Mobile Computing

Image removed.

The section on mobile computing contains two compendia. The first, titled Recent Research in Mobile Security, lists articles and presentations from, among other sources, the International Symposium on Trust, Security, and Privacy for Emerging Applications held in November, 2013. The second, titled Mobile Computing and Security Articles—Part II, expands and updates the initial bibliography. A great deal of work is going on in mobile communications security. The articles cited here are deemed the most relevant for the Science of Security community because of their specific content.

  • “Analysis of authentication and key establishment in inter-generational mobile telephony”, Chunyu Yang, David Naumann, Susanne Wetzel. International Symposium on Trust, Security, and Privacy for Emerging Applications, November 2013.  Second (GSM), third (UMTS), and fourth generation (LTE) mobile telephony protocols are all in active use, giving rise to a number of interoperation situations. Although the standards address roaming by specifying switching and mapping of established security context, there is not a comprehensive specification of which are the possible interoperation cases, nor is there comprehensive specification of the procedures to establish security context (authentication and short-term keys) in the various interoperation scenarios. This paper systematically enumerates the cases, classifying them as allowed, disallowed, or uncertain with rationale based on detailed analysis of the specifications. The authors identify the authentication and key agreement procedure for each of the possible cases and formally model these scenarios and analyze their security, in the symbolic model, using the tool ProVerif. (ID#:14-1078) Available at: http://www.cs.stevens.edu/~naumann/publications/TangNaumannWetzel2013.pdf
  • “Behavioral Malware Detection in Delay Tolerant Networks”, W. Peng, F. Li, X. Zou, and J. Wu, IEEE Transactions on Parallel and Distributed Systems, 25 (1), pp. 53--63, 2014. Behavioral characterization of malware is an effective alternative to pattern matching in detecting malware, especially when dealing with polymorphic or obfuscated malware. In this paper, the authors propose a general behavioral characterization of proximity malware based on Bayesian model, which has been successfully applied in non-DTN settings such as filtering email spams and detecting botnets. They identify two unique challenges for extending Bayesian malware detection to DTNs ("insufficient evidence versus evidence collection risk" and "filtering false evidence sequentially and distributedly"), and propose a simple yet effective method, look ahead, to address the challenges. (ID#:14-1079)  Available at:  http://www.computer.org/csdl/trans/td/2014/01/ttd2014010053-abs.html
  •  “A Two-stage Deanonymization Attack Against Anonymized Social Networks”,   IEEE Transactions on Computers, W. Peng, F. Li, X. Zou, and J. Wu, 63(2), pp. 290--303, 2014.   Digital traces left by users of online social networking services, even after anonymization, are susceptible to privacy breaches. This is exacerbated by the increasing overlap in user-bases among various services. To alert fellow researchers in both the academia and the industry to the feasibility of such an attack, the authors propose an algorithm, Seed-and-Grow, to identify users from an anonymized social graph, based solely on graph structure. The algorithm first identifies a seed subgraph, either planted by an attacker or divulged by a collusion of a small group of users, and then grows the seed larger based on the attacker's existing knowledge of the users' social relations.  (ID#:14-1080) Available at:  http://www.computer.org/csdl/trans/tc/2014/02/ttc2014020290-abs.html
  • “Smartphone Strategic Sampling in Defending Enterprise Network Security”, Feng Li, Wei Peng, Chin-Tser Huang, and Xukai Zou, ICC 2013.  The susceptibility of smartphones to mobile malware makes them a liability in enterprise network security.  (ID#:14-1081) Available at:  http://cs.iupui.edu/~pengw/doc/pub/li2013smartphone.pdf
  •  “The virtue of patience: offloading topical cellular content through opportunistic links”, Wei Peng, Feng Li, Xukai Zou, and Jie Wu, IEEE international conference on mobile ad-hoc and sensor systems (MASS), 2013. Mobile data offloading is an approach to alleviating overloaded cellular traffic through alternative communication technologies on smartphones. Inspired by the prospect of spontaneous, peer-assisted, bulk data transfer through NFC or Wi-Fi Direct between proximate users’ smartphones, the authors propose a model for mobile data offloading through the opportunistic proximity (e.g., Wi-Fi Direct) links with bounded content delivery delay and differential interests in content. (ID#:14-1082) Available at:  http://cs.iupui.edu/~pengw/doc/pub/peng2013offloading.pdf
  • “Newton: Securing Virtual Coordinates by Enforcing Physical Laws”, J. Seibert, S. Becker, C. Nita-Rotaru and R. State.  IEEE/ACM Transactions on Networking April 2013.  The authors present Newton, a decentralized virtual coordinate system  (VCS) that is robust to a wide class of insider attacks. Newton uses an abstraction of a real-life physical system, similar to that of Vivaldi, but in addition uses safety invariants derived from Newton's laws of motion. As a result, Newton does not need to learn good behavior and can tolerate a significantly higher percentage of malicious nodes. The authors show that Newton is able to mitigate all known attacks against VCSs while providing better accuracy than Vivaldi, even in benign settings. (ID#:14-1083) Available at:  http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6523976&url=http%3A%2F%2Fieeexplore.ieee.org%2Fstamp%2Fstamp.jsp%3Ftp%3D%26arnumber%3D6523976

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.