In the current mobile communication networks, users have to trust network operators to make correct charges over the calls they made. There is lack of evidence to resolve possible disputes over the number of calls and the duration of each call. Such a concern may grow when users roam among different network operators. This paper proposes an efficient solution to undeniable billing when a mobile user roams into foreign networks. This is achieved by the combination of digital signature and hash-chaining techniques. Mobile users need to submit a digital signature when requesting a call and release chained hash values during the session so that the call and its duration are undeniable. Our mechanism is light-weighted regarding the storage requirement and computation overheads on a mobile user, and is applicable for mobile phone users equipped with a smart card. Keywords: undeniable billing, mobile communication security, non-repudiation, cryptographic protocol 1 Introduction Mobile comm...

Mobile computing and communication is a rapidly developing area. But mobility is associated with problems for security and privacy beyond those in open networks. A well known threat is tracking user movements. New risks are caused by the mobility of users, the portability of computers, and wireless links which include dynamics, resource dependencies and additional information to ensure the communication. This paper surveys the new challenges and the research on security issues in mobile data management, access and transfer. We investigate the issues concerning database specific security which have to be reconsidered. We will identify a basic characteristic of these security issues, adaptability, to answer the dynamics. 1 Introduction The development of mobile devices make new applications conceivable through ubiquitous computing. For example, mobile work "on-the-spot" like disaster recovery and maintenance tasks as well as business trips are possible. Mobile computing and communicati...

This thesis explores the provision of End System (ES) mobility on large, datagram-based, internetworks.

Two of the major concerns in the practical deployment of mobile computing systems are security and accounting. This paper describes a new security protocol which provides mutual authentication, data and location privacy, and accounting for mobile communications efficiently. It describes an implementation of the protocol and formally proves its correctness. The novelty of the protocol lies in the following points: (a) optimization for the common case of authentication upon handoff in order to solve the problems induced by high network latency and network partitions, (b) the mechanism for generation of the shared keys during authentication, (c) mechanism for generation of nonces, (d) location privacy using a combination of dynamic addressing and the security protocol, and (e) integration of accounting in the security protocol. A partially addressed problem in this paper is providing secure multicast. 1 Introduction Recent years have witnessed explosive development in the por...

In this work we design and implement ESCORT, a backward compatible, efficient, and secure access control system, to facilitate mobile wireless access to secured wireless LANs. In mobile environments, a mobile guest may frequently roam into foreign domains while demanding critical network services. ESCORT provides instant yet secure access to the mobile guest based on the concept of "escort", which refers to a special network object with four distinct properties: (1) The escort is already a trusted permanent or semi-permanent component of the secured wireless LAN; (2) The mobile guest and the escort have established transient but mutual trust; (3) Communication between the escort and its guests is localized. The escort forwards data packets between the mobile guest and the LAN; (4) The implementation of escort can be mobile and tamper-resistant, thus it can roam with the mobile guest without being compromised. Existing network concepts (e.g., router, gateway) and security concepts (e.g., existing access control models and authorities) do not possess at least one of the four essential properties. As a permanent component of wireless LAN, the communication channel between the escort and the LAN can be secured by effective countermeasures like 802.11i TKIP and AES-CCMP. Therefore, ESCORT addresses the challenge of providing efficient mobile privacy support between the escort and its mobile guests. Three aspects of mobile privacy, namely content privacy, identity privacy, and location privacy are covered in ESCORT design to maximize the protection offered to ESCORT's mobile guests. We use actual implementation to demonstrate that ESCORT design is feasible and efficient.

Abstract—In this paper, a secure and anonymous conference call set-up scheme is proposed for a portable cellular mobile system. The proposed scheme uses an identity-based concept and enables a mobile unit and a base station to directly authenticate each other by their public identity. It provides mobile subscribers with user identification privacy. Each mobile unit joining in this system can determine whether it is part of a conference call, but it cannot derive any further information about who else is also in the conference. That is to say, an anonymous property, accomplished through the aspect of the knapsack-like cipher mechanism, is achieved among the communicating mobiles. Furthermore, reauthentication in the course of hand-off is also discussed and the reauthentication procedure is performed through a privacy homomorphism mechanism. The time computation with an 8-bit microcontroller handset is acceptable for performing an anonymous conference call in such mobile systems. Therefore, our scheme is feasible and able to be implemented in the existing wireless exploration environment. Index Terms—Authentication, anonymity, group communications, identity-based cryptosystem, security. 1

. Mobile communication is more vulnerable to security attacks such as interception and unauthorized access than fixed network communication. To overcome these problems, many protocols have been proposed to provide a secure channel between a mobile station and a base station. However, the public-key based protocols are not fully utilized due to the poor computing power and the small battery capacity of a mobile station. In this paper, we propose some techniques accelerating public-key based key establishment protocols between a mobile station and a base station. The proposed techniques enable a mobile station to borrow computing power from a base station without revealing its secret information. The proposed schemes accelerate the previous protocols up to five times and reduce the amount of power consumption of a mobile station. The proposed schemes use SASC (Server-Aided Secret Computation) protocols that are used for smart cards. Our insight is that the unbalanced prope...

The combination of Internet and mobile communication has introduced more security problems than the traditional mobile network such as GSM or CDPD which assumes that the fixed network is secured. The environment of Mobile IP is a global scale, administratively heterogeneous, network environment. It is necessary to establish the trust relationship between any pair of the parties --- the mobile, the home agent and the foreign agent--- at registration and prevent the fraudulent use of the mobile provider's service. The certified public key mechanism is used in this protocol to provide secured registration. This work was supported by a grant from Canadian Institute for Telecommunication Research (CITR) under the NCE Program of the Government of Canada. 1 Introduction As the commercial use of the Internet becomes more common and the demand for mobile computing through the Internet increases, it is necessary to provide scalable authentication and key distribution support in the Mobile IP...

In wireless roaming a mobile device obtains a service from some foreign network while being registered for the similar service at its own home network. However, recent proposals try to keep the service provider role behind the home network and let the foreign network create a tunnel connection through which all service requests of the mobile device are sent to and answered directly by the home network. Such Wireless Roaming via Tunnels (WRT) offers several (security) benefits but states also new security challenges on authentication and key establishment, as the goal is not only to protect the end-to-end communication between the tunnel peers but also the tunnel itself. In this paper we formally specify mutual authentication and key establishment goals for WRT and propose an efficient and provably secure protocol that can be used to secure such roaming session. Additionally, we describe some modular protocol extensions to address resistance against DoS attacks, anonymity of the mobile device and unlinkability of its roaming sessions, as well as the accounting claims of the foreign network in commercial scenarios.

Abstract — Emerging broadband access technologies such as 802.11 are enabling the introduction of wireless IP services to an increasing number of users. The market forecasts suggest that a new class of network providers, commonly referred to as Wireless Internet Service Providers (WISP), will deploy public wireless networks based on these new technologies. In order to offer uninterrupted IP service combined with ubiquitous seamless mobility, these multi-provider networks need to be integrated with each other, as well as with wide-area wireless technologies, such as thirdgeneration CDMA-2000 and UMTS. Therefore, efficient authentication and dynamic key exchange protocols that support heterogeneous domains as well as networks with roaming agreements across trust boundaries are key to the success of wide-area wireless IP infrastructures. In this paper, we first describe a simple network model that accounts for heterogeneity in network service providers, and put forward the requirements that any authentication and key exchange protocol that operates in such model should satisfy, in terms of network efficiency, security and fraud prevention. We then introduce a new authentication and key exchange protocol, called Wireless Shared Key Exchange (W-SKE). We characterize properties and limitations of W-SKE against the requirements discussed earlier. Finally, we contrast W-SKE against other wellknown and emerging approaches. 1