1 security challenges of location-aware mobile business emin islam tatlı, dirk stegemann...
Post on 18-Dec-2015
215 views
TRANSCRIPT
![Page 1: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/1.jpg)
1
Security Challenges of Location-Aware Mobile Business
Emin Islam Tatlı, Dirk Stegemann
Theoretical Computer Science, University of Mannheim
February 2005
![Page 2: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/2.jpg)
2
Outline
The Mobile Business Research Group
Context- and Location-awareness
Application Logic Framework
Security Challenges
Further Research
![Page 3: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/3.jpg)
3
Mobile Business Research Group
Generic platform for location-based and context-based mobile business applications
Joint project of 7 research groups at the University of Mannheim
Cooperations with SAP AG, Walldorf CAS Software AG, Karlsruhe
Web: http://www.m-business.uni-mannheim.de/
![Page 4: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/4.jpg)
4
Location and Context
Context = any information that can be used to characterize the situation of an entity
Examples: location, time, identity, level of mobility
A Context-based application considers context when providing its service.
![Page 5: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/5.jpg)
5
Examples
Find the nearest haircutter
Display the special offers of nearby shops that sell men’s shirts
Find a pizza delivery service that can deliver my favorite pizza for less than 8 EUR within 15 minutes to my current location
Location-based Post-it
![Page 6: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/6.jpg)
6
Application Logic
CONTEXT AWARE MOBILE BUSINESS SERVICES
RequestDispatcher
ServiceRegistrationService
Repository
MobileUser
ServiceProviderService
ProviderServiceProvider
1 - register2- service query3- service descriptions
4- service request
5- service result
![Page 7: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/7.jpg)
7
Research Areas
Service-oriented software architecturesService discovery and service brokerageWireless networks, localization,content-to-device adaptionData exchange formats, location-based ontologies
User requirements and preferencesMobile solutions in supply chain management
Security
![Page 8: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/8.jpg)
8
Security Challenges
Anonymity
Privacy of personal data
Confidentiality of the communication
Confidentiality of locally stored data
Usability vs. security
![Page 9: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/9.jpg)
9
Anonymity
Mobile users require to hide their real identityAnonymity ensures that a user may use a resource or service without disclosing the user's identity [1]Service providers require a unique representation of users(partial) Solution Pseudonymity
Pseudonyms are faked names (e.g. nicknames)
![Page 10: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/10.jpg)
10
Unlinkability of Pseudonyms
Linkability of pseudonyms may break anonymity„unlinkability requires that users and/or subjects are unable to determine whether the same user caused certain specific operations in the system“ [1]Mix-net [2] based solutions not flexibleFuture Research Analyzing existing protocols and enhancing them to
satisfy m-business unlinkability
![Page 11: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/11.jpg)
11
Mix-net
Mix:Computer between sender and receiverDecrypts messages and forwards to receiver
Sender ReceiverMix-net
KM(R1, KR(R0,M), Addr_R) KR(R0,M)
Sender
Sender Receiver
Receiver
![Page 12: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/12.jpg)
12
Privacy of Personal Data
Service providers request different kinds of personal data (even only for profiling of users)
Personal data is private, especially location
Privacy is “the ability and/or right to protect your personal secrets” [4]
Solution Identity Manager [5] P3P [6]
![Page 13: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/13.jpg)
13
Identity Manager
Enables full control of personal data
Presents an interface for creating different virtual IDs binding a subset of personal data to each ID
During communication with a service provider, the user chooses a suitable ID for this particular type of communication
Before any personal data is sent to a service provider, the user is asked to allow this transmission
![Page 14: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/14.jpg)
14
Identity Manager (cont.)
quoted from http://tserv.iig.uni-freiburg.de/telematik/forschung/projekte/kom_technik/atus/idm-demo/
![Page 15: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/15.jpg)
15
Confidentiality of the Communication
Communication messages contain sensitive information e.g. personal data, credit card numbers, location, queries of users results from broker registration data of providers
Any mobile device can receive data transmitted over airConfidentiality ensures that unauthorized disclosure of personal data is not possibleSolution End-to-end security (e.g. SSL-based protocol)
Future research How to avoid SSL-handshake delay
![Page 16: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/16.jpg)
16
Confidentiality of Locally Stored Data
Thefts are very common in the mobile world
User’s local data (e.g. profiles, passwords, private keys, etc.) should be protected from unauthorized disclosure
Solution Two-factor authentication Password-based encryption
![Page 17: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/17.jpg)
17
Usability vs. Security
Trade-off usability and security: users prefer usability weak, easily-guessable passwords digital certificates
Different sensitivity of users for securityEnhance usability and security according to personal needsSolution Dynamically configurable security policy
management system
![Page 18: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/18.jpg)
18
Usability vs. Security (cont.)
Components of a dynamically configurable security policy management system Password Manager Single-Sign-On Security Level Manager Identity Manager
![Page 19: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/19.jpg)
19
Research Focus
Design an open security architecture which can easily be integrated within the m-business application
framework
![Page 20: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/20.jpg)
20
Remarks
Workshop 22.03.2005 - Public Workshop on Mobile Business organized by the
University of Mannheim Mobile Business: Geschäftsfelder und Softwaretechnologien More Information:
http://www.m-business.uni-mannheim.de/workshopMBusiness/mBusinessWorkshop.htm
Hiwi Jobs, Studien-, Bachelor- and Diplomarbeiten: Emin Islam Tatlı
A5,6 B105 – [email protected] Dirk Stegemann
A5,6 B125 – [email protected] ... and co-workers in the project
![Page 21: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/21.jpg)
21
References[1] ISO99 ISO IS 15408, 1999, http://www.commoncriteria.org.
[2] D. Chaum. Untraceable Electronic Mail, Return Ad- dresses, and Digital Pseudonyms. Communications of the ACM, 1981.
[3] D. Chaum. The Dining Cryptographers Problem: Unconditional Sender and Receipient Untraceability. Journal of Cryptography, 1988.
[4] Anderson R., Security Engineering, Wiley Computer Publishing, 2001.
[5] U. Jendricke , D. Gerd tom Markotten, Usability meets security - the Identity-Manager as your personal security assistant for the Internet, Proceedings of the 16th Annual Computer Security Applications Conference (ACSAC'00), p.344, December 11-15, 2000.
[6] W3C, P3P (Platform for Privacy Preferences Initiative), http://www.w3.org/P3P/.
[7] OpenCA Research \& Development Labs, www.openca.org.
[8] eTrust Pki, http://www3.ca.com/Solutions/Product.asp?ID=2623.
[9] Netscape Certificate Management System, http://enterprise.netscape.com/products/identsvcs/certmgmt.html.
[10] Raheem Beyah, Shantanu Kangude, George Yu, Brian Strickland, and John Copeland. ``Rogue Access Point Detection using Temporal Traffic Characteristics.'' Appeared in the Proceedings of IEEE GLOBECOM 2004, December 2004.
[11] Preventing Internet Denial-of-Service using Capabilities, Tom Anderson, Timothy Roscoe and David Wetherall. Proceedings of the Second Workshop on Hot Topics in Networking (HotNets-II), Cambridge, MA, USA, November 19-20, 2003.
![Page 22: 1 Security Challenges of Location-Aware Mobile Business Emin Islam Tatlı, Dirk Stegemann Theoretical Computer Science, University of Mannheim February](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649d225503460f949f8922/html5/thumbnails/22.jpg)
22
Security Challenges of Location-Aware Mobile Business
Emin Islam Tatlı, Dirk Stegemann
Theoretical Computer Science, University of Mannheim
February 2005
Thank you for your attention !