Security for computer networks: and introduction to data security in teleprocessing and electronic funds transfer (2nd ed.)
Authentication and delegation with smart-cards
TACS'91 Selected papers of the conference on Theoretical aspects of computer software
IEEE Spectrum
Untraceable off-line cash in wallet with observers
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Communications of the ACM
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Wallet Databases with Observers
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Strong loss tolerance of electronic coin systems
ACM Transactions on Computer Systems (TOCS)
The quest for security in mobile ad hoc networks
MobiHoc '01 Proceedings of the 2nd ACM international symposium on Mobile ad hoc networking & computing
Performance analysis of the CONFIDANT protocol
Proceedings of the 3rd ACM international symposium on Mobile ad hoc networking & computing
On-line e-wallet system with decentralized credential keepers
Mobile Networks and Applications
Self-Organized Public-Key Management for Mobile Ad Hoc Networks
IEEE Transactions on Mobile Computing
Personal trusted devices for web services: revisiting multilevel security
Mobile Networks and Applications - Security in mobile computing environments
Stimulating cooperation in self-organizing mobile ad hoc networks
Mobile Networks and Applications
Towards a new paradigm for securing wireless sensor networks
Proceedings of the 2003 workshop on New security paradigms
Security and identification indicators for browsers against spoofing and phishing attacks
ACM Transactions on Internet Technology (TOIT)
Towards multilaterally secure computing platforms-with open source and trusted computing
Information Security Tech. Report
Simplified privacy controls for aggregated services: suspend and resume of personal data
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Domino: exploring mobile collaborative software adaptation
PERVASIVE'06 Proceedings of the 4th international conference on Pervasive Computing
Data management in mobile peer-to-peer networks
DBISP2P'04 Proceedings of the Second international conference on Databases, Information Systems, and Peer-to-Peer Computing
| Hi-index | 4.10 |
The market for devices like mobile phones, multifunctional watches, and personal digital assistants is growing rapidly. Most of these mobile user devices need security for their prospective electronic commerce applications. While new technology has simplified many business and personal transactions, it has also opened the door to high-tech crime. In this article, we investigate design options for mobile user devices that are used in legally significant applications. Such applications authorize transactions: mobile phone calls, access to an office or car, electronic payment in stores, retrieval of stored medical data, and access to information on portable computers. Digital signatures-the electronic equivalent of handwritten signatures-are at the core of most of these applications and are explained briefly in the "Digital Signatures" sidebar. A trustworthy mobile user device should suit its purpose well and have credible quality. Because mobile user devices act on someone's behalf, we use the analogy of agents to describe approaches to security. There are three types of agent trustworthiness: Personal-agent trust. Here, the device must act according to the user's wishes while it is in the user's hands. For example, it should not sign unintended statements or unintentionally delete electronic money. Captured-agent trust. In this case, the user is protected even if the mobile user device is lost, stolen, or given away (inserted into a point-of-sale terminal or sent away for maintenance). For example, the finder or thief should not be able to sign statements in the legitimate user's name. Undercover-agent trust. In this case the mobile user devices will protect a third party from the device's legitimate user. For example, in prepaid offline payment systems users have so-called "electronic cash" in their mobile user devices, which they can use without connecting to a bank. The bank wants the mobile user device to prevent its legitimate user from "spending" the same bit string in several shops. Contrary to popular belief, undercover-agent trust is not needed in many applications, including online payment systems and general signature applications. A mobile user device by itself may not be able to keep data secret or uncorrupted-it may not be tamper-resistant. A tamper-resistant device is called a security module, whether the security mechanism is on a separate device or incorporated into the mobile user device itself. Such devices secure "mobile" applications and applications on stationary devices like PCs and public kiosks, if all security-relevant actions are controlled via the trustworthy mobile device.