A Secure Mobile-based Authentication System

Financial information is extremely sensitive. Hence, electronic banking must provide a robust system to authenticate its customers and let them access their data remotely. On the other hand, such system must be usable, affordable, and portable.We propose a challengeresponse based one-time password (OTP) scheme that uses symmetriccryptography in combination with a hardware security module. The proposed protocol safeguards passwords from keyloggers and phishing attacks.Besides, this solution provides convenient mobility for users who want to bank online anytime and anywhere, not just from their owntrusted computers.

JXTA security in mobile constrained devices

JXME is the JXTA protocols implementation formobile devices using J2ME. Two different flavors of JXME have been implemented, each one specific for a particular set of devices, according to their capabilities. The main value of JXME is its simplicity to create peer-to-peer (P2P) applications in limited devices. In addition to assessing JXME functionalities, it is also important to realize the default security level provided. This paper presents a brief analysis of the current state of security in JXME, focusing on the JXME-Proxied version, identifies existing vulnerabilities and proposes further improvements in this field.

Remote Control of Mobile Devices in Android Platform

Remote control systems are a very useful element to control and monitor devices quickly and easily. This paper proposes a new architecture for remote control of Android mobile devices, analyzing the different alternatives and seeking the optimal solution in each case. Although the area of remote control, in case of mobile devices, has been little explored, it may provide important advantages for testing software and hardware developments in several real devices. It can also allow an efficient management of various devices of different types, perform forensic security tasks, etc ... The main idea behind the proposed architecture was the design of a system to be used as a platform which provides the services needed to perform remote control of mobile devices. As a result of this research, a proof of concept was implemented. An Android application running a group of server programs on the device, connected to the network or USB interface, depending on availability. This servers can be controlled through a small client written in Java and runnable both on desktop and web systems.

Promoting the development of secure mobile agent applications

Peer-reviewed

Towards secure mobile P2P applications using JXME

Mobile devices have become ubiquitous, allowing the integration of new information from a large range of devices. However, the development of new applications requires a powerful framework which simplifies their construction. JXME is the JXTA implementation for mobile devices using J2ME, its main value being its simplicity when creating peer-to-peer (P2P) applications on limited devices. On that regard, an issue that is becoming veryimportant in the recent times is being able to provide a security baseline to such applications. This paper analyzes the currentstate of security in JXME and proposes a simple security mechanism in order to protect JXME applications against a broad range of vulnerabilities.

Protecting mobile agents from external replay attacks

Peer-reviewed

Securing dynamic itineraries for mobile agent applications

In this paper we present a novel mechanism for the protection of dynamic itineraries for mobile agent applications. Itineraries that are decided as the agent goes are essential in complex applications based on mobile agents, but no approach has been presented until now to protect them. We have conceived a cryptographic scheme for shielding dynamic itineraries from tampering, impersonation and disclosure. By using trust strategically, our scheme provides a balanced trade-off between flexibility and security. Our protection scheme has been thought always bearing in mind a feasible implementation, and thus facilitates the development of applications that make use of it. An example application based on a real healthcare scenario is also presented to show its operation.

Security analysis of JXME-Proxyless version

JXME es la especificación de JXTA para dispositivos móviles con J2ME. Hay dos versiones diferentes de la aplicación JXME disponibles, cada una específica para un determinado conjunto de dispositivos, de acuerdo con sus capacidades. El principal valor de JXME es su simplicidad para crear peer-to-peer (P2P) en dispositivos limitados. Además de evaluar las funciones JXME, también es importante tener en cuenta el nivel de seguridad por defecto que se proporciona. Este artículo presenta un breve análisis de la situación actual de la seguridad en JXME, centrándose en la versión JXME-Proxyless, identifica las vulnerabilidades existentes y propone mejoras en este campo.

On an IDS Model for Mobile Ad Hoc Networks

Manet security has a lot of open issues. Due to its character-istics, this kind of network needs preventive and corrective protection. Inthis paper, we focus on corrective protection proposing an anomaly IDSmodel for Manet. The design and development of the IDS are consideredin our 3 main stages: normal behavior construction, anomaly detectionand model update. A parametrical mixture model is used for behav-ior modeling from reference data. The associated Bayesian classi¯cationleads to the detection algorithm. MIB variables are used to provide IDSneeded information. Experiments of DoS and scanner attacks validatingthe model are presented as well.

Security prices and market transparency: the role of prior information

This paper analyzes the role of traders' priors (proper versus improper) on the implications of market transparency by comparing a pre-trade transparent market with an opaque market in a set-up based on Madhavan (1996). We show that prices may be more informative in the opaque market, regardless of how priors are modelled. In contrast, the comparison of market liquidity and volatility in the two market structures are affected by prior specification. Key words: Market microstructure, Transparency, Prior information

The EU as a security provider in its neighbourhood: the case of non-proliferation of WMD in the Mediterranean area

As a consequence of the terrorist attacks of 9/11 and the US-led war against Iraq, WMD and their proliferation have become a central element of the EU security agenda. In December 2003, the European Council adopted even a EU Strategy against Proliferation of WMD. The approach adopted in this Strategy can be largely described as a ‘cooperative security provider’ approach and is based on effective multilateralism, the promotion of a stable international and regional environment and the cooperation with key partners. The principal objective of this paper is to examine in how far the EU has actually implemented the ‘cooperative security provider’ approach in the area which the Non-proliferation Strategy identifies as one of its priorities – the Mediterranean. Focusing on the concept of security interdependence, the paper analyses first the various WMD dangers with which the EU is confronted in the Mediterranean area. Afterwards, it examines how the EU has responded to these hazards in the framework of the Barcelona process and, in particular, the new European Neighbourhood Policy. It is argued that despite its relatively powerful rhetoric, the EU has largely failed, for a wide range of reasons, to apply effectively its non-proliferation approach in the Mediterranean area and, thus, to become a successful security provider.

When ESDP confronts ENP: security sector reform as a bridge in the EU’s foreign policy

The European Neighbourhood Policy’s birth has taken place in parallel with the renewed momentum of the European Security and Defence Policy, which has launched 14 operations since 2003. Both policies’ instruments have converged in the neighbouring area covered by ENP: Georgia, in the East and the Palestinian Territories in the South. In both cases, the Security Sector Reform strategies have been the main focus for ESDP and an important objective for ENP. In this paper, two objectives are pursued: first, to assess the EU’s involvement in both cases in SSR terms; and second, to analyse whether the convergence of ESDP operations with a broader EU neighbourhood policy implies that the former has become an instrument for the a EU external action.

Gestor de contraseñas en un dispositivo móvil accesible por Bluetooth

Este proyecto nace de la necesidad de dar más seguridad a nuestros datos cuando navegamos por Internet. Se ha implementado un plug-in para el navegador Firefox de Mozilla, que detecta un formulario de login/password conocido y rellena el campo de la contraseña automáticamente. La contraseña estará en nuestro dispositivo móvil y la comunicación entre el navegador y el dispositivo se hará mediante la tecnología Bluetooth.