Security and Privacy Enhancement Framework for Mobile Devices using Active Authentication

With the development of cloud computing and mobility, mobile cloud computing has emerged and become a focus of research. Mobile Cloud Computing (MCC) integrates mobile computing and cloud computing aiming to extend mobile devices capabilities. By the means of on-demand self-service and extendibility, it can offer the infrastructure, platform, and software services in a cloud to mobile users through the mobile network. There is huge market for mobile based e-Commerce applications across the globe. Security and privacy are the key issues for mobile cloud computing applications. The limited processing power and memory of a mobile device dependent on inherently unreliable wireless channel for communication and battery for power leaves little scope for a reliable security layer. Thus there is a need for a lightweight secure framework that provides security with minimum communication and processing overhead on mobile devices. The security and privacy protection services can be achieved with the help of secure mobile-cloud application services.

Download Full-text

Bring your own device to work: How serious is the risk?

Journal of Business Strategy ◽

10.1108/jbs-04-2020-0069 ◽

2020 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Fenio Annansingh

Keyword(s):

Organizational Performance ◽

Mobile Devices ◽

Regulatory Compliance ◽

Cyber Attacks ◽

Security And Privacy ◽

Bring Your Own Device ◽

Security Risks ◽

Content Type ◽

Knowledge Leakage ◽

Policies And Practices

Purpose Currently, one of the most significant challenges organizations face is that corporate data is being delivered to mobile devices that are not managed by the information technology department. This has security implications regarding knowledge leakage, data theft, and regulatory compliance. With these unmanaged devices, companies have less control and visibility, and fewer mitigation options when protecting against the risks of cyber-attacks. Therefore, the purpose of this study is to investigate how millennials' use of personal mobile devices for work contributes to increased exposure to cyber-attacks and, consequently, security and knowledge leakage risks. Design/methodology/approach This research used a mixed-method approach by using survey questionnaires to elicit the views of millennials regarding the cybersecurity risks associated with bring your own device policies and practices. Interviews were done with security personnel. Data analysis consisted of descriptive analysis and open coding. Findings The results indicate that millennials expect to have ready access to technology and social media at all times, irrespective of security and privacy concerns. Companies also need to improve and enforce bring your own device policies and practices to mitigate against knowledge leakage and security risks. Millennials increasingly see the use of personal devices as a right and not a convenience. They are expecting security measures to be more seamless within the full user experience. Originality/value This paper can help organizations and millennials to understand the security risks entering the workforce if the threats of using privately owned devices on the job are ignored and to improve organizational performance.

Download Full-text

SPEProxy: Enforcing fine grained security and privacy controls on unmodified mobile devices

2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference (UEMCON) ◽

10.1109/uemcon.2017.8248985 ◽

2017 ◽

Author(s):

Brian Krupp ◽

Dan Jesenseky ◽

Amanda Szampias

Keyword(s):

Mobile Devices ◽

Security And Privacy ◽

Fine Grained

Download Full-text

Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices

10.1145/2994459 ◽

2016 ◽

Keyword(s):

Mobile Devices ◽

Security And Privacy

Download Full-text

A password-authenticated secure channel for App to Java Card applet communication

International Journal of Pervasive Computing and Communications ◽

10.1108/ijpcc-09-2015-0032 ◽

2015 ◽

Vol 11 (4) ◽

pp. 374-397 ◽

Cited By ~ 4

Author(s):

Michael Hölzl ◽

Endalkachew Asnake ◽

Rene Mayrhofer ◽

Michael Roland

Keyword(s):

Mobile Devices ◽

Data Transfer ◽

Computation Time ◽

Security And Privacy ◽

Sensitive Data ◽

Content Type ◽

Fine Grained ◽

Java Card ◽

Dedicated Hardware ◽

Secure Channel

Purpose – The purpose of this paper is to design, implement and evaluate the usage of the password-authenticated secure channel protocol SRP to protect the communication of a mobile application to a Java Card applet. The usage of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing or mobile digital identities has continuously risen in recent years. This development makes the protection of personal and security sensitive data on mobile devices more important than ever. Design/methodology/approach – A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications. Findings – To address this issue, this paper presents a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a and SRP-5), an authenticated key agreement protocol, with a user-provided password at run-time. Originality/value – By exploiting the Java Card cryptographic application programming interfaces (APIs) and minor adaptations to the protocol, which do not affect the security, the authors were able to implement this scheme on Java Cards with reasonable computation time.

Download Full-text