Challenging Environments: Using Mobile Devices for Security

Sheila Cobourne

Research output: ThesisDoctoral Thesis

1288 Downloads (Pure)

Abstract

The advent of the Internet, and advances in computing and phone technology have transformed the way society interacts and conducts business. There are well established security processes and protocols that exist to protect people's privacy and the sensitive credentials needed for secure transactions. However, many areas of the world do not have access to the high-quality technical infrastructure, equipment and expertise necessary for these security procedures to be effective. These are challenging environments, and this thesis examines how mobile devices can be used to enhance the security of applications in them.
Three application areas are investigated: remote e-voting; m-payments; and authentication. Two of these areas are then investigated in the (differently challenged) online Virtual World (VW) environment.

Eight use cases are presented in total, employing a range of features available on mobile phones to address identified security issues. The main contributions can be found in solutions that introduce security through a Smart Card Web Server (SCWS) application installed on the tamper-resistant smart card chip Subscriber Identity Module (SIM) found in a mobile device. These solutions include remote e-voting on a mobile device, branchless banking and offline Single Sign-On authentication. The use of well-established and standardised security protocols with tamper-resistant hardware enhances the security of these proposals, and distributing processing to a number of SIMs protects against attacks such as Distributed Denial of Service.
Other work describes a Bitcoin SMS m-payment scheme, and preliminary investigations into the potential for using gesture recognition dynamic biometrics on a mobile phone. The VW applications, log-in authentication and in-world voting, are also outlined.
All proposals are analysed (informally and formally if appropriate) with respect to defined security requirements. A discussion of the security and practicality of SCWS solutions is given, along with suggested future research directions.
Original languageEnglish
QualificationPh.D.
Awarding Institution
  • Royal Holloway, University of London
Supervisors/Advisors
  • Mayes, Keith, Supervisor
Award date1 May 2018
Publication statusUnpublished - 2018

Keywords

  • mobile devices
  • Security
  • Remote E-Voting
  • m-payment systems
  • Virtual Worlds
  • Authentication
  • Smart Card Web Server

Cite this