Pub Date : 2018-02-01DOI: 10.1109/MOBISECSERV.2018.8311446
Kota Hoshino, Keiichi Iwamura, Kitahiro Kaneda
Kobayashi et al. proposed a privacy protection surveillance camera system (PPSCS) [4]. PPSCS can maintain the secrecy of the facial image of subject persons (SPs) captured by a surveillance camera, according to their intentions, by using techniques such as mosaicking. In PPSCS, the system cannot remove the mosaicking unless the SP commits a crime. In this study, we propose new applications for the PPSCS and demonstrate its validity. Moreover, we employ necessary improvements to the PPSCS to allow these proposed applications to be implemented, evaluate the risks incurred by the new applications, and demonstrate how the improved PPSCS includes risk countermeasures.
{"title":"Improvement of privacy protection surveillance camera system and its applications","authors":"Kota Hoshino, Keiichi Iwamura, Kitahiro Kaneda","doi":"10.1109/MOBISECSERV.2018.8311446","DOIUrl":"https://doi.org/10.1109/MOBISECSERV.2018.8311446","url":null,"abstract":"Kobayashi et al. proposed a privacy protection surveillance camera system (PPSCS) [4]. PPSCS can maintain the secrecy of the facial image of subject persons (SPs) captured by a surveillance camera, according to their intentions, by using techniques such as mosaicking. In PPSCS, the system cannot remove the mosaicking unless the SP commits a crime. In this study, we propose new applications for the PPSCS and demonstrate its validity. Moreover, we employ necessary improvements to the PPSCS to allow these proposed applications to be implemented, evaluate the risks incurred by the new applications, and demonstrate how the improved PPSCS includes risk countermeasures.","PeriodicalId":281294,"journal":{"name":"2018 Fourth International Conference on Mobile and Secure Services (MobiSecServ)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133706538","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-02-01DOI: 10.1109/MOBISECSERV.2018.8311436
Hideo Nishimura, Yoshihiko Omori, T. Yamashita, Satoru Furukawa
The public key based Web authentication can be securely implemented using modern mobile devices with a hardware-assisted trusted environment such as the Trusted Execution Environment (TEE) as a secure storage of private keys. As a private key is strictly kept secret within the TEE and never leaves the device, there is a usability issue: the user must register the key separately on each device and Web site, which is burdensome for users who start using a new device. The aim of this research is to provide a solution with enhanced usability in key management by relaxing the restriction that the keys never leave the device and allowing the private keys to be shared among the devices while still maintaining an acceptable level of security. We introduce a third party that is responsible for supervising the key-sharing between devices in an authentication system. The third party performs the identification of the owner of each device to mitigate the risk of the keys being illegally shared to another person's device. Also, we propose a secure method for copying keys from the TEE of one device to that of another through a certificate-based mutually authenticated channel. We implemented the copying method in the ARM TrustZone-based TEE and showed that our approach is feasible on a commercially available smartphone.
{"title":"Secure authentication key sharing between mobile devices based on owner identity","authors":"Hideo Nishimura, Yoshihiko Omori, T. Yamashita, Satoru Furukawa","doi":"10.1109/MOBISECSERV.2018.8311436","DOIUrl":"https://doi.org/10.1109/MOBISECSERV.2018.8311436","url":null,"abstract":"The public key based Web authentication can be securely implemented using modern mobile devices with a hardware-assisted trusted environment such as the Trusted Execution Environment (TEE) as a secure storage of private keys. As a private key is strictly kept secret within the TEE and never leaves the device, there is a usability issue: the user must register the key separately on each device and Web site, which is burdensome for users who start using a new device. The aim of this research is to provide a solution with enhanced usability in key management by relaxing the restriction that the keys never leave the device and allowing the private keys to be shared among the devices while still maintaining an acceptable level of security. We introduce a third party that is responsible for supervising the key-sharing between devices in an authentication system. The third party performs the identification of the owner of each device to mitigate the risk of the keys being illegally shared to another person's device. Also, we propose a secure method for copying keys from the TEE of one device to that of another through a certificate-based mutually authenticated channel. We implemented the copying method in the ARM TrustZone-based TEE and showed that our approach is feasible on a commercially available smartphone.","PeriodicalId":281294,"journal":{"name":"2018 Fourth International Conference on Mobile and Secure Services (MobiSecServ)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131185310","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-02-01DOI: 10.1109/MOBISECSERV.2018.8311447
Abdallah Aldosary, Abdulaziz S. Alsayyari, Saad Almesalm
A comparative methodology for performance evaluation of the wireless sensor network (WSN) protocols deployed in sand environment is proposed. This methodology is created based on the usage of empirical radio frequency (RF) propagation model that is able to include environmental factors influencing signal propagation of wireless sensor nodes deployed in sandy environment. Furthermore, radio energy model for predicting energy dissipation of WSN deployed in such environment is derived. In order to demonstrate the performance variances of WSN in this particular environment, a comparison between the simulations of WSN deployments is presented. This comparison shows great differences in the lifetime, and, hence, in the throughput. Moreover, a comparison between the generated results using sand, free space, and two-ray propagation models indicates the imprecision of using these theoretical propagation models to evaluate the performance of WSNs.
{"title":"The impact of sand propagation environment on the performance of wireless sensor networks","authors":"Abdallah Aldosary, Abdulaziz S. Alsayyari, Saad Almesalm","doi":"10.1109/MOBISECSERV.2018.8311447","DOIUrl":"https://doi.org/10.1109/MOBISECSERV.2018.8311447","url":null,"abstract":"A comparative methodology for performance evaluation of the wireless sensor network (WSN) protocols deployed in sand environment is proposed. This methodology is created based on the usage of empirical radio frequency (RF) propagation model that is able to include environmental factors influencing signal propagation of wireless sensor nodes deployed in sandy environment. Furthermore, radio energy model for predicting energy dissipation of WSN deployed in such environment is derived. In order to demonstrate the performance variances of WSN in this particular environment, a comparison between the simulations of WSN deployments is presented. This comparison shows great differences in the lifetime, and, hence, in the throughput. Moreover, a comparison between the generated results using sand, free space, and two-ray propagation models indicates the imprecision of using these theoretical propagation models to evaluate the performance of WSNs.","PeriodicalId":281294,"journal":{"name":"2018 Fourth International Conference on Mobile and Secure Services (MobiSecServ)","volume":"172 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117340433","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-02-01DOI: 10.1109/MOBISECSERV.2018.8311445
P. Urien
This paper introduces some trust issues for blockchain transactions. Such transactions rely on ECDSA signature based on 32 bytes secret keys. Because these keys can be stolen or hacked, we suggest to prevent these risks by using javacard secure elements. We detailed the interface of a Crypto Currency Smart Card (CCSC) designed over a JC3.04 standard platform. We details two use cases. First deals with deployment of the CCSC application in low cost low power object powered by an open hardware (arduino) platform, and integrates sensor data in ethereum transactions. Second proposes the deployment in the cloud of CCSC javacards plugged to RACS servers, in order to enable the remote and safe use of ECDSA signature.
{"title":"Towards secure elements for trusted transactions in blockchain and blochchain IoT (BIoT) Platforms. Invited paper","authors":"P. Urien","doi":"10.1109/MOBISECSERV.2018.8311445","DOIUrl":"https://doi.org/10.1109/MOBISECSERV.2018.8311445","url":null,"abstract":"This paper introduces some trust issues for blockchain transactions. Such transactions rely on ECDSA signature based on 32 bytes secret keys. Because these keys can be stolen or hacked, we suggest to prevent these risks by using javacard secure elements. We detailed the interface of a Crypto Currency Smart Card (CCSC) designed over a JC3.04 standard platform. We details two use cases. First deals with deployment of the CCSC application in low cost low power object powered by an open hardware (arduino) platform, and integrates sensor data in ethereum transactions. Second proposes the deployment in the cloud of CCSC javacards plugged to RACS servers, in order to enable the remote and safe use of ECDSA signature.","PeriodicalId":281294,"journal":{"name":"2018 Fourth International Conference on Mobile and Secure Services (MobiSecServ)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132318806","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-02-01DOI: 10.1109/MOBISECSERV.2018.8311443
Caleb Routh, Brandon DeCrescenzo, Swapnoneel Roy
In this work, we perform security analysis of using an e-mail as a self-service password reset point, and exploit some of the vulnerabilities of e-mail servers' forgotten password reset paths. We perform and illustrate three different attacks on a personal Email account, using a variety of tools such as: public knowledge attainable through social media or public records to answer security questions and execute a social engineering attack, hardware available to the public to perform a man in the middle attack, and free software to perform a brute-force attack on the login of the email account. Our results expose some of the inherent vulnerabilities in using emails as password reset points. The findings are extremely relevant to the security of mobile devices since users' trend has leaned towards usage of mobile devices over desktops for Internet access.
{"title":"Attacks and vulnerability analysis of e-mail as a password reset point","authors":"Caleb Routh, Brandon DeCrescenzo, Swapnoneel Roy","doi":"10.1109/MOBISECSERV.2018.8311443","DOIUrl":"https://doi.org/10.1109/MOBISECSERV.2018.8311443","url":null,"abstract":"In this work, we perform security analysis of using an e-mail as a self-service password reset point, and exploit some of the vulnerabilities of e-mail servers' forgotten password reset paths. We perform and illustrate three different attacks on a personal Email account, using a variety of tools such as: public knowledge attainable through social media or public records to answer security questions and execute a social engineering attack, hardware available to the public to perform a man in the middle attack, and free software to perform a brute-force attack on the login of the email account. Our results expose some of the inherent vulnerabilities in using emails as password reset points. The findings are extremely relevant to the security of mobile devices since users' trend has leaned towards usage of mobile devices over desktops for Internet access.","PeriodicalId":281294,"journal":{"name":"2018 Fourth International Conference on Mobile and Secure Services (MobiSecServ)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131877031","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: