Article

Securing Mobile Appliances: New Challenges for the System Designer

Authors:

Anand Raghunathan,

Sunil Hattangady,

Jean-Jacques QuisquaterAuthors Info & Claims

DATE '03: Proceedings of the conference on Design, Automation and Test in Europe - Volume 1

Page 10176

Published: 03 March 2003 Publication History

Abstract

As intelligent electronic systems pervade all aspects of our lives, capturing, storing, and communicating a wide range of sensitive and personal data, security is emerging as a critical concern that must be addressed in order to enable several current and future applications. Mobile appliances, which will play a critical role in enabling the visions of ubiquitous computing and communications, and ambient intelligence, are perhaps the most challenging to secure - they often rely on a public medium for (wireless) communications, are easily lost or stolen due to their small form factors and mobility, and are highly constrained in cost and size, as well as computing and battery resources. This paper presents an introduction to security concerns in mobile appliances, and translates them into challenges that confront system architects, HW engineers, and SW developers, including how to bridge the processing and battery gaps, efficient tamper-proofing of devices, content protection, etc. Recent innovations and emerging commercial technologies that address these issues are also highlighted. We envision that, for a large class of embedded systems, security considerations will pervade all aspects of system design, driving innovations in system architecture, software, circuits, and design methodologies.

References

[1]

{1} MeT PTD definition (version 1.1). Mobile Electronic Transactions Ltd. (http://www.mobiletransaction.org/), Feb. 2001.

[2]

{2} P. Flavin, Who needs a credit card when you have a mobile? http://www.btignitesolutions.com/insights/visionaries/ flavin_mobile.htm, (accessed Dec. 2002).

[3]

{3} ePaynews - Mobile Commerce Statistics. http://www.epaynews.com/ statistics/mcommstats.html.

[4]

{4} U. S. Department of Commerce, The Emerging Digital Economy II. http://www.esa.doc.gov/508/esa/ TheEmergingDigitalEconomyII.htm, 1999.

[5]

{5} World Wide Web Consortium, The World Wide Web Security FAQ. http://www.w3.org/Security/faq/www-security-faq.html, 1998.

[6]

{6} W. Stallings, Cryptography and Network Security: Principles and Practice. Prentice Hall, 1998.

Digital Library

[7]

{7} B. Schneier, Applied Cryptography: Protocols, Algorithms and Source Code in C. John Wiley and Sons, 1996.

Digital Library

[8]

{8} S. K. Miller, "Facing the Challenges of Wireless Security," IEEE Computer, vol. 34, pp. 46-48, July 2001.

Digital Library

[9]

{9} P. Ashley, H. Hinton, and M. Vandenwauver, "Wired versus wireless ecurity - The Internet, WAP and iMode for e-commerce," in Proc. 17th Annual Computer Security Applications Conf., Dec. 2001.

Digital Library

[10]

{10} Wireless Security Basics. Certicom (http://www.certicom.com/ about/pr/wireless_basics.html).

[11]

{11} S. Hattangady and C. Davis, Reducing the Security Threats to 2.5G and 3G Wireless Applications. Texas Instruments Inc. (http://focus.ti.com/ pdfs/vf/wireless/securitywhitepaper.pdf).

[12]

{12} S. Ravi, A. Raghunathan, and N. Potlapally, "Securing wireless data: System architecture challenges," in Proc. Intl. Symp. System Synthesis, pp. 195-200, October 2002.

Digital Library

[13]

{13} D. Boneh and N. Daswani, "Experimenting with electronic commerce on the PalmPilot," in Proc. Financial Cryptography, pp. 1-16, Feb. 1999.

Digital Library

[14]

{14} Cellular Digital Packet Data System Specification, Release 1.1. CDPD Forum, Jan. 1995.

[15]

{15} European Telecommunication Standard GSM 02.09. Digital Cellular Telecommunications System (Phase 2+): Security Aspects.

[16]

{16} C. Brookson, "GSM security: A description of the reasons for security and the techniques," in Proc. IEE Colloqium on Security and Cryptography Applications to Radio Systems, pp. 2/1-2/4, June 1994.

[17]

{17} IEEE 802.11 Wireless LAN Standards. IEEE 802.11 Working Group (http://grouper.ieee.org/groups/802/11/).

[18]

{18} Bluetooth security white paper. Bluetooth SIG Security Expert Group (http://www.bluetooth.com/), Apr. 2002.

[19]

{19} Y. Frankel, A. Herzberg, P. A. Karger, H. Krawczyk, C. A. Kunzinger, and M. Yung, "Security issues in a CDPD wireless network," IEEE Personal Communications, vol. 2, pp. 16-27, August 1995.

[20]

{20} S. Patel, "Weaknesses of North American wireless authentication protocol," IEEE Personal Communications, vol. 4, pp. 40-44, june 1997.

[21]

{21} J. R. Walker, Unsafe at any key size: An analysis of the WEP encapsulation. IEEE document 802.11-00/362 (http://grouper.ieee.org/groups/802/11/Documents/), Oct. 2000.

[22]

{22} N. Borisov, I. Goldberg, and D. Wagner, "Intercepting mobile communications: The insecurity of 802.11," in Proc. ACM Int. Conf. Mobile Computing and Networking, pp. 180-189, July 2001.

Digital Library

[23]

{23} W. A. Arbaugh, An inductive chosen plaintext attack against WEP/WEP2. IEEE document 802.11-01/230 (http://grouper.ieee.org/groups/802/11/Documents/), May 2001.

[24]

{24} A. Mehrotra and L. S. Golding, "Mobility and security management in the GSM system and some proposed future improvements," Proceedings of the IEEE, vol. 86, pp. 1480-1497, July 1998.

[25]

{25} ISAAC group, U. C. Berkeley, GSM cloning. http://www.isaac.cs.berkeley.edu/isaac/gsm.html.

[26]

{26} 3GPP Draft Technical Specification 33.102, 3G Security Architecture. http://www.3gpp.org.

[27]

{27} C. W. Blanchard, "Wireless security," BT Technology Journal (http://www.bt.com/bttj/), vol. 19, pp. 67-75, July 2001.

Digital Library

[28]

{28} Wireless Application Protocol 2.0 - Technical White Paper. WAP Forum (http://www.wapforum.org/), Jan. 2002.

[29]

{29} SSL 3.0 Specification. http://wp.netscape.com/eng/ssl3/.

[30]

{30} IPSec Working Group. http://www.ietf.org/html.charters/ipsec-charter.html.

[31]

{31} TLS Working Group. http://www.ietf.org/html.charters/tls-charter.html.

[32]

{32} Open Mobile Alliance. http://www.wapforum.org/what/technical.htm.

[33]

{33} Mobile Electronic Transactions. http://www.mobiletransaction.org/.

[34]

{34} Intel StrongARM SA-1110 Microprocessor Brief DataSheet. http://www. intel.com/design/strong/datashts/278241.htm.

[35]

{35} The DragonBall processor family. http://www.motorola.com.

[36]

{36} D. W. Carman, P. S. Krus, and B. J. Matt, "Constraints and approaches for distributed sensor network security," Tech. Rep. #00-010, NAI Labs, Network Associates, Inc., Glenwood, MD, Sept. 2000.

[37]

{37} K. Lahiri, A. Raghunathan, and S. Dey, "Battery-driven system design: A new frontier in low power design," in Proc. Joint Asia and South Pacific Design Automation Conf. / Int. Conf. VLSI Design, pp. 261-267, Jan. 2002.

Digital Library

[38]

{38} R. Anderson and M. Kuhn, "Tamper resistance - a cautionary note," 1996.

[39]

{39} R. Anderson and M. Kuhn, "Low cost attacks on tamper resistant devices," in IWSP: International Workshop on Security Protocols, LNCS, 1997.

Digital Library

[40]

{40} O. Kommerling and M. G. Kuhn, "Design principles for tamper-resistant smartcard processors," in Proc. USENIX Wkshp. on Smartcard Technology (Smartcard '99), pp. 9-20, May 1999.

Digital Library

[41]

{41} J. J. Quisquater and D. Samyde, "Side channel cryptanalysis," in Proc. of the SECI, pp. 179-184, 2002.

[42]

{42} D. Boneh, R. DeMillo, and R. Lipton, "On the importance of checking cryptographic protocols for faults," Springer-Verlag Lecture Notes in Computer Science (Proceedings of Eurocrypt'97), vol. 1233, pp. 37-51, 1997.

Digital Library

[43]

{43} E. Biham and A. Shamir, "Differential fault analysis of secret key cryptosystems," Lecture Notes in Computer Science, vol. 1294, pp. 513-525, 1997.

Digital Library

[44]

{44} P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," Springer-Verlag Lecture Notes in Computer Science, vol. 1666, pp. 388-397, 1999.

Digital Library

[45]

{45} J. J. Quisquater and D. Samyde, "Electromagnetic analysis (ema): Measures and counter-measures for smart cards," Lecture Notes in Computer Science (Smartcard Programming and Security), vol. 2140, pp. 200-210, 2001.

Digital Library

[46]

{46} W. van Eck, "Electromagnetic radiation from video display units: an eavesdropping risk?," Computers and Security, vol. 4, no. 4, pp. 269-286, 1985.

Digital Library

[47]

{47} P. C. Kocher, "Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems," Springer-Verlag Lecture Notes in Computer Science, vol. 1109, pp. 104-113, 1996.

Digital Library

[48]

{48} E. English and S. Hamilton, "Network security under siege: the timing attack," IEEE Computer, vol. 29, pp. 95-97, March 1996.

Digital Library

[49]

{49} D. Aucsmith, "Tamper Resistant Software: An Implementation," Information Hiding, Springer Lecture Notes in Computer Science, vol. 1174, pp. 317-333, 1986.

Digital Library

[50]

{50} M. Blum and S. Kannan, "Designing programs that check their work," in Proc. ACM Symposium on Theory of Computing, pp. 86-97, 1989.

Digital Library

[51]

{51} C. S. Collberg and C. Thomborson, "Watermarking, tamper-proofing, and obfuscation - tools for software protection," IEEE Transactions on Software Engineering, vol. 28, pp. 735-746, August 2002.

Digital Library

[52]

{52} OMAP Platform - Overview. Texas Instruments Inc. (http://www.ti.com/sc/omap).

[53]

{53} R. B. Lee, "Subword Parallelism with Max-2," IEEE Micro, vol. 16, pp. 51-59, Aug. 1996.

Digital Library

[54]

{54} Intel Corp., Enhancing Security Performance through IA-64 Architecture. http://developer.intel.com/design/security/rsa2000/itanium.pdf, 2000.

[55]

{55} R. B. Lee, Z. Shi, and X. Yang, "Efficient Permutations for Fast Software Cryptography," IEEE Micro, vol. 21, pp. 56-69, Dec. 2001.

Digital Library

[56]

{56} J. Burke, J. McDonald, and T. Austin, "Architectural Support for Fast Symmetric-Key Cryptography," in Proc. Intl. Conf. ASPLOS, pp. 178-189, Nov. 2000.

Digital Library

[57]

{57} SmartMIPS. http://www.mips.com.

[58]

{58} ARM SecurCore. http://www.arm.com.

[59]

{59} Cryptocell^TM. Discretix Technologies Ltd. (http://www.discretix.com).

[60]

{60} Safenet EmbeddedIP^TM. Safenet Inc. (http://www.safenet-inc.com).

[61]

{61} SLE 88 family. Infineon Technologies (http://www.infineon.com).

[62]

{62} ST19 smart card platform family. STMicroelectronics Inc. (http://www.st.com).

[63]

{63} Mobey Forum. http://www.mobeyforum.org/.

[64]

{64} Mobile Payment. http://www.mobilepaymentforum.org/.

[65]

{65} Consortium for efficient embedded security. http://www.ceesstandards.org/.

[66]

{66} S. Ravi, A. Raghunathan, N. Potlapally, and M. Sankaradass, "System Design Methodologies for a Wireless Security Processing Platform," in Proc. ACM/IEEE Design Automation Conf., pp. 777-782, June 2002.

Digital Library

[67]

{67} N. Potlapally, S. Ravi, A. Raghunathan, and G. Lakshminarayana, "Optimizing Public-Key Encryption for Wireless Clients," in Proc. IEEE Int. Conf. Communications, pp. 1050-1056, May 2002.

[68]

{68} N. Potlapally, S. Ravi, A. Raghunathan, and G. Lakshminarayana, "Algorithm exploration for efficient public-key security processing on wireless handsets," in Proc. Design, Automation, and Test in Europe (DATE) Designers Forum, pp. 42-46, Mar. 2002.

Cited By

Inoue MOgawa T(2017)One tap owner authentication on smartphonesProceedings of the 15th International Conference on Advances in Mobile Computing & Multimedia10.1145/3151848.3151853(22-28)Online publication date: 4-Dec-2017
https://dl.acm.org/doi/10.1145/3151848.3151853
Kim MLee DRyou J(2013)Compact and unified hardware architecture for SHA-1 and SHA-256 of trusted mobile computingPersonal and Ubiquitous Computing10.1007/s00779-012-0543-017:5(921-932)Online publication date: 1-Jun-2013
https://dl.acm.org/doi/10.1007/s00779-012-0543-0
Kim MRyou JJun S(2009)Efficient Hardware Architecture of SHA-256 Algorithm for Trusted Mobile ComputingInformation Security and Cryptology10.1007/978-3-642-01440-6_19(240-252)Online publication date: 29-Apr-2009
https://dl.acm.org/doi/10.1007/978-3-642-01440-6_19
Show More Cited By

Index Terms

Securing Mobile Appliances: New Challenges for the System Designer
1. Applied computing
  1. Physical sciences and engineering
    1. Electronics
2. Computer systems organization
  1. Architectures
    1. Other architectures
      1. Special purpose systems

Recommendations

Emerging challenges in designing secure mobile appliances
Ambient intelligence

Realizing the visions of ubiquitous computing and communications, and ambient intelligence will require modern electronic and computing systems to pervade all aspects of our everyday lives. These systems are used to capture, manipulate, store and ...
Securing mobile ad hoc networks
The handbook of ad hoc wireless networks

The vision of nomadic computing with its ubiquitous access has stimulated much interest in the Mobile Ad Hoc Networking (MANET) technology. These infrastructureless, self-organized networks, which either operate autonomously or as an extension to the ...
An enhanced security framework for home appliances in smart home

Since the end of 2000, smartphones have explosively spread and have made people's lives plentiful. With the start of smartphones, new smart devices, including tablet PCs, smart TVs, smart refrigerators, and smart air conditioners, have emerged, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

DATE '03: Proceedings of the conference on Design, Automation and Test in Europe - Volume 1

March 2003

1112 pages

ISBN:0769518702

Sponsors

SIGDA: ACM Special Interest Group on Design Automation

Publisher

IEEE Computer Society

United States

Publication History

Published: 03 March 2003

Check for updates

Qualifiers

Article

Conference

DATE03

Sponsor:

SIGDA

DATE03: Design, Automation, and Test in Europe 2003

March 3 - 7, 2003

Acceptance Rates

Overall Acceptance Rate 518 of 1,794 submissions, 29%

Upcoming Conference

DATE '25

Sponsor:
sigda

Design, Automation and Test in Europe

March 31 - April 2, 2025

Lyon , France

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
1,236
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 02 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Inoue MOgawa T(2017)One tap owner authentication on smartphonesProceedings of the 15th International Conference on Advances in Mobile Computing & Multimedia10.1145/3151848.3151853(22-28)Online publication date: 4-Dec-2017
https://dl.acm.org/doi/10.1145/3151848.3151853
Kim MLee DRyou J(2013)Compact and unified hardware architecture for SHA-1 and SHA-256 of trusted mobile computingPersonal and Ubiquitous Computing10.1007/s00779-012-0543-017:5(921-932)Online publication date: 1-Jun-2013
https://dl.acm.org/doi/10.1007/s00779-012-0543-0
Kim MRyou JJun S(2009)Efficient Hardware Architecture of SHA-256 Algorithm for Trusted Mobile ComputingInformation Security and Cryptology10.1007/978-3-642-01440-6_19(240-252)Online publication date: 29-Apr-2009
https://dl.acm.org/doi/10.1007/978-3-642-01440-6_19
Hillenbrand DHenkel JKyung CChoi KHa S(2008)Block cache for embedded systemsProceedings of the 2008 Asia and South Pacific Design Automation Conference10.5555/1356802.1356885(322-327)Online publication date: 21-Jan-2008
https://dl.acm.org/doi/10.5555/1356802.1356885
Thoguluva JRaghunathan AChakradhar SSciuto D(2008)Efficient software architecture for IPSec acceleration using a programmable security processorProceedings of the conference on Design, automation and test in Europe10.1145/1403375.1403656(1148-1153)Online publication date: 10-Mar-2008
https://dl.acm.org/doi/10.1145/1403375.1403656
Dacosta IMehta NMetrock EGiffin J(2008)Security Analysis of an IP PhonePrinciples, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks10.1007/978-3-540-89054-6_12(236-255)Online publication date: 23-Oct-2008
https://dl.acm.org/doi/10.1007/978-3-540-89054-6_12
Chen CChen CLiu LHorng GGuizani MChen HZhang X(2007)A server-aided signature scheme for mobile commerceProceedings of the 2007 international conference on Wireless communications and mobile computing10.1145/1280940.1281061(565-570)Online publication date: 12-Aug-2007
https://dl.acm.org/doi/10.1145/1280940.1281061
Ashkenazi AAkselrod D(2007)Platform independent overall security architecture in multi-processor system-on-chip integrated circuits for use in mobile phones and handheld devicesComputers and Electrical Engineering10.1016/j.compeleceng.2007.05.00333:5-6(407-424)Online publication date: 1-Sep-2007
https://dl.acm.org/doi/10.1016/j.compeleceng.2007.05.003

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten