Authentication, Authorization, and Protection for Mobile Computing Services

• Main Authors: Chern-tang Lin, 林宸堂
• Other Authors: Shiuh-Pyng Shieh
• Format: Others
• Language: zh-TW
• Published: 1999
• Online Access: http://ndltd.ncl.edu.tw/handle/15574715340405239675

博士 === 國立交通大學 === 資訊工程系 === 87 === As the development of communication and computer technologies, a global mobile computing network is forming where people can access various communication services, including audio, video, image, and data, anytime and anywhere. Due to the globality and mobility of new generation mobile computing networks, more and more applications are introduced for commerce, entertainment, personal assistant services, and so on. Security is the one of critical factors affecting the quality of mobile services. However, it is very difficult to give a total solution to all security problems. In this dissertation, we consider three critical security issues and propose the solutions. First, we discuss the security problems of establishing communication channels under different mobile environment restrictions. Then, the authorization of service contents carried through communication channels is studied. Finally, we investigate the protection of users'' private sensitive data stored in the service provider''s statistical database. To establish a secure communication channel for a mobile computing service, the design of an authentication protocol must take into consideration the restrictions of different environments. For the inter-domain on-line roaming environment, we propose a chain authentication scheme. This scheme takes less time and lower overhead on networks to establish a secure communication channel, and is suitable for all cellular mobile communication networks. For the off-line roaming environment, we propose an IC card-based billing scheme for credit card phone services. This scheme supports all necessary features, including authentication of users, confidentiality of data, anonymity of user''s identities, and non-repudiation of demanded services. The two schemes above are designed for the "strong connection" environment, in which the communication channel is always available during the service. We also propose a secure message exchange protocol for the "weak connection" environment. In this protocol, every message itself provides authentication, confidentiality, and integrity of message data. No authentication message is needed, even if the channel is often re-connected due to unreliable radio paths or limited spectrum bandwidth. Thus the overhead caused by the security mechanism is limited. Although the above security mechanisms can adopt encryption technologies to guarantee the confidentiality of service contents and avoid eavesdropping or modifying, some reusable service contents, such as mobile codes, still suffer from the piracy problem. We herein design a software authorization and protection model to protect valuable service contents (i.e. mobile codes) from being unauthorizedly copied or distributed by users. Finally, in order to protect the information of an individual, we propose an inference control scheme to protect service providers'' statistical databases against statistical analysis. With this scheme, the service provider''s database can provide statistical information of customers, and at the same time protect sensitive information (e.g. their addresses and monthly bills) of individuals from being disclosed.