Abstract
The advent of the Internet, and advances in computing and phone technology have transformed the way society interacts and conducts business. There are well established security processes and protocols that exist to protect people's privacy and the sensitive credentials needed for secure transactions. However, many areas of the world do not have access to the high-quality technical infrastructure, equipment and expertise necessary for these security procedures to be effective. These are challenging environments, and this thesis examines how mobile devices can be used to enhance the security of applications in them.
Three application areas are investigated: remote e-voting; m-payments; and authentication. Two of these areas are then investigated in the (differently challenged) online Virtual World (VW) environment.
Eight use cases are presented in total, employing a range of features available on mobile phones to address identified security issues. The main contributions can be found in solutions that introduce security through a Smart Card Web Server (SCWS) application installed on the tamper-resistant smart card chip Subscriber Identity Module (SIM) found in a mobile device. These solutions include remote e-voting on a mobile device, branchless banking and offline Single Sign-On authentication. The use of well-established and standardised security protocols with tamper-resistant hardware enhances the security of these proposals, and distributing processing to a number of SIMs protects against attacks such as Distributed Denial of Service.
Other work describes a Bitcoin SMS m-payment scheme, and preliminary investigations into the potential for using gesture recognition dynamic biometrics on a mobile phone. The VW applications, log-in authentication and in-world voting, are also outlined.
All proposals are analysed (informally and formally if appropriate) with respect to defined security requirements. A discussion of the security and practicality of SCWS solutions is given, along with suggested future research directions.
Three application areas are investigated: remote e-voting; m-payments; and authentication. Two of these areas are then investigated in the (differently challenged) online Virtual World (VW) environment.
Eight use cases are presented in total, employing a range of features available on mobile phones to address identified security issues. The main contributions can be found in solutions that introduce security through a Smart Card Web Server (SCWS) application installed on the tamper-resistant smart card chip Subscriber Identity Module (SIM) found in a mobile device. These solutions include remote e-voting on a mobile device, branchless banking and offline Single Sign-On authentication. The use of well-established and standardised security protocols with tamper-resistant hardware enhances the security of these proposals, and distributing processing to a number of SIMs protects against attacks such as Distributed Denial of Service.
Other work describes a Bitcoin SMS m-payment scheme, and preliminary investigations into the potential for using gesture recognition dynamic biometrics on a mobile phone. The VW applications, log-in authentication and in-world voting, are also outlined.
All proposals are analysed (informally and formally if appropriate) with respect to defined security requirements. A discussion of the security and practicality of SCWS solutions is given, along with suggested future research directions.
Original language | English |
---|---|
Qualification | Ph.D. |
Awarding Institution |
|
Supervisors/Advisors |
|
Award date | 1 May 2018 |
Publication status | Unpublished - 2018 |
Keywords
- mobile devices
- Security
- Remote E-Voting
- m-payment systems
- Virtual Worlds
- Authentication
- Smart Card Web Server