Wireless Network Security Projects
This project addresses how to improve existing and upcoming mobile security technologies (USIM, ISIM, GBA, ) in order to enhance mobile user security experience, and also to increase trust in mobile social network providers aiming to become identity providers.
Yucheng Wu, Master Thesis worker explains how it works:
Social networks are well established on the Internet and moving into the mobile space by incorporating mobile features such as geo-location, short messaging, multimedia message among others.
Trends indicate that mobile social networks would rapidly adopt new wireless features such as upcoming direct-mode and proximity services that assume some sort close physical presence and human interaction. However, social networks users have been affected due to serious security and privacy deficiencies. Such incidents shouldn't happen in mobile social networks since mobile networks/handsets are known to be trusted by users and so should continue being.
The Social Wireless Network Secure Identification project
This project addresses how to improve existing and upcoming mobile security technologies (USIM, ISIM, GBA, ) in order to enhance mobile user security experience, and also to increase trust in mobile social network providers aiming to become identity providers. Furthermore, as existing technologies may not be efficient in new mobile social scenarios, this project will research on new human-scale security protocols that take into consideration the human factor in novel direct-communication services. The results from this project would be beneficial to the mobile industry network infrastructure manufacturers with new functionality supporting mobile social networks, and also for handset manufactures that can add value to social middleware stack in their devices.
Currently the SWiN project focuses on the following tree aspects:
A basic requirement for any secure service is that the users (or their pseudonyms) are authenticated. On the other hand, for the sake of usability, one should limit the amount of credentials the user need to handle. Mobile devices have a strong means of authentication by using the EAP-AKA protocol. However only a limited number of actors (namely the operators) can use this authentication. Therefore an alternative has to be found in order to generate and share key material between the mobile phone and operator-independent service providers. We are currently investigating the use of the Generic Authentication Architecture (GAA) standard for providing means of authentication to mobile phones and service providers.