Abstract
Nowadays we can perform business transactions with remote servers interconnected to Internet using our personal devices. These transactions can also be possible without any infrastructure in pure ad-hoc networks. In both cases, interacting parts are often unknown, therefore, they require some mechanism to establish ad-hoc trust relationships and perform secure transactions. Operating systems for mobile platforms support secure communication and authentication, but this support is based on hierarchical PKI. For wireless communications, they use the (in)secure protocol WEP. This paper presents a WCE security enhanced architecture allowing secure transactions, mutual authentication, and access control based on dynamic management of the trusted certificate list. We have successfully implemented our own CSP to support the new certificate management and data ciphering.
Thanks to UBISEC (IST STREP 506926) and EVERYWARE (MCyT N°2003-08995-C02-01) projects.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Visa, MasterCard: Secure electronic transaction SET (1999)
Kent, S.: Privacy enhancement for internet electronic mail (1993)
Dawson, E., Lopez, J., Montenegro, J.A., Okamoto, E.: BAAI: biometric authentication and authorization infrastructure. In: IEEE International Conference on Information Technology (ITRE 2003), IEEE Press, Los Alamitos (2003)
Marsh, S.P.: Formalising Trust as a Computational Concept. PhD thesis, University of Stirling (1994)
Ricci, L., McGinnes, L.: Embedded system security - designing secure system with windows CE. Embedded Computer System, 1–33 (2003)
K., C., et al.: Progress report on the penetration analysis of windows CE (2001)
Leeuw, J.D.: Pocket PC 2003 personal certificate import utility (2004)
Ash, M., Dasgupta, M.: Security features in windows CE .NET (2003)
Corporation, M.: Embedded operating system development (2002)
Fratto, M.: Tutorial: Wireless security. Network Computing (2001)
OASIS: extensible access control markup language, XACML (2003)
Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, Cambridge (1995)
Almenárez, F., Marín, A., Campo, C., García, C.: Managing ad-hoc trust relationships in pervasive environments. In: Proceedings of the Workshop on Security and Privacy in Pervasive Computing SPPC (2004), http://www.vs.inf.ethz.ch/events/sppc04/program.html
Shafer, G.: A mathematical Theory of Evidence. Princeton University Press, Princeton (1976)
Jøsang, A.: The consensus operator for combinig beliefs. Artificial Intelligence Journal 141/1-2, 157–170 (2002)
Jøsang, A., Daniel, M., Vannoorenberghe, P.: Strategies for combining conflicting dogmatic beliefs. In: The proceedings of the 6th International Conference on Information Fusion (2003)
Jøsang, A.: An algebra for assessing trust in certification chains. In: Proceedings of the Network and Distributed Systems Security (NDSS 1999) Symposium, The Internet Society, San Diego (1999)
Campo, C., Marín, A., García, A., Díaz, I., Breuer, P., Delgado, C., García, C.: JCCM: flexible certificates for smartcards with java card. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, p. 34. Springer, Heidelberg (2001)
Almenárez, F., Campo, C.: SPDP: a secure service discovery protocol for ad-hoc networks. In: Workshop on Next Generation Networks - EUNICE (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Alménarez, F., Díaz, D., Marín, A. (2004). Secure Ad-Hoc mBusiness: Enhancing WindowsCE Security. In: Katsikas, S., Lopez, J., Pernul, G. (eds) Trust and Privacy in Digital Business. TrustBus 2004. Lecture Notes in Computer Science, vol 3184. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30079-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-30079-3_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22919-3
Online ISBN: 978-3-540-30079-3
eBook Packages: Springer Book Archive