Mobile Device Security

Sirett, W.G., MacDonald, J.A., Mayes, K., Markantonakis, K.: Design, Installation and Execution of a Security Agent for Mobile Stations. In: Domingo-Ferrer, J., Posegga, J., and Schreckling, D. Smart Card Research and Advanced Applications. p. 1-15. Springer Berlin Heidelberg (2006). WebsiteAbstract
In this paper we present a methodology and protocol for establishing a security context between a Mobile Operator's application server and a GSM/UMTS SIM card. The methodology assumes that the already issued Mobile Station is capable but unprepared. The proposed scheme creates a secure entity within the Mobile Station Over The Air (OTA). This secure entity can then be used for subsequent SIM authentications enabling m-Commerce, DRM or web service applications. To validate our proposal we have developed a proof of concept model to install and execute the security context using readily available J2ME, Java Card, J2SE and J2EE platforms, with the KToolBar MIDP2.0 emulator tool from Sun, and a Gemplus Java Card.
Mayes, K., Markantonakis, K.: Mobile communication security controllers an evaluation paper. Information Security Technical Report. 13, 173-192 (2008). WebsiteAbstract
Cellular communication via a traditional mobile handset is a ubiquitous part of modern life and as device technology and network performance continues to advance, it becomes possible for laptop computers, Personal Digital Assistants and even electrical meters to better exploit mobile networks for wireless communication. As the diverse demands for network access and value added services increase, so does the importance of maintaining secure and consistent access controls. A critical and well-proven component of the GSM and UMTS security solution is the smart card in the form of the SIM or USIM respectively. This has also extended into some regions using variants of CDMA standards where the RUIM is specified. However with the enlarged range of communications devices, some manufacturers claim that the hardware selection, chip design, operating system implementation and security concept are different from traditional mobile phones. This has led to a suggestion that types of a Software SIM? should be used as an alternative to the smart card based solution. This paper investigates the suggestion.
Francis, L., Mayes, K., Markantonakis, K.: An Architecture to Support Multiple Subscriber Identity Applications Accessing Multiple Mobile Telecommunication Access Network Systems. Convergence and Hybrid Information Technology (ICCIT'08). Third International Conference on. p. 386-395. IEEE Computer Society (2008).Abstract
With the advances in smart card technology it is quite possible to support more than one type of subscriber identity applications on the same smart card. We propose an architecture capable of hosting multi faceted subscriber identity applications which exploits common functions and data in a secure partitioned manner. The associated security mechanisms are also defined in order to realise its implementation on a single smart card. Our proposed architecture provides a harmonised secure authentication environment. The architecture is extensible to platforms on mobile devices and secure tokens operating across diverse access interfaces. Furthermore, we propose a set of protocols for secure communications between terminal, control module and hosted subscriber identity applications.
Ahmad, Z., Mayes, K.E., Dong, S., Markantonakis, K.: Considerations for mobile authentication in the Cloud. Information Security Technical Report. 16, 123 - 130 (2011). WebsiteAbstract
The Cloud promises significant benefits and opportunities for key players in the mobile communication industry as well as the end users. However, along with these opportunities comes a plethora of security issues including potential attacks, identity authentication, personal data management and privacy. There are issues with the use of legacy security mechanisms and interoperability of the various Smartphone platforms as well as the virtualisation products that are meant to assist with Smartphone security and stability. This paper first considers the general security concerns and how a Subscriber Identity Module-based security framework could be used. It goes on to introduce Smartphone virtualisation and proposes a framework for comparing product capabilities. Finally, use cases are discussed related to personal data security, including data on removable components.
Akram, R.N., Markantonakis, K., Mayes, K.: Location Based Application Availability. In: R. Meersman,, P. Herrero,, and Dillon, T. On the Move to Meaningful Internet Systems: OTM 2009 Workshops. p. 128-138. Springer Berlin Heidelberg, Vilamoura, Portugal (2009).Abstract
Smart cards are being integrated into a diverse range of industries: ranging from banking, telecom, transport, home/office access control to health and E-passport. Traditionally, cardholders are required to carry a smart card for each application. However, recent developments in the Near Field Communication (NFC) have renewed the interest in multiple applications for different services on a single device. This paper builds onto the NFC initiative and avoids the smart card ownership issues that hinder the adoption of such devices. The proposal integrates the Global Positioning System with the NFC in mobile phones to provide a ubiquitously and flexible service access model.