IMPROVING THE SECURITY OF MOBILE-PHONE ACCESS TO REMOTE PERSONAL COMPUTERS

Alireza P. Sabzevar, João Pedro Sousa

Abstract

Cell phones are assuming an increasing role in personal computing tasks, but cell phone security has not evolved in parallel with this new role. In a class of systems that leverage cell phones to facilitate access to remote services, compromising a phone may provide the means to compromise or abuse the remote services. This paper presents the background to this class of systems, examines the threats they are exposed to, and discusses possible countermeasures. A concrete solution is presented, which is based on multi-factor authentication and an on-demand strategy for minimizing exposure. This solution is built on top of a representative off-the-shelf commercial product called SoonR. Rather than proposing a one-size-fits-all solution, this work enables end-users to manage the tradeoff between security assurances and the overhead of using the corresponding features. The contributions of this paper are a discussion of the problem and a set of guidelines for improving the design of security solutions for remote access systems.

References

  1. Di Pietro, R., Me, G., Strangio, M. A. (2005). "A twofactor mobile authentication scheme for secure financial transactions." International Conference on Mobile Business: 28-34.
  2. Enrico, R., Wetzstein, S., Schmidt, A. (2005). A Framework for Mobile Interactions with the Physical World. Wireless Personal Multimedia Communication Conference (WPMC'05). Aalborg, Denmark.
  3. Flesner, A. (2007). AutoIt v3: Your Quick Guide O'Reilly Media
  4. Hamilton, A. (2007)." Banking Goes Mobile." TIME Magazine, http://www.time.com/time/business/article/ 0,8599,1605781,00.html.
  5. Jammalamadaka, R. C. v. d. H., T.W. Mehrotra, S. Seamons, K.E. Venkasubramanian, N. (2006). "Delegate: A Proxy Based Architecture for Secure Website Access from an Untrusted Machine." Computer Security Applications Conference: 57-66.
  6. Kageyama, Y. (2006). Cell Phone Takes Security to New Heights. The Associated Press.
  7. Kallender, P. (2005). Toshiba software will remotely control PCs by cell phone. COMPUTERWORLD: Today's top stories, http://www.computerworld.com/ softwaretopics/software/story/0,10801,99012,00.html.
  8. Makoto Su, N., Sakane, Y., Tsukamoto, M., Nishio Rajicon, S. (2002). Remote PC GUI operations via constricted mobile interfaces. 8th annual international conference on Mobile computing and networking, Atlanta, Georgia, USA, ACM Press.
  9. Oprea, A., Balfanz, D., Durfee, G., Smetters, D. (2004). "Securing a remote terminal application with a mobile trusted device." Computer Security Applications Conference, 2004. 20th Annual: 438-447.
  10. Roduner, C., Langheinrich, M., Floerkemeier, C., Schwarzentrub, B. (2007). Operating Appliances with Mobile Phones - Strengths and Limits of a Universal Interaction Device. Pervasive 2007, Intl Conference on Pervasive Computing. Toronto, Ontario, Canada.
  11. SoonR-Privacy-Officer. (2007). "Privacy Policy " from http://www.soonr.com/web/front/security.jsp.
  12. Tiwari, R., Buse, S.,and Herstatt, C. (2007). Mobile Services in Banking Sector: The Role of Innovative Business Solutions in Generating Competitive Advantage. Intl Research Conference on Quality, Innovation and Knowledge Management, New Delhi.
  13. Tsai, P., Lei, C., Wang W. (2004). A Remote Control Scheme for Ubiquitous Personal Computing. IEEE International Conference on Networking, Sensing & Control, Taipei, Taiwan.
  14. Van Meggelen, J., Smith, J., Madsen, L. (2005). Asterisk: The Future of Telephony, O'Reilly Media, Inc.
Download


Paper Citation


in Harvard Style

P. Sabzevar A. and Pedro Sousa J. (2008). IMPROVING THE SECURITY OF MOBILE-PHONE ACCESS TO REMOTE PERSONAL COMPUTERS . In Proceedings of the Third International Conference on Software and Data Technologies - Volume 2: ICSOFT, ISBN 978-989-8111-52-4, pages 96-103. DOI: 10.5220/0001892700960103


in Bibtex Style

@conference{icsoft08,
author={Alireza P. Sabzevar and João Pedro Sousa},
title={IMPROVING THE SECURITY OF MOBILE-PHONE ACCESS TO REMOTE PERSONAL COMPUTERS},
booktitle={Proceedings of the Third International Conference on Software and Data Technologies - Volume 2: ICSOFT,},
year={2008},
pages={96-103},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001892700960103},
isbn={978-989-8111-52-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Third International Conference on Software and Data Technologies - Volume 2: ICSOFT,
TI - IMPROVING THE SECURITY OF MOBILE-PHONE ACCESS TO REMOTE PERSONAL COMPUTERS
SN - 978-989-8111-52-4
AU - P. Sabzevar A.
AU - Pedro Sousa J.
PY - 2008
SP - 96
EP - 103
DO - 10.5220/0001892700960103