):

Subhan Ullah ◽

Lucio Marcenaro ◽

Bernhard Rinner

Keyword(s):

Data Transfer ◽

Single Step ◽

Security And Privacy ◽

Sensitive Information ◽

Smart Camera ◽

Sensitive Data ◽

Smart Cameras ◽

Iot Applications ◽

Public Verifiability ◽

Single Receiver

Smart cameras are key sensors in Internet of Things (IoT) applications and often capture highly sensitive information. Therefore, security and privacy protection is a key concern. This paper introduces a lightweight security approach for smart camera IoT applications based on elliptic-curve (EC) signcryption that performs data signing and encryption in a single step. We deploy signcryption to efficiently protect sensitive data onboard the cameras and secure the data transfer from multiple cameras to multiple monitoring devices. Our multi-sender/multi-receiver approach provides integrity, authenticity, and confidentiality of data with decryption fairness for multiple receivers throughout the entire lifetime of the data. It further provides public verifiability and forward secrecy of data. Our certificateless multi-receiver aggregate-signcryption protection has been implemented for a smart camera IoT scenario, and the runtime and communication effort has been compared with single-sender/single-receiver and multi-sender/single-receiver setups.

Download Full-text

TDAS: a touch dynamics based multi-factor authentication solution for mobile devices

International Journal of Pervasive Computing and Communications ◽

10.1108/ijpcc-01-2016-0005 ◽

2016 ◽

Vol 12 (1) ◽

pp. 127-153 ◽

Cited By ~ 11

Author(s):

Pin Shen Teh ◽

Ning Zhang ◽

Andrew Beng Jin Teoh ◽

Ke Chen

Keyword(s):

Mobile Devices ◽

Personal Identification ◽

The Novel ◽

Data Types ◽

Sensitive Data ◽

Data Set ◽

Content Type ◽

Knowledge Based ◽

On Line ◽

Set Up

Purpose The use of mobile devices in handling our daily activities that involve the storage or access of sensitive data (e.g. on-line banking, paperless prescription services, etc.) is becoming very common. These mobile electronic services typically use a knowledge-based authentication method to authenticate a user (claimed identity). However, this authentication method is vulnerable to several security attacks. To counter the attacks and to make the authentication process more secure, this paper aims to investigate the use of touch dynamics biometrics in conjunction with a personal identification number (PIN)-based authentication method, and demonstrate its benefits in terms of strengthening the security of authentication services for mobile devices. Design/methodology/approach The investigation has made use of three light-weighted matching functions and a comprehensive reference data set collected from 150 subjects. Findings The investigative results show that, with this multi-factor authentication approach, even when the PIN is exposed, as much as nine out of ten impersonation attempts can be successfully identified. It has also been discovered that the accuracy performance can be increased by combining different feature data types and by increasing the input string length. Originality/value The novel contributions of this paper are twofold. Firstly, it describes how a comprehensive experiment is set up to collect touch dynamics biometrics data, and the set of collected data is being made publically available, which may facilitate further research in the problem domain. Secondly, the paper demonstrates how the data set may be used to strengthen the protection of resources that are accessible via mobile devices.

Download Full-text

An Efficient Key-Policy Attribute-Based Encryption Scheme with Constant Ciphertext Length

Mathematical Problems in Engineering ◽

10.1155/2013/810969 ◽

2013 ◽

Vol 2013 ◽

pp. 1-7 ◽

Cited By ~ 9

Author(s):

Changji Wang ◽

Jianfa Luo

Keyword(s):

Bilinear Pairing ◽

Security And Privacy ◽

Sensitive Data ◽

Fine Grained ◽

Access Structures ◽

Promising Tool ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Cryptographic Primitive ◽

Key Policy

There is an acceleration of adoption of cloud computing among enterprises. However, moving the infrastructure and sensitive data from trusted domain of the data owner to public cloud will pose severe security and privacy risks. Attribute-based encryption (ABE) is a new cryptographic primitive which provides a promising tool for addressing the problem of secure and fine-grained data sharing and decentralized access control. Key-policy attribute-based encryption (KP-ABE) is an important type of ABE, which enables senders to encrypt messages under a set of attributes and private keys are associated with access structures that specify which ciphertexts the key holder will be allowed to decrypt. In most existing KP-ABE scheme, the ciphertext size grows linearly with the number of attributes embedded in ciphertext. In this paper, we propose a new KP-ABE construction with constant ciphertext size. In our construction, the access policy can be expressed as any monotone access structure. Meanwhile, the ciphertext size is independent of the number of ciphertext attributes, and the number of bilinear pairing evaluations is reduced to a constant. We prove that our scheme is semantically secure in the selective-set model based on the general Diffie-Hellman exponent assumption.

Download Full-text

Research gaps based virtualization in mobile cloud computing

International Journal of Advanced Computer Research ◽

10.19101/ijacr.2020.1048101 ◽

2020 ◽

Vol 10 (51) ◽

pp. 212-222

Author(s):

Boubakeur Annane ◽

Adel Alti ◽

Osman Ghazali

Keyword(s):

Cloud Computing ◽

Mobile Devices ◽

Mobile Cloud Computing ◽

Virtual Machines ◽

Cloud Services ◽

Security And Privacy ◽

Battery Life ◽

Mobile Cloud ◽

Sensitive Data ◽

Cloud Servers

Recently, mobile computing is known as a fast-growing utilization of people's daily life. However, the main is the limited mobile devices’ resources such as processing capability, storage space and battery life. With the development of cloud computing, mobile devices’ resources are improved with the help of cloud services, which resulted an emerged technology named Mobile Cloud Computing (MCC). Although the MCC has several advantages for mobile users, it is also challenged by many critical issues like security and privacy of the mobile user's data that offloaded on the cloud’ servers and processed on the virtual machines (VMs). In virtualization, various investigations showed that malicious users are able to break down the cloud security methods by spreading their VMs in order to alter or violate the user sensitive data that executed on cloud’ VMs. This paper deeply analyzes the recent MCC based virtualization approaches and methods by criticizing them. We found out that no approach protects the data from being stolen while distributed VMs that deployed on different cloud servers exchanging data. Hence, the paper provides practical gaps related to virtualization in MCC and future perspectives.

Download Full-text

A model of mobile technologies acceptance for knowledge transfer by employees

Journal of Knowledge Management ◽

10.1108/jkm-03-2016-0136 ◽

2017 ◽

Vol 21 (5) ◽

pp. 1053-1076 ◽

Cited By ~ 5

Author(s):

Michal Kuciapski

Keyword(s):

Knowledge Management ◽

Knowledge Transfer ◽

Conceptual Model ◽

Mobile Devices ◽

Mobile Technologies ◽

Intention To Use ◽

Content Type ◽

Model Based ◽

New Variables ◽

Practical Implications

Purpose Although mobile devices are ubiquitous among employees, their awareness and readiness to use mobile technologies for competence development is still not widespread and therefore requires further exploration. The purpose of this study is to propose a conceptual model based on the unified theory of acceptance and use of technology (UTAUT) to explain the determinants that affect employees’ intention to use mobile devices and software for knowledge transfer during the process of knowledge management. Design/methodology/approach A conceptual model based on the UTAUT with new variables concerning relative usability (RU) and user autonomy (UA) and new connections between the determinants was developed as a result of a subject matter literature review. A structural equation modelling approach was used to validate the model on the basis of data collected via a survey collected from 371 employees from 21 sectors, both public and private. Findings The UTAUT model extended by new variables like RU and UA explains employee acceptance of mobile technologies for knowledge transfer reasonably well. New proposed variables highlighted that the usability of technology compared to other solutions and user autonomy in the selection and the use of applications have the strongest impact on the employees’ intention to use mobile devices and software for knowledge transfer. Research limitations/implications This model explains the 55 per cent behavioral intention of employees to use mobile technologies for knowledge transfer. Even though it is quite high in terms of acceptance theories, some new variables should be explored. Furthermore, study does not verify whether m-learning acceptance for knowledge transfer is sector-specific. Practical implications Mobile technologies used for knowledge transfer by employees should allow for high UA through their ability to select solutions that they find convenient, use of preferred platforms, personalize applications and utilize devices and software in various environments. They should not be simplified and should have the same functionality and efficiency of use as alternative solutions like web and desktop applications, even if additional effort to learn them would be required. Mobile technologies that take into account UA and RU support the process of employees capturing, distributing and effectively using knowledge. Originality/value The elaborated model provides a valuable solution with practical implications for increasing mobile technologies acceptance for knowledge transfer. The study results contribute both to knowledge management and technology acceptance research fields by introducing two new determinants for the acceptance of technologies in knowledge transfer, such as UA and RU with several additional connections between existing UTAUT variables.

Download Full-text

Local government website usability on mobile devices: test results and recommendations

Digital Policy Regulation and Governance ◽

10.1108/dprg-05-2020-0065 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Karol Król ◽

Dariusz Zdonek

Keyword(s):

Local Government ◽

Mobile Devices ◽

Local Governments ◽

Recent Decade ◽

Test Results ◽

Content Type ◽

Computer Tools ◽

Website Usability ◽

Social Importance ◽

Government Website

Purpose The range of official business that can be handled online has grown in the recent decade. In many cases, e-services are a must. At the same time, the economic impact and social importance of mobile technology have increased. Mobile devices are becoming more and more popular, and their applications diversify. It comes as no surprise that mobile users expect e-services and official information to be available through this channel. The purpose of this paper is to identify problems (difficulties) occurring when browsing websites of local government units (LGU) on mobile devices. Design/methodology/approach The comfort of website browsing depends mostly on the development technique, and the way content is published. Responsive websites are much easier to view on mobile devices than “static” ones. The study involves 400 websites of LGU in Poland. The websites were subjected to quantitative and qualitative analyses with selected techniques and computer tools. Findings The set of 400 websites contained 119 (29.75%) that were not responsive. It exhibited a substantial potential for the optimisation of websites for mobile devices. The study revealed the most common usability failures such as distorted images, “scattered icons”, partial responsiveness and bothersome messages in pop-ups. Originality/value The research identified the most widespread problems with the tested websites. The study yielded recommendations for local governments, which may be useful when managing content, upgrading the website or replacing it with a new one.

Download Full-text

Influence of active methodologies: projects and cases in the development of digital competences with mobile devices

Journal of Applied Research in Higher Education ◽

10.1108/jarhe-05-2020-0149 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Martha Vanessa Agila-Palacios ◽

Ana García-Valcárcel Muñoz-Repiso ◽

María Soledad Ramírez-Montoya

Keyword(s):

Mobile Devices ◽

Mobile Technology ◽

Digital Literacy ◽

Design Methodology ◽

Digital Competence ◽

Content Type ◽

Functional Training ◽

Common Process ◽

Post Test ◽

Case Based Learning

PurposeThe purpose of this paper is to analyze the influence of two active methodologies on digital competences development using mobile devices. The first methodology is project-oriented learning (POL); the second one is case-based learning (CBL). The analyzed digital competences belong to the communication and collaboration area of framework DIGCOMP.Design/methodology/approachThis article shows the results of the quantitative stage with a design pre-experimental pre-test–post-test. A questionnaire was designed and applied to an intentional sample from two different courses. In total, 178 students completed the questionnaire in the pre-test, and after five months, 38 students completed the questionnaire in the post-test.FindingsThe results show that students to whom POL was applied increase by 7% competence of interaction with mobile technology. The results also show that the students to whom CBL was applied to increase all four competencies (interaction +8%, share +6%, collaboration +5%, netiquette +4%).Research limitations/implicationsSelf-perception for the evaluation of digital competence and the short study time are limitations to generalize the results, so a longitudinal study is necessary and complemented with qualitative analysis, to present a better validation of the contribution of active methodologies to the development of digital competences.Originality/valueThe rapid advance of technology and the results of various investigations make evident the need of digital competences development. The most common process is digital literacy through techno-functional training. However, these research results confirm that it is possible to promote these digital competences from a practical view and implicitly in active methodologies educational practices.

Download Full-text

The impact of business networks on foreign subsidiaries development

IMP Journal ◽

10.1108/imp-01-2018-0003 ◽

2018 ◽

Vol 12 (3) ◽

pp. 427-443

Author(s):

Enrico Baraldi ◽

Francesco Ciabuschi ◽

Olof Lindahl ◽

Andrea Perna ◽

Gian Luca Gregori

Keyword(s):

Single Case ◽

Foreign Market ◽

Business Networks ◽

International Expansion ◽

Content Type ◽

Fine Grained ◽

Automatic Control Systems ◽

Industrial Networks ◽

The Impact

Purpose The purpose of this paper is to explore two specific areas pertaining to industrial networks and international business (IB). First, the authors look at how business relationships influence the internationalization in time, from the establishment of the first subsidiary in a foreign market to the following ones, and in space, that is, across different markets. Second, the authors investigate how an increasing external network dependence of subsidiaries in their internationalization may cause a detachment of a subsidiary from the mother company as its knowledge becomes insufficient to guide a subsidiary’s internationalization. Design/methodology/approach This paper utilizes an exploratory, longitudinal, single-case study of Loccioni – a manufacturer of measuring and automatic control systems for industrial customers – to illustrate the specific dynamics of the influences of industrial networks on the internationalization of subsidiaries. Findings The case study helps to elucidate the roles, entailing also free will and own initiative, of small suppliers’ subsidiaries which operate inside several global factories, and how “surfing” on many different global factories, by means of several local subsidiaries, actually supports these suppliers’ own international developments. This notion adds to our understanding of the global factory phenomenon a supplier focus that stresses how the role of suppliers is not merely that of being passive recipients of activities and directions from a focal orchestrating firm, but can also be that of initiative-takers themselves. Originality/value The paper contributes to the IMP tradition by providing a multi-layered and geographically more fine-grained view of the network embedding companies that operate on internationalized markets. This paper thereby sheds light on a less investigated area of research within the IMP tradition: the link between internationalization in different countries and the interconnectedness between the industrial networks spanning these countries. At the same time, this paper contributes to IB theories by showing how a late-internationalizing SME can enter highly international markets by “plugging into” several established “Global Factories” as a way to exploit further opportunities for international expansion.

Download Full-text