Mobility and Spatio-Temporal Exposure Control
Exposure Control as a Primary Security and Privacy Tool Regarding Mobility, Roaming Privacy and Home Control
DOI:
https://doi.org/10.13052/jcsm2245-1439.144Keywords:
exposure control, vulnerability, risk, identity privacy, location privacy, home control, mobility, cloud, roaming privacyAbstract
Modern risk assessment methods cover many issues and encompass both risk analysis and corresponding prevention/mitigation measures.However, there is still room for improvement and one aspect that may benefit from more work is “exposure control”.The “exposure” an asset experiences plays an important part in the risks facing the asset.Amongst the aspects that all too regularly get exposed is user identities and user location information,and in a context with mobile subscriber and mobility in the service hosting (VM migration/mobility) the problems associated with lost identity/location privacy becomes urgent.In this paper we look at “exposure control” as a way for analyzing and protecting user identity and user location data.
Downloads
References
ETSI, TS 102 165-1. Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Methods and protocols; Part 1: Method and proforma for Threat, Risk, Vulnerability Analysis. March 2011.
ETSI, TS 102 165-2. Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Methods and protocols; Part 2: Protocol Framework Definition; Security Counter Measures. February 2007.
G. M. Køien. Entity Authentication and Personal Privacy in Future Cellular Systems.River Publisher, Aalborg, Denmark, 2009.
G. M. Køien. An introduction to access security in UMTS. IEEE Wireless Communications, 11(1): 8–18, February 2004.
G. Rose and G. M. Køien. Access security in CDMA2000, including a comparison with UMTS access security. IEEE Wireless Communications, 11(1): 19–25, February 2004.
3GPP. TS 23.003 Technical Specification Group Core Network and Terminals; Numbering, addressing and identification. 3GPP, December 2012.
3GPP. TS 23.203 Policy and charging control architecture. 3GPP, December 2012.
3GPP. TS 33.102 3G security; Security architecture. 3GPP, December 2012.
3GPP. TS 33.210 3G security; Network Domain Security (NDS); IP network layer security. 3GPP, December 2012.
3GPP. TS 33.401 3GPP System Architecture Evolution (SAE); Security architecture.3GPP, December 2012.
3GPP. TS 43.020 Security related network functions. 3GPP, December 2012.
D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2): 198—208, March 1983.
M. Blaze, W. Diffe, R. Rivest, B. Schneier, T. Shimomura, E. Thompson, and M. Wiener.Minimal key lengths for symmetric ciphers to provide adequate commercial security.Report of Ad Hoc Panel of Cryptographers and Computer Scientists, January 1996.Available fromhttp://www.crypto.com/papers/.
N. Smart (Ed.). ECRYPT II Yearly Report on Algorithms and Keysizes (2010–2011)ECRYPT II NoE, ICT-2007-216676, Deliverable D.SPA.17, Rev.1, June 2011.
R. Anderson. Why cryptosystems fail.In Proceedings of the 1st ACM Conference on Computer and Communications Security (CCS’93). ACM Press, 1993.
B. Schneier. Beyond Fear: Thinking Sensibly about Security in an Uncertain World.Springer, 2003.
D. Florˆencio and C. Herley. Where do all the attacks go? Microsoft Research, Technical Report 2011-74, 2011. Available fromhttp://research.microsoft.com/pubs/149885/WhereDoAllTheAttacksGo.pdf.
D. Pavlovic. Gaming security by obscurity. In Proceedings of the 2011 Workshop on New Security Paradigms Workshop (NSPW 2011), 2011.
The rising cost of identity theft for consumer. In Bucks Blog, New York Times,2011/02/09, 2011.
Fighting fraud together; A strategic plan to reduce fraud, 12 October 2011. Home Office,UK, 2011.
S. Kent and K. Seo. RFC 4301: Security architecture for the Internet protocol. IETF RFC4301, December 2005.
G. M. Køien and V. A. Oleshchuk. Spatio-temporal exposure control: An investigation of spatial home control and location privacy preserving issues. In Proceedings of the 14thIEEE International Symposium on Personal, Indoor and Mobile Radio Communications(PIMRC 2003), Beijing, China, 7–10 September, pp 2760–2764. IEEE Press, 2003.
D. Erickson et al. A demonstration of virtual machine mobility in an Open Flow Network.In Proceedings of ACM SIGCOMM’08, 17–22 August 2008.
E. A ̈ımeur and D. Sch ̈onfeld. The ultimate invasion of privacy: Identity theft. In Proceedings of the Ninth Annual International Conference on Privacy, Security and Trust(PST11), Monteral, Canada, August 2011.
Office of the Information and Privacy Commissioner of Ontario. In Privacy by Design:Time to Take Control.www.privacybydesign.ca, Ontario, Canada, January 2011.
G. M. Køien. Privacy enhanced device access. In Proceedings of MobiSec 2011,Aalborg, Denmark, May 2011.
G. M. Køien. Privacy enhanced cellular access security. In Proceedings of the 2005 ACMWorkshop on Wireless Security, pp. 57–66, Cologne, Germany, September 2005.
G. M. Køien and V. A. Oleshchuk. Location privacy for cellular systems; Analysis andsolution. PET 2005, Cavtat, Croatia, LNCS, Vol. 3856. Springer, 2005.
V. A. Oleshchuk and G. M. Køien. Security and privacy in the cloud; A long-term view.In Proceedings of Wireless VITAE, pp. 1–5, 2011.
ISO, ISO/IEC 11990-1 Information technology – Trusted Platform Module – Part 1:Overview, 2009.
N. Ulltveit-Moe, V. A. Oleshchuk, and G. M. Køien. Location-aware mobile intrusion detection with enhanced privacy in a 5G context. Wireless Personal Communications, 57(3), 2010.
A. Schwartz. Privacy and security identity management and privacy: A rare opportunity to get it right. Communications of the ACM, 54(6): 22–25, June 2011.
C. Boyd and A. Mathuria. Protocols for Authentication and Key Establishment. SpringerVerlag, 2003.
L. Rajbhandari and E. Snekkenes. Intended actions: Risk is conflicting incentives. In Proceedings of the 15th International Information Security Conference (ISC 2012), LNCS,Vol. 7483, pp. 370–386. Springer, 2012.
