Biblio

In the future Internet of Things, it is envisioned that things are collaborating to serve people. Unfortunately, this vision could not be realised without relations between things and people. To solve the problem this paper proposes a user centric identity management system that incorporates user identity, device identity and the relations between them. The proposed IDM system is user centric and allows device authentication and authorization based on the user identity. A typical compelling use case of the proposed solution is also given.

With the urban traffic planning and management development, it is a highly considerable issue to analyze and estimate the original-destination data in the city. Traditional method to acquire the OD information usually uses household survey, which is inefficient and expensive. In this paper, the new methodology proposed that using mobile phone data to analyze the mechanism of trip generation, trip attraction and the OD information. The mobile phone data acquisition is introduced. A pilot study is implemented on Beijing by using the new method. And, much important traffic information can be extracted from the mobile phone data. We use the K-means clustering algorithm to divide the traffic zone. The attribution of traffic zone is identified using the mobile phone data. Then the OD distribution and the commuting travel are analyzed. At last, an experiment is done to verify availability of the mobile phone data, that analyzing the "Traffic tide phenomenon" in Beijing. The results of the experiments in this paper show a great correspondence to the actual situation. The validated results reveal the mobile phone data has tremendous potential on OD analysis.
 

Participatory sensing tries to create cost-effective, large-scale sensing systems by leveraging sensors embedded in mobile devices. One major challenge in these systems is to protect the users' privacy, since users will not contribute data if their privacy is jeopardized. Especially location data needs to be protected if it is likely to reveal information about the users' identities. A common solution is the blinding out approach that creates so-called ban zones in which location data is not published. Thereby, a user's important places, e.g., her home or workplace, can be concealed. However, ban zones of a fixed size are not able to guarantee any particular level of privacy. For instance, a ban zone that is large enough to conceal a user's home in a large city might be too small in a less populated area. For this reason, we propose an approach for dynamic map-based blinding out: The boundaries of our privacy zones, called Silent Zones, are determined in such way that at least k buildings are located within this zone. Thus, our approach adapts to the habitat density and we can guarantee k-anonymity in terms of surrounding buildings. In this paper, we present two new algorithms for creating Silent Zones and evaluate their performance. Our results show that especially in worst case scenarios, i.e., in sparsely populated areas, our approach outperforms standard ban zones and guarantees the specified privacy level.

Mobile malware threats (e.g., on Android) have recently become a real concern. In this paper, we evaluate the state-of-the-art commercial mobile anti-malware products for Android and test how resistant they are against various common obfuscation techniques (even with known malware). Such an evaluation is important for not only measuring the available defense against mobile malware threats, but also proposing effective, next-generation solutions. We developed DroidChameleon, a systematic framework with various transformation techniques, and used it for our study. Our results on 10 popular commercial anti-malware applications for Android are worrisome: none of these tools is resistant against common malware transformation techniques. In addition, a majority of them can be trivially defeated by applying slight transformation over known malware with little effort for malware authors. Finally, in light of our results, we propose possible remedies for improving the current state of malware detection on mobile devices.

Mobile security is as critical as the PIN number on our ATM card or the lock on our front door. More than our phone itself, the information inside needs safeguarding as well. Not necessarily for scams, but just peace of mind. Android seems to have attracted the most attention from malicious code writers due to its popularity. The flexibility to freely download apps and content has fueled the explosive growth of smart phones and mobile applications but it has also introduced a new risk factor. Malware can mimic popular applications and transfer contacts, photos and documents to unknown destination servers. There is no way to disable the application stores on mobile operating systems. Fortunately for end-users, our smart phones are fundamentally open devices however they can quite easily be hacked. Enterprises now provide business applications on these devices. As a result, confidential business information resides on employee-owned device. Once an employee quits, the mobile operating system wipe-out is not an optimal solution as it will delete both business and personal data. Here we propose H-Secure application for mobile security where one can store their confidential data and files in encrypted form. The encrypted file and encryption key are stored on a web server so that unauthorized person cannot access the data. If user loses the mobile then he can login into web and can delete the file and key to stop further decryption process.

Data confidentiality can be effectively preserved through encryption. In certain situations, this is inadequate, as users may be coerced into disclosing their decryption keys. Steganographic techniques and deniable encryption algorithms have been devised to hide the very existence of encrypted data. We examine the feasibility and efficacy of deniable encryption for mobile devices. To address obstacles that can compromise plausibly deniable encryption (PDE) in a mobile environment, we design a system called Mobiflage. Mobiflage enables PDE on mobile devices by hiding encrypted volumes within random data in a devices free storage space. We leverage lessons learned from deniable encryption in the desktop environment, and design new countermeasures for threats specific to mobile systems. We provide two implementations for the Android OS, to assess the feasibility and performance of Mobiflage on different hardware profiles. MF-SD is designed for use on devices with FAT32 removable SD cards. Our MF-MTP variant supports devices that instead share a single internal partition for both apps and user accessible data. MF-MTP leverages certain Ext4 file system mechanisms and uses an adjusted data-block allocator. These new techniques for soring hidden volumes in Ext4 file systems can also be applied to other file systems to enable deniable encryption for desktop OSes and other mobile platforms.

Today in the world of globalization mobile communication is one of the fastest growing medium though which one sender can interact with other in short time. During the transmission of data from sender to receiver, size of data is important, since more data takes more time. But one of the limitations of sending data through mobile devices is limited use of bandwidth and number of packets transmitted. Also the security of these data is important. Hence various protocols are implemented which not only provides security to the data but also utilizes bandwidth. Here we proposed an efficient technique of sending SMS text using combination of compression and encryption. The data to be send is first encrypted using Elliptic curve Cryptographic technique, but encryption increases the size of the text data, hence compression is applied to this encrypted data so the data gets compressed and is send in short time. The Compression technique implemented here is an efficient one since it includes an algorithm which compresses the text by 99.9%, hence a great amount of bandwidth gets saved.The hybrid technique of Compression-Encryption of SMS text message is implemented for Android Operating Systems.

Recently, the demand for more robust protection against unauthorized use of mobile devices has been rapidly growing. This paper presents a novel biometric modality Transient Evoked Otoacoustic Emission (TEOAE) for mobile security. Prior works have investigated TEOAE for biometrics in a setting where an individual is to be identified among a pre-enrolled identity gallery. However, this limits the applicability to mobile environment, where attacks in most cases are from imposters unknown to the system before. Therefore, we employ an unsupervised learning approach based on Autoencoder Neural Network to tackle such blind recognition problem. The learning model is trained upon a generic dataset and used to verify an individual in a random population. We also introduce the framework of mobile biometric system considering practical application. Experiments show the merits of the proposed method and system performance is further evaluated by cross-validation with an average EER 2.41% achieved.

Near Field Communication (NFC)-based mobile phone services offer a lifeline to the under-appreciated multiapplication smart card initiative. The initiative could effectively replace heavy wallets full of smart cards for mundane tasks. However, the issue of the deployment model still lingers on. Possible approaches include, but are not restricted to, the User Centric Smart card Ownership Model (UCOM), GlobalPlatform Consumer Centric Model, and Trusted Service Manager (TSM). In addition, multiapplication smart card architecture can be a GlobalPlatform Trusted Execution Environment (TEE) and/or User Centric Tamper-Resistant Device (UCTD), which provide cross-device security and privacy preservation platforms to their users. In the multiapplication smart card environment, there might not be a prior off-card trusted relationship between a smart card and an application provider. Therefore, as a possible solution to overcome the absence of prior trusted relationships, this paper proposes the concept of Trusted Platform Module (TPM) for smart cards (embedded devices) that can act as a point of reference for establishing the necessary trust between the device and an application provider, and among applications.

Mobile social networks (MSNs) facilitate connections between mobile users and allow them to find other potential users who have similar interests through mobile devices, communicate with them, and benefit from their information. As MSNs are distributed public virtual social spaces, the available information may not be trustworthy to all. Therefore, mobile users are often at risk since they may not have any prior knowledge about others who are socially connected. To address this problem, trust inference plays a critical role for establishing social links between mobile users in MSNs. Taking into account the nonsemantical representation of trust between users of the existing trust models in social networks, this paper proposes a new fuzzy inference mechanism, namely MobiFuzzyTrust, for inferring trust semantically from one mobile user to another that may not be directly connected in the trust graph of MSNs. First, a mobile context including an intersection of prestige of users, location, time, and social context is constructed. Second, a mobile context aware trust model is devised to evaluate the trust value between two mobile users efficiently. Finally, the fuzzy linguistic technique is used to express the trust between two mobile users and enhance the human's understanding of trust. Real-world mobile dataset is adopted to evaluate the performance of the MobiFuzzyTrust inference mechanism. The experimental results demonstrate that MobiFuzzyTrust can efficiently infer trust with a high precision.