A Hierarchical Framework Model of Mobile Security - Semantic Scholar

A Hierarchical Framework Model of Mobile Security Jun-Zhao Sun, Douglas Howie, Antti Koivisto, and Jaakko Sauvola MediaTeam Oulu, MVMP, Infotech Oulu Tutkijantie 2 B, FIN-90570 University of Oulu, Finland Email: junzhao / douglas / anttik / jjs @ee.oulu.fi Abstract—As wireless communications and mobile multimedia services are booming nowadays, systematic research of the overall aspects of mobile security is crucial. This paper presents a framework model for guiding the systematic investigation of mobile security. Based on the introduction of some background viewpoints of security targets from a novel perspective, the framework is described as a hierarchical model in which mobile security research is partitioned into three different layers, including Property Theory, Limited Targets, and Classified Applications. Key research topics in each layer are discussed respectively in detail. In the Property Theory layer, some basic topics related to security are provided. Then, security issues in networks, computing, and multimedia processing are fused together in the Limited Targets layer upon the limitation operator of mobile technology. Finally, the Classified Applications layer proposes a brief categorization of mobile applications, and the security topics in one representative field, i.e. mobile E-commerce, are presented as an illustration.

I. INTRODUCTION The tremendous demands from social markets are pushing the booming development of mobile communications faster than ever before, and therefore plenty of new advanced techniques emerge. Wider bandwidth, manifold networks, and more powerful processing capability, together with advances in computing technology have brought more and more miscellaneous services to be delivered with more excellent quality. Mobile service subscribers in some advanced countries have already surpassed fixed communications, and it was predicted that by 2003 the mobile user base would exceed 1 billion, and 2 billion by 2005. Now is the time for deploying 3G mobile communications while research of 4G is just in the ascendant [1]. The phenomenal growth in mobile and wireless communications entails the serious problem of security. The causes, mainly due to the frangibility of wireless and mobile features and the variety of applications and services, fall into the following categories: • The physical weaknesses and limitations of mobile and wireless communications, e.g. high error rate and unpredictable error behaviour due to external interference and mobility, introduce influences on characteristics of not only performance, but also security. • The entirely exposed environment of wireless air radio and field devices provides much more opportunities of

being subject to malicious attacks and/or being susceptible to accidental interferences. • Applications are becoming more and more important than ever, including mobile applications and services in areas of military, health care, business, finance, etc. • Other services may bring users easily in contact with possible threats of intruding privacy, e.g. locationawareness services and context-based applications. • Contents of provided services, most of which are multimedia-type, are valuable not only to subscribers but also to composers and providers, and thus secure protective measures are needed. Obviously the simple migration of methods used in wired communications in order to obtain security into a mobile scenario cannot satisfy the requirements of anyone besides hackers. Many studies have focused mainly on mobile subscriber authentication, radio-path encryption [2-4], and secure mobile IP [5, 6], but so-called “mobile security” by no means involves only these relative independent and narrow domains. We indeed need a more systematic approach to gear up the research on mobile security. In this paper, we present a framework for the systematic research of mobile security. The framework is figured as a hierarchical model in which the research of mobile security is divided into three different layers: Property Theory, Limited Targets, and Classified Applications. Key research topics in each layer are discussed respectively in detail. This paper is structured as follows. In Section II, some background information related to the framework construction of mobile security is introduced. The description of mobile security framework is presented in Section III. Section IV mainly discusses the key research issues in each of the three layers composing the framework. Finally, we summarize the paper by conclusions in Section V. II. BACKGROUND OF SECURITY TARGETS Regarding the term of mobile security, it is really a straightforward perspective to position its targets only on mobile and wireless networks and communications. The fact is, however, that research on networks is neither the only concern nor even the most important one. It is a misunderstanding to think that concentrating the whole attention on OSI reference model is an easy and efficient approach whenever networks are concerned. As for the research of security, we need to consider three complementary targets, including networking, computer and computing, and media processing.

III. MOBILE SECURITY FRAMEWORK This section briefly outlines the sketch of the mobile security framework model that we propose. The framework layout is figured as a hierarchical architecture consisting of,

Media Communications Text Image Audio Video Hyper-M Media Computing

Media Processing

Digitizing Compression Enhancement Recognition

Computer & Computing

QoS; Distributed MM Application Layer Transport Layer Network Layer Data Link Layer Physical Layer Communication Entity

Network Multimedia Systems & Services

Networking Wireless/Mobile Wired/Fixed

Networking research is considered, more or less, to be on a comparatively lower level than the other two targets. Studies of networks can be categorized according to two different aspects from longitudinal and transverse axes respectively, i.e. infrastructure and protocol. Concerning infrastructures, the most common taxonomy is to divide the target into wireless and wired networks, which can be replaced with mobile and fixed networks on most occasions. To investigate protocols, obviously the seven-layer OSI Reference Model is the most popular one, while the five-layer TCP/IP Reference Model can be treated as a special case of the general model. As for the target of computer and computing, we consider some security-related topics on different levels. Database plays a more important role than ever before since network multimedia services rapidly increase, and at the same time novel types like distributed web databases are emerging for the management of multiform resources. Distributed and mobile computing forms give full play to their abilities on the increasing platform of networks. Software agent is becoming an indispensable concept for the development of open distributed applications, which also continuously makes Java one of the most important programming languages. Besides the quick development of traditional operating systems as distributed/networks OS and PC OS, embedded OS and light OS have gained a considerable reputation. This situation with OS can also be seen in the field of terminals, together with the trend that portable terminals exceed fixed ones. Media processing seems to be the high level target that needs protection by security techniques, with the interfaces of media communications to networks and media computing systems to computers. Usually the multifarious types of media can be divided into discrete and continuous media. Discrete media, e.g. different fonts/styles/formats of text pages and different resolutions of images, are timeindependent and sometimes the term of static media is also applicable. Continuous media or dynamic media always has temporal features, e.g. audio (music and speech) and video (animation and digital video). Hypermedia is not constrained to be linear, which contains links to other media. Combination of two or more media streams, while synchronized with each other, is referred to as multimedia. Different media processing approaches can be used on different types of media in order to obtain different kinds of results, but on the other hand it is still possible to realise some common ideas. Examples include media digitizing, coding technology and standards of media compression, media enhancement, and media recognition. Fig. 1 presents a paradigm of the three targets together with their taxonomy, where shaded backgrounds represent interfaces between them.

Human Interfaces Databases Computing Modes Programming Languages Operating Systems Terminals & Devices Computer Networks

Fig. 1. Three targets related to security from bottom to top, three different layers including Property Theory layer, Limited Targets layer, and Classified Applications layer, as illustrated in Fig. 2. A more detailed explanation of each layer of the framework model can be found in the next section. On the lowest layer, Property Theory, some basic issues of security are considered as the fundamental points of mobile security research, as follows. Note that since security can be treated as just a property of information technology and systems, discussions in this layer are common to all the other fields besides the area of mobile communications. • Security objectives, i.e. to formulate and determine what kinds of security goals are going to be achieved and to what extent. • Attacks, i.e. to analyse and distinguish the possible threats and offensive methods from all the directions against which targets are to be protected. • Security mechanisms, i.e. to find and do research on the effective techniques to fulfil security objectives. • Security management, i.e. to prescribe and carry out laws and policies relevant to the administration and maintenance of security targets, including the training of personnel for security consciousness. • Security evaluation, including identification of critical components and assessment of vulnerabilities, inspection of performance interference, evaluation of privacy and robustness, and determination of testing strategy and benchmarks.

Based on the discussion in Section II and using the limitation operator of the term “mobile”, we get the Limited Targets layer as the research domains of mobile security. This layer seems to be the most important part of the whole research layout, since, based on the common security theory

Classified Applications

Messaging UM/PIM/Email/Fax/SMS

Business Mobile E-Commerce

Telephony VoIP/IPT/Conferencing

Others Game/Entertainment

Tele-Services Medicine/GeoProcessing

Copyright Architecture

Mobile Networking

Protocol

Mobile Computing

Limited Targets Mobile Media

Content

Agent OS Terminal

Property Theory Security

Attacks Objectives

Mechanisms Management

Evaluation

• Business, with representative.

mobile

E-Commerce

as

the

Note that there are some overlays between these application classes although most are relatively independent. IV. FRAMEWORK LAYERS DESCRIPTIONS This section describes the framework components on each layer in more detail by figuring the possible research topics. A. Property Theory Layer We focus more on the technical area of security here, which by no means implies that security management and evaluation are less important. In total, there are three different security objectives on data that are to be reached, one or all, including • Confidentiality, i.e. the data can only be used by authorized users and/or parties. • Integrity, i.e. the data cannot be modified during transfer and storage by adversaries. • Availability, i.e. the data is always available for authorized use.

Attacks to security can be classified according to: Fig. 2. Mobile Security Framework below, the specific character of mobile targets is considered in each of the three overlapping targets as follows, which at the same time acts as the main basis for various mobile communication applications further. • Mobile networking, including different mobile network structures and protocols related to security. • Mobile computing, security problems related mainly to mobile agents and light-weight operating systems and terminals, with the stratification concept in mind. • Mobile media, usually two aspects, i.e. media content and copyright, are considered for the security protection during transmission and processing respectively.

Some applications, which cannot be successfully deployed without the support from secure mobile networks and computing and media processing environment, are classified and listed on the top layer. Obviously here are just some representative examples of the diverse applications. • Messaging, e.g. UM (Unified/Universal Message), PIM (Personal Information Management), Email, Fax, SMS (Short Message Service). • Telephony, including VoIP (Voice over IP), IPT (IP Telephony), Video Conference, etc. • Tele-Services, such as Tele-Medicine, TeleGeoProcessing, Tele-Education, etc.

• Intrusion orientations, from both inside and outside. • Sources, from either malicious or unconscientious people as well as physical environment or components. • Attacked targets, including infrastructures (router, server, file, software, protocol, etc.), information (data embezzling, data disrupting, etc.), and service (web sites, FTP archives, etc.). • Methods, including attacking, hijacking, intercepting, monitoring, scanning, sniffing, spoofing, etc.

Security mechanisms and techniques are obviously far more diversiform than can be totally listed here, so only a basic taxonomy is provided below. • Protection, including physical protections, access controls, barring and filtering firewalls, and security protocols. • Cryptography, e.g. encryption algorithms and standards, public and secret key infrastructures, and key management protocols. • Authentication, including data authentication (MACs, digital signatures, digital certificates), party authentication (weak and strong authentications), and user authentication by secret codes (password, PIN) and physical tokens (smart card, etc.) or biometric features (e.g. fingerprints, signatures, blood vessels of retina, voice, facial patterns). • Monitoring and detection, such as auditing, intrusion detection, scanning, incident handling.

B. Limited Targets Layer 1) Mobile Networks: Security issues have not been satisfactorily solved in 2G mobile communication protocols and networks (GSM). The deficiencies and limitations include lack or absence of mutual authentication, end-to-end security, non-repudiation, and user anonymity, together with protocol weaknesses. In 3G wireless networks (IMT-2000), comprehensive requirements are considered, in categories related to access, radio interface, terminal, user association, network operation, security management, etc. As 4G vision is paving its way to reality, more topics of wireless and mobile networks need to be concerned, e.g. mobile ad hoc networks, WLAN, PAN and micro-cellular environments. As for mobile protocols, the research focuses mainly on secure Mobile IP through incorporating IPSEC protocol and extending the Mobile IP protocol. Interesting topics include encryption, authentication, registration, care-of address, handoff, route, firewall, etc. Note that although the mobile attribute throws effects mainly on lower layers of the protocol stack, it also somewhat influences high layer protocols as application and transport. 2) Mobile Computers and Computing: Mobile agent is one of the most popular types of distributed and mobile computing environment [7, 8]. Mobile software agent extends the concept of software object with the attributes and capabilities of mobility, reactivity, autonomy, and collaboration. Generally three different problems need to be considered about the security of mobile agent, including protection of a host from malicious agents, protection of an agent from malicious hosts, and from other agents, where attacks include damage, modification, DoS, breaking of privacy, harassment, etc. As a result, two kinds of security mechanisms are to be studied, as follows: • Host protection, i.e. to protect the host and resource from malicious access through proper definition of interfaces based on Information Fortress Model. Techniques include e.g. authentication credential, access control and monitoring, code verification, limitation techniques, and audit logging. • Agent protection, i.e. to improve reliability through redundancy and improve security through encryption. Approaches include replication, persistence, redirection, encrypted data and code, trail and code obscuring, etc.

Mobile OS is often regarded as a kind of embedded OS, which runs on a light-weight mobile device. The most popular mobile light OSs include Windows CE, Palm OS, and EPOC. Attacks to mobile OS include, just as those taking effect in the PC world, viruses, Trojan horses, and malicious programs in the form of rogue code. Similarly, antivirus programs and application scanners based on hostile behaviour are the two main methods to protect mobile applications and OS. Java seems to be more and more important a programming language for the construction of secure

applications. Whether mobile OS should be open or not continues to be a hot topic for argument. Besides the standpoint of technology, more efforts should be made to draw the attentions of both customers and providers to the possible risks of mobile devices. When terminal security is discussed here, first we mean light-weight terminals such as handheld or palm-size PDAs or computers, second we pay attention to physical-level security since higher level security has been involved in previous discussions. Popular approaches include PIN for user-to-device identification and smart card for device-toconnection authentication. Attacks on Smart Cards fall into two classes: invasive attack e.g. micro-probing to access the chip surface, non-invasive attack e.g. DPA (Differential Power Analysis), where the threat becomes much severe when the attacker can obtain completely unsupervised access to the smart card. Respective countermeasures include e.g. top-layer sensor mesh against invasive attack and randomised clock signal against non-invasive attack. 3) Mobile Multimedia: The overwhelming advantages of digital data have led to all kinds of digital media being composed and distributed widely over the Internet, but then again the possibility of unrestricted duplication and unlimited copying without loss of fidelity is brought along at the same time. Two main techniques exist for the protection of intellectual property rights (IPR): media encrypting and information hiding. The former method takes care of the protection of multimedia data during the transmission process through suitable coding and encryption, while the latter concerns mainly copyright protection and copy prevention. Watermarking, as a special form of encryption, is one of the most important techniques for information hiding, in which a secret imperceptible digital code called digital watermark is embedded into the multimedia data [9]. A watermark often contains information about data origin, status, or destination. Watermarking can be used in a wide range of media, e.g. text document, image, video, and audio. It can also be used for other purposes, including fingerprinting and data authentication as well as embedded data labelling, etc. Many kinds of attacks to a watermark exist, and so watermark robustness is a very important research area leading to the research of watermarking security. C. Classified Applications Layer—Mobile E-commerce This section uses mobile E-commerce as a representation to describe the mobile security issues of the Classified Applications layer. Mobile E-commerce is selected as the discussed example because it is ever-increasingly popular as a wireless Internet application converging a mobile communications network with the Internet, and is thus a promising candidate for the killer application. Obviously the counterpart of mobile E-commerce is the traditional E-commerce on the fixed Internet, while mobile Ecommerce brings it into the mobile contexts: a mobile user via mobile phone through a mobile connection [10, 11].

Mobile E-commerce comprehends all the commerce phases, including the activities of both customer and merchant, from searching the market and browsing sales information, through making an order and payment, to service delivery and customer support, and extends the fixed Web-based Ecommerce with a full adaptation: commerce is available anytime and anywhere at any form, according to user preference. Many security issues in mobile E-commerce should be considered, and possible solutions can be based on the security mechanisms used in the contexts of the three mobile targets which have been introduced in the previous section, while in the following we just provide a brief analysis of key security requirements for a mobile E-commerce application. • Identity Authentication, including the authentications of both customer and merchant, to ensure between each party of the business that the counterpart is truly the expected one. To implement payment, usually a financial institution is included in the scenario. • Data Authentication, to make certain that the received data really comes from the claimed counterpart, and at the same time to prevent the counterpart from denial of the bargain, i.e. non-repudiation. • Secure communication, i.e. to keep the exchanged information integral and confidential during the whole communication interval.

It is worthy to notice that besides the requirements of function and performance, such as protocol, interface, and storage, mobile E-commerce also puts severe requirements on the mobile terminal for security, including possible public key functions for user and merchant authentications, digital signature and certificate for data authentication, and private key functions for secure communication. V. CONCLUSIONS This paper presents a general framework model for the systematic research of mobile security. Some characteristics of the framework are the following: • It is a hierarchical structure in which mobile applications and mobile security targets and a basic security theory are positioned on three different layers from top down. • Classified mobile applications according to the different application scenarios are considered on the top level.

• We discuss mobile security in the entire domain of information technology, including targets in networks and communications, computers and computing, and multimedia processing. • Basic security theories are briefly introduced, including security objectives, attacks, and mechanisms, which are common to any limited area.

Along with the hints in the layout model, key research topics and issues in each of the three levels of the mobile security framework are defined respectively in the paper, demonstrating that the framework can explicitly serve as an effective guide to the systematic research of mobile security. ACKNOWLEDGMENT Financial support by the National Technology Agency of Finland is gratefully acknowledged. REFERENCES [1] B.G. Evans and K. Baughan, “Visions of 4G,” Electronics & Communication Engineering Journal, Vol. 12, No. 6, pp. 293–303, Dec. 2000. [2] C.-C. Lo and Y.-J. Chen, “Secure communication mechanisms for GSM networks,” IEEE Trans. Consumer Electronics, Vol. 45, No. 4, pp. 1074 –1080, Nov. 1999. [3] K. Al-Tawil and A. Akrami, “A new authentication protocol for roaming users in GSM networks,” in Proc. IEEE Int. Symp. Computers and Communications, Red Sea, Egypt, July 1999, pp. 93–99. [4] A. Mehrotra and L.S. Golding, “Mobility and security management in the GSM system and some proposed future improvements,” Proceedings of the IEEE, Vol. 86, No. 7, pp. 1480–1497, July 1998. [5] C. Perkins,“Mobile IP and security issue: an overview, ” in Proc. First IEEE/Popov Workshop on Internet Technologies and Services, Moscow, Russia, Oct. 1999, pp. 131–148. [6] A. Inoue, M. Ishiyama, A. Fukumoto, and T. Okamoto, “Secure mobile IP using IP security primitives,” in Proc. Sixth IEEE Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, MIT, Cambridge, Massachusetts, Jun. 1997, pp. 235–241. [7] Vu Anh Pham and A. Karmouch, “Mobile software agents: an overview,” IEEE Communications Magazine, Vol. 36, No. 7, pp. 26– 37, July 1998. [8] M.S. Greenberg, L.C. Byington, and D.G. Harper, “Mobile agents and security,” IEEE Communications Magazine, Vol. 36, No. 7, pp. 76–85, July 1998. [9] F. Hartung and M. Kutter, “Multimedia Watermarking Techniques,” Proceedings of the IEEE, Vol. 87, No. 7, pp. 1079–1107, July 1999. [10] D. Van Thanh, “Security issues in mobile ecommerce,” in Proc. 11th International Workshop on Database and Expert Systems Applications, Greenwich, London, UK, Sep. 2000, pp. 412–425. [11] C.-W. Lan, C.-C. Chien, M.-Y. Hsieh, and I. Chen, “A mobile ecommerce solution,” in Proc. Int.Symp. Multimedia Software Engineering, Taipei, Taiwan, Dec. 2000, pp. 215–222.